Product Documentation
Product Documentation
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Visual Studio Code
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Why might my scan be failing?
Can’t load code snippets?
Clean security report?
Account Settings
Permissions
Project Settings
Project Tokens
Security Gates
Reporting
Powered by GitBook

GitLab

Integrating Reshift with GitLab.

You can run a Reshift scan in your GitLab Pipeline to automate security scanning on every code check-in. This makes it easy to detect and remediate security bugs before making them to deployment.

1. Secure Your Token

In your GitLab Project CI\CD settings you will find "variables". Here you can secure your token by creating a key and adding the Reshift token value found in your Reshift project settings.

2. Configure Your GitLab Project

At the base directory of your code repository, add a .gitlab-ci.yml pipeline configuration file by navigating to "Web IDE". Here you can choose a template that supports your language (in this case Maven) and configure it to run a Reshift scan.

Add the command line found in your Reshift project settings along with the secure token to pull and run Reshift scans. A Maven example can be found below:

mvn compile com.softwaresecured.reshift:maven-plugin:LATEST:analyse com.softwaresecured.reshift:maven-plugin:LATEST:upload -Dreshift.token=$RESHIFT_TOKEN

3. Run It

Run it, once the job is complete, your project scan results will appear on your Reshift dashboard.

If you have any more questions, please email us at [email protected]!

Integrations - Previous
Jenkins
Next - Analysis Engine
Java Security Rules
Last updated 10 months ago
Contents
1. Secure Your Token
2. Configure Your GitLab Project
3. Run It