GitLab Pipeline

Common Build Integration Documentation

This documentation is specific to Gitlab. documentation should be reviewed before proceeding further.

Environment Variables

Environment variable values can be found in your .

• THREATRIX_OID - Your organization ID.

• THREATRIX_EID - Your entityID (if you wish to override your default).

• THREATRIX_API_KEY - Personal or organization API key.

Install Environment Variables

From within Gitlab, navigate to Settings -> CI/CD -> Variables, as shown below.

Click "Add Variable" to add THREATRIX_OID and THREATRIX_API_KEY and optionally, a THREATRIX_EID for which the API key has permissions to create projects.

Option 1: Add CLI Threat Agent

threatrix-scan:
  script:
    - curl -LJO https://github.com/threatrix/threat-agent-dist/releases/download/latest/threat-agent.jar
    - java -jar threat-agent.jar .
  only:
    - merge_requests

Option 2: Add Docker Threat Agent Step to Build

In Gitlab, in the repository you wish you run your scan, create a .gitlab-ci.yml file and add the following contents.

threatrix-scan:
  image: gitlab/dind
  script:
    - printenv > host.env
    - docker run -v $(pwd):/app --env-file=host.env threatrix/threat-agent ./
  only:
    - merge_requests