integrations_gitlabci.md
March 13, 2024 ยท View on GitHub
Integrate KICS with GitLab CI
You can integrate KICS into your GitLab CI/CD pipelines.
This provides you the ability to run KICS scans in your GitLab repositories and streamline vulnerabilities and misconfiguration checks to your infrastructure as code (IaC).
Full Example
image:
name: checkmarx/kics:latest
entrypoint: [""]
stages:
- kics
kics-scan:
stage: kics
script:
- kics scan --no-progress -p ${PWD} -o ${PWD} --report-formats json --output-name kics-results
artifacts:
name: kics-results.json
paths:
- kics-results.json
when: always
Example Results
When your pipeline executes, it will run this job. If KICS finds any issues, it will fail the build.
Pipeline Failure
Pipeline Success
Download Artifact
Using GitLab SAST Reports
image:
name: checkmarx/kics:latest
entrypoint: [""]
stages:
- kics
kics-scan:
stage: kics
script:
- kics scan -p ${PWD} --ignore-on-exit all --report-formats glsast -o ${PWD} --output-name kics-results
artifacts:
reports:
sast: gl-sast-kics-results.json
when: always
Example results
Pipeline SAST report integration
๐ ย This feature requires Gitlab Ultimate.
Code Quality integration
It is possible to get code quality report with Kics scan, see the example:
image:
name: checkmarx/kics:latest
entrypoint: [""]
stages:
- test
code_quality:
stage: test
script:
- kics scan --no-progress -p ${PWD} -o ${PWD} --report-formats codeclimate --output-name codeclimate-result
artifacts:
paths:
- codeclimate-result.json
reports:
codequality: codeclimate-result.json
Code Quality Report
