GitLab CI Pipeline Generator
Create secure GitLab CI/CD pipelines with integrated security scanning and best practices.
What is GitLab CI?
GitLab CI/CD is a built-in continuous integration and delivery tool for GitLab. It allows you to automate your software development workflows, from building and testing to deploying your application. GitLab CI/CD is configured by a file called .gitlab-ci.yml placed at the repository's root.
Security Features
GitLab SAST
Use GitLab's built-in Static Application Security Testing to analyze your source code for known vulnerabilities.
GitLab Dependency Scanning
Automatically analyze your dependencies for known vulnerabilities using GitLab's dependency scanning.
GitLab Container Scanning
Scan your Docker images for known vulnerabilities using GitLab's container scanning.
GitLab Secret Detection
Detect secrets and credentials in your repository using GitLab's secret detection.
Sample Pipeline
stages:
- test
- build
- security
- deploy
variables:
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
# Run unit tests
unit_tests:
stage: test
image: node:18-alpine
script:
- npm ci
- npm test
artifacts:
paths:
- coverage/
reports:
junit: junit.xml
# Build the application
build:
stage: build
image: node:18-alpine
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
# Build Docker image
docker_build:
stage: build
image: docker:20.10.16
services:
- docker:20.10.16-dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $DOCKER_IMAGE .
- docker push $DOCKER_IMAGE
# OWASP ZAP Scan
zap_scan:
stage: security
image: owasp/zap2docker-stable
script:
- mkdir -p /zap/wrk/
- zap-baseline.py -t https://your-staging-app.example.com -g gen.conf -r zap-report.html
artifacts:
paths:
- zap-report.html
# Deploy to staging
deploy_staging:
stage: deploy
image: alpine:latest
script:
- echo "Deploying to staging environment"
- echo "Deployment successful"
environment:
name: staging
url: https://staging.example.com
only:
- main
# Deploy to production
deploy_production:
stage: deploy
image: alpine:latest
script:
- echo "Deploying to production environment"
- echo "Deployment successful"
environment:
name: production
url: https://example.com
when: manual
only:
- mainGetting Started
- Create a .gitlab-ci.yml file in the root of your repository
- Configure your pipeline using our generator to include the security scans you need
- Set up CI/CD variables in your GitLab project settings for any secrets or configuration values
- Commit and push your .gitlab-ci.yml file to trigger the pipeline
- Review security findings in the GitLab Security Dashboard and address any issues