Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with GitLab Pipeline will be demonstrated.
After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.
To run Mobb within GitLab, select “GitLab”.
You will be presented with a sample GitLab yaml script that you can use within a GitLab pipeline. This particular example uses Checkmarx as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice. \
# This example utilizes Mobb with Checkmarx via GitLab CI/CD pipelines
image:
name: "node:latest"
stages:
- checkmarx-sast-scan
- mobb-autofixer
workflow: # Run on every merge request
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_PIPELINE_SOURCE == 'web'
checkmarx-sast-scan-job:
stage: checkmarx-sast-scan
tags:
- saas-linux-medium-amd64
script:
- wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.61/ast-cli_2.0.61_linux_x64.tar.gz -O checkmarx.tar.gz
- tar -xf checkmarx.tar.gz
- ./cx configure set --prop-name cx_apikey --prop-value $CX_API_KEY
- ./cx configure set --prop-name cx_base_auth_uri --prop-value $CX_BASE_AUTH_URI
- ./cx configure set --prop-name cx_base_uri --prop-value $CX_BASE_URI
- ./cx configure set --prop-name cx_tenant --prop-value $CX_TENANT
- ./cx scan create --project-name "My-Sample-Project" -s ./ --report-format json --scan-types sast --branch nobranch --threshold "sast-high=1"
artifacts:
paths:
- "*.json"
when: always
mobb-autofixer-job:
stage: mobb-autofixer
tags:
- saas-linux-medium-amd64
script:
- npx mobbdev@latest analyze -f cx_result.json -r $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY
when: on_failure # Run Mobb only if there's a finding to fix
For a demonstration of how this integration works, you can visit the following YouTube video:
You can find the GitLab sample integration used in the video here.
