SUPPORT

Contact Support

OPEN A TICKET

Integrating Netsparker Enterprise with GitLab CI/CD

GitLab is a web-based Git repository manager that provides CI/CD pipeline features, enabling you to add CI configuration to your source control repository using just one file.

You can integrate Netsparker Enterprise with GitLab using cURL or PowerShell scripts, generated by our Integration Script Generator. This topic explains how to generate and use cURL scripts to integrate Netsparker Enterprise with GitLab in order to enable our advanced integration functionality.

For further information, see What Systems Does Netsparker Integrate With?.

Generating and Using Netsparker Enterprise’s GitLab Integration Scripts

Netsparker Enterprise uses cURL and PowerShell command-line tools to integrate with GitLab. These scripts have been tested and approved for GitLab version 9+. In order to integrate with Netsparker Enterprise, GitLab Runner’s execution environment must support cURL or PowerShell.

How to Generate Netsparker Enterprise's GitLab Integration Scripts

  1. Log in to Netsparker Enterprise.
  2. From the main menu, go to Integrations > New Integration > GitLab CI/CD

  1. From the Integration Script Generator section, select the relevant Scan Settings:
    • From the Scan Type field, select an option.
    • From the Website drop-down, select a website.
    • From the Scan Profile drop-down, select a scan profile (this is not displayed if you select Full with Primary Profile as the Scan Type).
    • Enable the Stop the scan if the Build fails, if required.
    • Enable the Fail the Build if one of the selected scan severity is detected, if required. (For further information, see Using Build Fail in GitLab Project.)
  1. In the cURL field, select Copy to copy the cURL script. (You will then paste this into the file described in the next How to.)

Using Build Fail in GitLab Project

It is possible to configure a failure in the GitLab build to stop the scan when a vulnerability severity is detected for pipeline projects.

The build fail parameters operate in the AND logic. To fail a build, all selected parameters have to be met. For instance, if you select Critical from the severity drop-down and select the Confirmed checkbox, the build fails only if these two conditions are met.

This can be configured using the Severity, Confirmed, False Positive, and Accepted Risk parameters.

  1. Scan Severity: With this option, you choose which severity will fail this build when found in a related scan. If you choose “DoNotFail”, the detected vulnerability does not affect your GitLab build.

The options for Scan Severity are:

  • DoNotFail
  • Critical
  • High or above
  • Medium or above
  • Low or above
  • Best Practice or above
  1. Confirmed: With this option, you choose to fail this build when a vulnerability found in a related scan is confirmed.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the Is Confirmed checkbox, the build fails only if the vulnerability has medium or higher severity and that vulnerability is confirmed. Otherwise, the build continues.

  1. False Positive: With this option, you choose not to fail this GitLab build when the scan identifies a vulnerability set as a False Positive.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the False Positive checkbox, the build will not fail if the vulnerability has medium or higher severity and that vulnerability is false positive. Otherwise, the build fails.

  1. Accepted Risk: With this option, you choose not to fail this GitLab build when the scan identifies a vulnerability set as an Accepted Risk.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the Accepted Risk checkbox, the build will not fail if the vulnerability has medium or higher severity and that vulnerability is accepted risk. Otherwise, the build fails.

How to Use Netsparker Enterprise's GitLab Integration Script

  1. Log in to your GitLab account.
  2. Navigate to your GitLab Project window.
  3. Select Settings > CI / CD.
  4. Expand the Variables section. Add your Netsparker Enterprise API credentials as USERID and APITOKEN variables.
  5. Paste the copied script (from the previous How to) into your .gitlab-ci.yml file, as shown in the example. Then select Commit changes.

You can copy and paste the cURL script below into your .yml file and use it as an example.

ScanJob:
  script: |-
    curl -u "$USERID:$APITOKEN" -X POST https://www.netsparkercloud.com/api/1.0/scans/CreateFromPluginScanRequest -H 'Content-Type: application/json' -d "{'WebsiteId': 'dd402bac-9602-4545-d238-a9f302b7f81b', 'ScanType': 'FullWithPrimaryProfile', 'VcsCommitInfoModel': {'CiBuildConfigurationName' : '$CI_PROJECT_NAME', 'CiBuildHasChange': '$CI_COMMIT_SHA', 'CiBuildId': '$CI_PIPELINE_ID', 'CiBuildServerVersion': '$CI_SERVER_VERSION', 'CiBuildUrl': '$CI_PROJECT_URL', 'Committer': '$GITLAB_USER_EMAIL', 'IntegrationSystem': 'GitLab', 'VcsName': 'Git', 'VcsVersion': '$CI_COMMIT_SHA'}}"

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo