A sample project based on Unity is available on GitLab. This example uses a minimal base docker image and the Java Thin Client, as the Unity scanner does not require any special tooling, as this scanner reads directly the manifest files of the project ( manifest.json and packages-lock.json) to produce the bill of materials and detect any vulnerable or out of date component.
The YAML configuration for this pipeline is straightforward:
Note that we are using the OpenJdk mini image, which we need to run a Java program. Then we simply download the Meterian Java Thin client and we run it with Java at the root of the project. Note that we collect the project branch and the project commits from the GitLab pipeline variables (see the official GitLab reference).
Note also that, in the case of Unity, we have to explicitly enable the Unity scanner engine (--scan-unity=true) and, at the same time, disable the NodeJS scanner (--scan-nodejs=false).