Integrating CI/CD with CLI: GitLab

You can now initiate online scans effortlessly using the new CLI command. Here's how:

Method 1: Scanning Repositories Using Our Cluster

To scan your repository using our cluster, execute:

cdefense online

Options:

cdefense online --api-key={} --repository-url={} --branch-name={} --tag={}

(Ensure you have the environment variable SCAN_URL set to https://console.clouddefenseai.com)

Example:

cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=example --branch-name=example --tag=example

(Ensure you have the environment variable SCAN_URL set to https://console.clouddefenseai.com)

The command will return an exit status of 1 if the build policy fails.

Scanning Private Repositories:

We also support scanning private repositories. To accomplish this, provide the API key related to the account where the integration is configured or provide an access token into the repository URL:

• GitHub: https://{private-access-token}@github.com/username/repo.git

• GitLab:

  • Using OAuth2: https://oauth2:{personal-access-token}@gitlab.com/username/repo.git

  • Using Username and Password: https://{username}:{password}@gitlab.com/username/repo.git

• Azure Repo: https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo

• Bitbucket: https://{username}:{access_token}@bitbucket.org/username/repo.git

Example Output:

Without Verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado

2022/07/15 16:59:52 [INFO] Connecting to server...

2022/07/15 16:59:53 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization

2022/07/15 16:59:53 [INFO] Running full online scan...

2022/07/15 17:01:19 [INFO] Scan was finished

2022/07/15 17:01:19 [INFO] Build policy status: FAILURE

Failed build policy results:

 /app/pom.xml : java_maven:

- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1

- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1

[INFO] Scan started at 16:59:52 finished at 17:01:19

[INFO] Total scan time: 1m27s

With Verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose

2022/07/15 17:00:16 [INFO] Connecting to server...

2022/07/15 17:00:16 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization

2022/07/15 17:00:17 [INFO] Running full online scan...

2022/07/15 17:01:43 [INFO] Scan was finished

2022/07/15 17:01:43 [INFO] Build policy status: FAILURE

{

  "/app/pom.xml : java_maven": {

    "failureBuildPolicyResults": [

      {

        "message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",

        "rule": {

          "operand": "CWE",

          "operator": "PART_OF_OWASP",

          "value": "Injection"

        },

        "count": 1

      },

      {

        "message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",

        "rule": {

          "operand": "TITLE",

          "operator": "CONTAINS",

          "value": "inje"

        },

        "count": 1

      }

    ],

    "passedBuildPolicyResults": [

      {

        "message": "Success",

        "rule": {

          "operand": "CRITICAL_SEVERITY_COUNT",

          "operator": "GREATER_THAN",

          "value": "1"

        },

        "count": 1

      },

      {

        "message": "Success",

        "rule": {

          "operand": "CWE",

          "operator": "PART_OF_OWASP",

          "value": "Broken Authentication"

        },

        "count": 0

      },

      {

        "message": "Success",

        "rule": {

          "operand": "CWE_ID",

          "operator": "CONTAINS",

          "value": "264"

        },

        "count": 0

      }

    ]

  }

}

[INFO] Scan started at 17:00:16 finished at 17:01:43

[INFO] Total scan time: 1m27s

Method 2: Scanning Repository on Your System, Downloading Repo from External (Any Git)

Example:

cdefense clidocker --api-key={} --scan-url=https://console.clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={} --tag={}

Method 3: Scanning Repository on Your System, Copying Project from Your PC

Example:

cdefense clidocker --api-key={} --scan-url=https://console.clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --repo-url=https://github.com/scalesec/vulnado --branch={} --tag={}

(This command will push data to console.clouddefenseai.com)