GitLab CI/CD

This page explains how you can integrate HoundDog.ai's code scanner with GitLab CI/CD pipelines.

Defining the Required CI/CD Variables

First, follow the steps in API Keys to generate a HoundDog.ai API key. Then follow the steps in the GitLab documentation to create a masked CI/CD variable named HOUNDDOG_API_KEY with the value of your key.

GitLab allows you to define CI/CD variables at multiple levels (e.g., instance, group, project). Here is an example screenshot showing how to create a project-level CI/CD variable:

Defining the Scan Job in .gitlab-ci.yml

Next, add a new job in the .gitlab-ci.yml file in your project. Here is an example which scans your repository and uploads the results to HoundDog.ai Cloud Platform:

.gitlab-ci.yml
Copy

Note that we did not explicitly reference the HOUNDDOG_API_KEY variable in the YAML configuration above. GitLab automatically injects them into the build environment for us.

Here is another example for GitLab Ultimate users who prefer to manage their vulnerabilities in GitLab's vulnerability report instead of HoundDog.ai Cloud Platform:

.gitlab-ci.yml
Copy

Blocking the Pipeline Upon Detecting Vulnerabilities

In the examples above, we have been using allow_failure: true to ignore any errors from the scanner. To fail the pipeline upon detecting vulnerabilities, change allow_failure to false and provide the --fail-severity-threshold option to the hounddog scan command:

.gitlab-ci.yml
Copy

To view all available command-line options for the hounddog scan command, see Scanner Configuration.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Jenkins Pipeline

© 2023 HoundDog.ai, Inc. All rights reserved.

On This Page
GitLab CI/CDDefining the Required CI/CD VariablesDefining the Scan Job in .gitlab-ci.ymlBlocking the Pipeline Upon Detecting Vulnerabilities