GitLab Integration
Install App
On the Integrations page, click on GitLab to start integration
Under install app, provide the gitlab organisation name and click on Proceed to install button.
After clicking on Proceed to install button the organisation name you will be navigated to gitlab website asking for read access. For that click on Authorize.
Active Branches
Under active branches, specify the branch name as shown in the image.
By clicking on the save button, the branch name that you gave will be saved.
API Key
If you've created API Key previously you can click on Skip or else you can create a new API Key.
Provide a name to your API Key that your about to create and click on Generate API key
A new API Key will be generated that will be shown once, so store it with you confidentially.
Clicking on Next will take you to code scan section.
Code Scan
The code scan can be done in two ways
- Workflows
- On-premise runner
GitLab workflow
Select GitLab workflow to configure DuckDefender in GitLab by adding the yml file, that you need to download from the flyingduck portal for Libraries and Secrets information.
Download DuckDefender
After selecting GitLab workflow, then click the Download. This will download the gitlab-ci.yml file which looks like this.
# Version: '2.1.2'
image: docker:stable
services:
- docker:dind
variables:
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TAG: "flyingduckio/duckdefender:latest"
FD_API_KEY: "$FD_API_KEY"
stages:
- build_and_run
DuckDefender:
stage: build_and_run
script:
# Check if Docker is installed and its version
- docker --version
# Try to pull the Docker image
- docker pull $DOCKER_TAG
# Run the Docker container
- docker run -e FD_API_KEY="$FD_API_KEY" -e CI_COMMIT_SHA="$CI_COMMIT_SHA" -e CI_COMMIT_BRANCH="$CI_COMMIT_BRANCH" -e CI_COMMIT_BEFORE_SHA="$CI_COMMIT_BEFORE_SHA" -e CI_COMMIT_AUTHOR="$CI_COMMIT_AUTHOR" -v $CI_PROJECT_DIR:/src "$DOCKER_TAG"
# Define the jobs for specific branches
main:
only:
- main
extends: DuckDefender
After adding the file you should commit. Based on which branch you've commited, if the branch is included in the given file, the respective data like libraries, secrets will be sent to FlyingDuck portal.
Custom Branch
If you want to commit to the custom branch like feature/* or bug/* and to check the findings of that branch then include that specific branch into the branches in duckdefender.yaml file.
# Triggers the workflow on push events but only for the all the critical branches
on:
push:
branches: [ "master", "main", "release", "develop" , "feature/*" , "bug/*"]Troubleshoot
The debug option is used to understand what is happening within a particular command. If you need to troubleshoot, include this command LOG_LEVEL="debug" in the file.
image: docker:stable
services:
- docker:dind
variables:
DOCKER_TAG: "flyingduckio/duckdefender:latest"
FD_API_KEY: "$FD_API_KEY"
stages:
- build_and_run
DuckDefender:
stage: build_and_run
script:
# Check if Docker is installed and its version
- docker --version
# Try to pull the Docker image
- docker pull $DOCKER_TAG
# Run the Docker container
- docker run -e FD_API_KEY="$FD_API_KEY" -e LOG_LEVEL="debug" -e CI_COMMIT_BRANCH="$CI_COMMIT_BRANCH" -e CI_COMMIT_BEFORE_SHA="$CI_COMMIT_BEFORE_SHA" -e CI_COMMIT_AUTHOR="$CI_COMMIT_AUTHOR" -v $CI_PROJECT_DIR:/src "$DOCKER_TAG"
# Define the jobs for specific branches
main:
only:
- main
extends: DuckDefenderOn-premise Runner
Refer this for
On-premise Runner
Automated Scan
After selecting the scanning option, enable the checkbox to automatically scan the code upon each commit. This functionality is available only when a runner is configured and active.
