GitLab Integration

Install App

On the Integrations page, click on GitLab to start integration

organisation name

Under install app, provide the gitlab organisation name and click on Proceed to install button.

organisation name

After clicking on Proceed to install button the organisation name you will be navigated to gitlab website asking for read access. For that click on Authorize.

Authorization

organisation name

Active Branches

Under active branches, specify the branch name as shown in the image.

Integration successful

By clicking on the save button, the branch name that you gave will be saved.

Integration successful

API Key

If you've created API Key previously you can click on Skip or else you can create a new API Key.

Provide a name to your API Key that your about to create and click on Generate API key

Integration successful

A new API Key will be generated that will be shown once, so store it with you confidentially.

Integration successful

Clicking on Next will take you to code scan section.

Code Scan

The code scan can be done in two ways

  • Workflows
  • On-premise runner

Authorization

GitLab workflow

Select GitLab workflow to configure DuckDefender in GitLab by adding the yml file, that you need to download from the flyingduck portal for Libraries and Secrets information.

Authorization

Download DuckDefender

After selecting GitLab workflow, then click the Download. This will download the gitlab-ci.yml file which looks like this.

gitlab-ci.yml
image: docker:stable
 
services:
  - docker:dind
 
variables:
  DOCKER_TAG:  "flyingduckio/duckdefender:latest"
  FD_API_KEY: "$FD_API_KEY"
 
stages:
  - build_and_run
 
DuckDefender:
  
  stage: build_and_run
  script:
    # Check if Docker is installed and its version  
    - docker --version
 
    # Try to pull the Docker image
    - docker pull $DOCKER_TAG
 
    # Run the Docker container
    - docker run -e FD_API_KEY="$FD_API_KEY"
    -e CI_COMMIT_BRANCH="$CI_COMMIT_BRANCH"
    -e CI_COMMIT_BEFORE_SHA="$CI_COMMIT_BEFORE_SHA"
    -e CI_COMMIT_AUTHOR="$CI_COMMIT_AUTHOR"
    -v $CI_PROJECT_DIR:/src "$DOCKER_TAG"
 
# Define the jobs for specific branches
main:
  only:
    - main
  extends: DuckDefender

After adding the file you should commit. Based on which branch you've commited, if the branch is included in the given file, the respective data like libraries, secrets will be sent to FlyingDuck portal.

Custom Branch

If you want to commit to the custom branch like feature/* or bug/* and to check the findings of that branch then include that specific branch into the branches in duckdefender.yaml file.

DuckDefender.yml
 
# Triggers the workflow on push events but only for the all the critical branches
on:
  push:
    branches: [ "master", "main", "release", "develop" , "feature/*" , "bug/*"]

Troubleshoot

The debug option is used to understand what is happening within a particular command. If you need to troubleshoot, include this command LOG_LEVEL="debug" in the file.

gitlab-ci.yml
  image: docker:stable
 
  services:
    - docker:dind
 
  variables:
    DOCKER_TAG:  "flyingduckio/duckdefender:latest"
    FD_API_KEY: "$FD_API_KEY"
 
  stages:
    - build_and_run
 
  DuckDefender:
    
    stage: build_and_run
    script:
      # Check if Docker is installed and its version  
      - docker --version
 
      # Try to pull the Docker image
      - docker pull $DOCKER_TAG
 
      # Run the Docker container
      - docker run -e FD_API_KEY="$FD_API_KEY"
      -e LOG_LEVEL="debug"
      -e CI_COMMIT_BRANCH="$CI_COMMIT_BRANCH"
      -e CI_COMMIT_BEFORE_SHA="$CI_COMMIT_BEFORE_SHA"
      -e CI_COMMIT_AUTHOR="$CI_COMMIT_AUTHOR"
      -v $CI_PROJECT_DIR:/src "$DOCKER_TAG"
 
  # Define the jobs for specific branches
  main:
    only:
      - main
    extends: DuckDefender

On-premise Runner

Grant Read Access to the workspace


Refer this for On-premise Runner