How to integrate into the GitLab Security Dashboard
As a GitLab Ultimate subscriber you have access to the Security Dashboards and Security Center features. You can then employ Meterian as your main security scanner to view trends about vulnerabilities detected in your groups and projects.
- curl -o /tmp/meterian-cli.jar -O -J -L -s https://www.meterian.com/downloads/meterian-cli.jar
- java -jar /tmp/meterian-cli.jar --report-gitlab=gitlab_report.json || true
To ensure the results of the scan are uploaded the overall pipeline must succeed. This is why the scan job shown above has the attribute
allow_failureset to true and has the exit code of the client invocation overridden with the expression
|| true. This will render it a non blocking job.
The client is instructed to generate GitLab-compatible results in the form of a JSON report (
--report-gitlab=gitlab_report.json). The report is later uploaded to GitLab for browsing in the Security Dashboards