GitLab Runner

Overview

A GitLab Runner is used to run CI/CD jobs and send the results back to GitLab. It is used in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab that coordinates the jobs.

Integrating Bridgecrew with a GitLab Runner makes it possible for Bridgecrew to scan your Infrastructure-as-code files (Terraform and CloudFormation), review scan results in a number of formats, display Incidents on the Console and, optionally, cause a build to fail.

In Bridgecrew

Get API Token

From Integrations, select API Token and copy the API key. Save the key in a Gitlab environment variable.

In GitLab

Add a new job in the .gitlab-ci.yml file in your repository as part of whichever stage is appropriate for you.

stages:
- validate

bridgecrew:
	image:
		name: bridgecrew/bridgecrew:latest
		entrypoint:
			- '/usr/bin/env'
    		- 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
	stage: validate
	script:
		- bridgecrew -d . --bc-api-key $BC_API_KEY --repo-id $CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME --branch $CI_COMMIT_REF_NAME -s
		- bridgecrew -d . -o junitxml > bridgecrew.xml
	artifacts:
		paths:
			- bridgecrew.xml
		reports:
			junit: bridgecrew.xml

Arguments

<bc_api_key> - Bridgecrew issued API key (for more details, see Get API Token
<repo_id> - the ID of the repo, for example: bridgecrewio/terragoat
- the name of the branch scanned. If it is not specified, value will be master