GitLab Pipeline

Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with GitLab Pipeline will be demonstrated.

After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.

To run Mobb within GitLab, select “GitLab”.

You will be presented with a sample GitLab yaml script that you can use within a GitLab pipeline. This particular example uses Checkmarx as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice. \

# This example utilizes Mobb with Checkmarx via GitLab CI/CD pipelines

image:
  name: "node:latest"

stages:
  - checkmarx-sast-scan
  - mobb-autofixer

workflow: # Run on every merge request
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
    - if: $CI_PIPELINE_SOURCE == 'web'

checkmarx-sast-scan-job:
  stage: checkmarx-sast-scan
  tags:
    - saas-linux-medium-amd64
  script:
    - wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.61/ast-cli_2.0.61_linux_x64.tar.gz -O checkmarx.tar.gz
    - tar -xf checkmarx.tar.gz
    - ./cx configure set --prop-name cx_apikey --prop-value $CX_API_KEY
    - ./cx configure set --prop-name cx_base_auth_uri --prop-value $CX_BASE_AUTH_URI
    - ./cx configure set --prop-name cx_base_uri --prop-value $CX_BASE_URI
    - ./cx configure set --prop-name cx_tenant --prop-value $CX_TENANT
    - ./cx scan create --project-name "My-Sample-Project" -s ./ --report-format json --scan-types sast --branch nobranch  --threshold "sast-high=1"
  artifacts:
    paths:
    - "*.json"
    when: always

mobb-autofixer-job:
  stage: mobb-autofixer
  tags:
    - saas-linux-medium-amd64
  script:
    - npx mobbdev@latest analyze -f cx_result.json -r $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY
  when: on_failure # Run Mobb only if there's a finding to fix

For a demonstration of how this integration works, you can visit the following YouTube video:

You can find the GitLab sample integration used in the video here.

PreviousGitHub Fixer for Opengrep NextGitLab SAST - Semgrep Analyzer

Last updated 1 year ago

Was this helpful?