Updated gitlab docs (#54)

ShiftLeftSecurity · Jul 29, 2020 · 88bce99 · 88bce99
1 parent 47bb3d3
commit 88bce99
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 2 deletions.
diff --git a/docs/integrations/gitlab.md b/docs/integrations/gitlab.md
@@ -1,6 +1,8 @@
-## Integration with Gitlab CI
+# Integration with GitLab CI
 
-ShiftLeft Scan scanning is available for all GitLab CI users including the free users. Simply add the below section to your `.gitlab-ci.yml` file
+ShiftLeft Scan is available for all GitLab CI users including the free users. In addition, it is possible to configure scan to add notes/comments to merge requests.
+
+Simply add the below section to your `.gitlab-ci.yml` file
 
 ```yaml
 job:
@@ -22,6 +24,8 @@ scan:
     name: shiftleft/sast-scan
   script:
     - scan --src ${CI_PROJECT_DIR} --type credscan,python,depscan --out_dir ${CI_PROJECT_DIR}/reports
+  rules:
+    - when: always
   artifacts:
     name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
     paths:
@@ -42,9 +46,56 @@ scan:
     name: shiftleft/sast-scan
   script:
     - scan --build --src ${CI_PROJECT_DIR} --type credscan,java,depscan --out_dir ${CI_PROJECT_DIR}/reports
+  rules:
+    - when: always
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
+    paths:
+      - $CI_PROJECT_DIR/reports/
+    when: always
+```
+
+## Merge Request comment feature
+
+
+Set the following Repository variables to enable merge request notes/comment feature.
+
+- `SCAN_ANNOTATE_PR` to `true`
+- GITLAB_TOKEN - Personal access token belonging to a user with `api` scope. Best is to create a separate build user and a token
+- GITHUB_TOKEN - To enable dependency and licence scanning
+
+Below are the full configuration and example screenshots:
+
+```yaml
+variables:
+  GITHUB_TOKEN: $GITHUB_TOKEN
+  GITLAB_TOKEN: $GITLAB_TOKEN
+  SCAN_ANNOTATE_PR: "true"
+
+scan:
+  stage: test
+  image:
+    name: shiftleft/sast-scan:gl-insights
+  script:
+    - scan --src ${CI_PROJECT_DIR} --type python,depscan --out_dir ${CI_PROJECT_DIR}/reports
+  rules:
+    - when: always
   artifacts:
     name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
     paths:
       - $CI_PROJECT_DIR/reports/
     when: always
 ```
+
+![GitLab Merge Request](img/gitlab-mr.png)
+
+To customize the message used for the comment, create a .sastscanrc file in the repo as suggested [here](tips.md) with the below config.
+
+```json
+{
+  "PR_COMMENT_TEMPLATE": "## ShiftLeft Scan Summary\n%(summary)s\n## Recommendation\n%(recommendation)s\n"
+}
+```
+
+- summary - Summary Table
+- recommendation - One liner recommendation string (Hardcoded for now)
diff --git a/docs/integrations/img/gitlab-mr.png b/docs/integrations/img/gitlab-mr.png