GitLab Runner

Overview

A GitLab Runner is used to run CI/CD jobs and send the results back to GitLab. It is used in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab that coordinates the jobs.

Integrating Bridgecrew with a GitLab Runner makes it possible for Bridgecrew to scan your Infrastructure-as-code files (Terraform and CloudFormation), review scan results in a number of formats, display Incidents on the Console and, optionally, cause a build to fail.

In Bridgecrew

Get API Token

From Integrations, select API Token and copy the API key. Save the key in a Gitlab environment variable.

In GitLab

Add a new job in the .gitlab-ci.yml file in your repository as part of whichever stage is appropriate for you.

stages:
- validate

bridgecrew:
    image:
        name: bridgecrew/bridgecrew:latest
        entrypoint:
            - '/usr/bin/env'
            - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
    stage: validate
    script:
        - bridgecrew -d . --bc-api-key $BC_API_KEY --repo-id $CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME --branch $CI_COMMIT_REF_NAME -s
        - bridgecrew -d . -o junitxml > bridgecrew.xml
    artifacts:
        paths:
            - bridgecrew.xml
        reports:
            junit: bridgecrew.xml

Arguments

<bc_api_key> - Bridgecrew issued API key (for more details, see Get API Token
<repo_id> - the ID of the repo, for example: bridgecrewio/terragoat
- the name of the branch scanned. If it is not specified, value will be master


Did this page help you?