Fortinet white logo
Fortinet white logo

User Guide

GitLab

GitLab

Following is a sample code segment that can be configured in gitlab-ci.yml file to perform a SAST scan using Shell executor provided by the GitLab Runner.

Note: Make sure to update the parameters in the sample code according to your environment before using it.

SAST:
  stage: build
  script:
    - env_file=`mktemp`
    - env | grep -E "GITLAB_CI|CI_BUILD_ID|CI_DEFAULT_BRANCH|CI_COMMIT_SHA|CI_PIPELINE_IID" > $env_file
    - docker run --pull always --rm --env-file $env_file --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest
    - rm $env_file
  tags:
    - devsecops

Following is a sample code segment that can be configured in gitlab-ci.yml file to perform a DAST scan using Shell executor provided by the GitLab Runner.

DAST:
  stage: build
  script:
    - env_file=`mktemp`
    - env | grep -E "GITLAB_CI|CI_BUILD_ID|CI_DEFAULT_BRANCH|CI_COMMIT_SHA|CI_PIPELINE_IID" > $env_file
    - docker run --pull always --rm --env-file $env_file --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest
    - rm $env_file
  tags:
    - devsecops

GitLab

GitLab

Following is a sample code segment that can be configured in gitlab-ci.yml file to perform a SAST scan using Shell executor provided by the GitLab Runner.

Note: Make sure to update the parameters in the sample code according to your environment before using it.

SAST:
  stage: build
  script:
    - env_file=`mktemp`
    - env | grep -E "GITLAB_CI|CI_BUILD_ID|CI_DEFAULT_BRANCH|CI_COMMIT_SHA|CI_PIPELINE_IID" > $env_file
    - docker run --pull always --rm --env-file $env_file --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest
    - rm $env_file
  tags:
    - devsecops

Following is a sample code segment that can be configured in gitlab-ci.yml file to perform a DAST scan using Shell executor provided by the GitLab Runner.

DAST:
  stage: build
  script:
    - env_file=`mktemp`
    - env | grep -E "GITLAB_CI|CI_BUILD_ID|CI_DEFAULT_BRANCH|CI_COMMIT_SHA|CI_PIPELINE_IID" > $env_file
    - docker run --pull always --rm --env-file $env_file --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest
    - rm $env_file
  tags:
    - devsecops