Gitlab CI/CD Component
Last updated
Last updated
This Gitlab CI/CD component integrates to conduct vulnerability scans on your Gitlab projects. Sec1 is a powerful tool that helps identify security vulnerabilities within your codebase.
To use Sec1 in your workflow, you need to obtain an API key. Follow these steps:
Navigate to Sec1 Website:
Visit and log in using your SCM credentials.
Generate API Key:
In the "Settings" section, locate the "API key" and click on "Generate API key."
Copy the API Token:
Copy the generated API token.
Add API Key in Gitlab Project Environment Variables:
Add the copied API key to your Gitlab Project as Environment Vairable . Refer to for creating environment variable at project level.
Use the key as SEC1_API_KEY. In the value field, copy the Sec1 API token.
Sec1 recommends masking the variable and, if you use protected variables, protecting it.
Below is an example of using the Sec1 Security component in your Gitlab CICD pipeline. This example runs the Sec1 scan in test stage.
In your repository, create .gitlab-ci.yml. Copy below code in .gitlab-ci.yml file to add Sec1 Security.
Sec1 scan supports setting up threshold values. If the scan reports vulnerabilities exceeding the specified thresholds, Sec1 Security will mark the build as failed. You can set threshold values for different severities such as critical, high, medium, and low.
You can configure threshold at Gitlab project level, set an environment variable SEC1_SCAN_THRESHOLD as key and in the value you can use one severity keys to define threshold.
Example :
SEC1_API_KEY
Your Sec1 API Key
SEC1_SCAN_THRESHOLD
critical=0 high=0 medium=0 low=0
In your repository, create .gitlab-ci.yml. Copy below code in .gitlab-ci.yml file to add Sec1 Security.
Now, your Gitlab project is set up to leverage Sec1 for continuous security checks in your projects.