Links

Set up GitLab CICD

Integrating oak9 with GitLab CI/CD makes it possible for oak9 to scan Infrastructure-as-code files (Terraform), review scan results in a number of formats and display incidents on the Console. There are two ways to have the runners on gitlab configured with oak9, via a docker image or using our latest CLI binary.

GitLab Pipeline Using oak9 CLI via Docker Image

  1. 1.
    Create Project in GitLab that contains your terraform in SCM. GitLab Create Project
  2. 2.
    follow these docs to set up a pipeline in your project. GitLab Create Pipeline
  3. 3.
    Set all environment variables for your project. GitLab Set Variables See Figure Below
  1. 4.
    Create a .gitlab-ci.yml file and paste the following
variables:
OAK9_PROJECT: $OAK9_PROJECT
OAK9_API_KEY: $OAK9_API_KEY
image:
name: oak9/cli
entrypoint: [""]
script:
- oak9 scan --directory ./terraform-code/ -p $OAK9_PROJECT -k $OAK9_API_KEY --maximum-severity critical
  1. 5.
    If you would like to fail your pipeline if there are any Critical design gaps found you can now use the --maximum-severity flag. Allowed values are none (default), low, moderate, high, and critical. If this is set, the CLI will stop if it encounters design gaps that are at or above the maximum-severity level you set and end with exit code
Please see the below table for a complete list of exit codes: See Figure Below

GitLab Pipeline Using oak9 CLI Binary

  1. 1.
    Follow all steps indicated above in creating a project, pipeline and setting variables.
  2. 2.
    Create a .gitlab-ci.yml file and paste the following. The version can be updated based on our CLI release cycles found here
#Set the version of the oak9 cli you would like to run and set project and key vars
variables:
OAK9_PROJECT: $OAK9_PROJECT
OAK9_API_KEY: $OAK9_API_KEY
VERSION: "0.11.19"
run-oak9:
script:
- wget https://github.com/oak9io/oak9.cli-public/raw/master/binaries/iac-linux-$VERSION.zip
- unzip iac-linux-$VERSION.zip -d /usr/bin
- oak9 scan --directory terraform-code -p $OAK9_PROJECT -k $OAK9_API_KEY --maximum-severity moderate