added Gitlab examples

suskind · suskind · commit 8ea53110deea · 2025-03-01T00:07:16.000Z
diff --git a/README.md b/README.md
@@ -56,6 +56,28 @@ Create a GitHub action using the following YAML examples:
 
 ----
 
+## Gitlab
+
+Create a `.gitlab-ci.yml` file using the following YAML examples:
+
+### Running a scan on an **ephemeral** application in **blocking mode** (requires the `scanning-agent/farcasterd-linux-amd64-0.4.3` file)
+
+  - [YAML file](./cicd-examples/gitlab/gitlab-ephemeral-app-blocking-mode.yaml)
+  - Configuration:
+    - ![Gitlab config](./assets/gitlab-ephemeral-config.png)
+
+### Running a scan on a **remote** target in **blocking mode**
+  - [YAML file](./cicd-examples/gitlab/gitlab-remote-app-blocking-mode.yaml)
+  - Configuration
+    - ![Gitlab config](./assets/gitlab-remote-config.png)
+
+### Running a scan on a **remote** target in **non-blocking mode**
+  - [YAML file](./cicd-examples/gitlab/gitlab-remote-app-non-blocking-mode.yaml)
+  - Configuration
+    - ![Gitlab config](./assets/gitlab-remote-config.png)
+
+---- 
+
 ## BitBucket
 
 Create a `bitbucket-pipelines.yml` file using the following YAML examples:
diff --git a/assets/gitlab-ephemeral-config.png b/assets/gitlab-ephemeral-config.png
diff --git a/assets/gitlab-remote-config.png b/assets/gitlab-remote-config.png
diff --git a/cicd-examples/gitlab/gitlab-ephemeral-app-blocking-mode.yaml b/cicd-examples/gitlab/gitlab-ephemeral-app-blocking-mode.yaml
@@ -0,0 +1,109 @@
+stages:
+  - build-and-test
+
+build-and-test:
+  stage: build-and-test
+  image: docker:latest
+  services:
+    - docker:dind
+  variables:
+    DOCKER_HOST: tcp://docker:2375
+  script:
+    - apk add --no-cache curl jq python3 py3-pip
+    - python3 -m venv venv
+    - source ./venv/bin/activate
+    # Install Probely CLI
+    - pip install probely
+    - probely targets get --api-key ${PROBELY_API_KEY}
+
+    - docker network create custom-network
+
+    - docker build -t test-app . 
+    - docker run --name test-app --hostname custom-web-app --network custom-network -p 0.0.0.0:8080:8080 -d test-app
+
+    - cat /etc/hosts # current /etc/hosts
+    
+    - CONTAINER_IP=$(grep -i 'docker' /etc/hosts | head -1 | awk '{print $1}')
+    - echo "Container IP from /etc/hosts is $CONTAINER_IP"
+    - echo "${CONTAINER_IP} ${TARGET_HOSTNAME} ${TARGET_HOSTNAME}." | tee -a /etc/hosts  # Add to /etc/hosts
+    - cat /etc/hosts  # Confirm host was added
+
+    - |
+      for i in {1..10}; do  # Wait for the app to start
+        if curl -s ${TARGET_URL} > /dev/null; then
+          echo "App is up!";
+          break;
+        fi
+        echo "Waiting for the app to be ready...";
+        sleep 2;
+      done
+
+    # Test the application
+    - RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" ${TARGET_URL})
+    - |
+      if [[ "$RESPONSE" -ne 200 ]]; then
+        echo "App test failed with HTTP status ${RESPONSE}";
+        exit 1;
+      fi
+    - curl -s -i ${TARGET_URL}
+    - echo "App test passed with HTTP status ${RESPONSE}";
+
+    # Run userspace agent
+    - chmod +x scanning-agent/farcasterd-linux-amd64-0.4.3 
+    - ./scanning-agent/farcasterd-linux-amd64-0.4.3 --token ${AGENT_TOKEN} &
+
+    # Wait for the agent to start
+    - sleep 40
+
+    # Start Scan
+    - |
+      for i in {1..20}; do  # Start Probely scan
+        echo "-----------------------------------"
+        SCAN_ID=$(probely targets start-scan ${TARGET_ID} -o IDS_ONLY --api-key ${PROBELY_API_KEY})
+        echo ${SCAN_ID}
+        if [[ -z "${SCAN_ID}" ]]; then
+          echo "Scan didn't start... Retry start-scan"
+        else
+          echo "Scan started with SCAN ID ${SCAN_ID}";
+          break;
+        fi
+        sleep 5
+      done
+    - |
+      if [[ -z "${SCAN_ID}" ]]; then
+        echo "No Scan ID, aborting..."
+        exit 1
+      fi
+
+    # Wait for scan to end
+    - |
+      while true; do
+        echo "-----------------------------------"
+        SCAN_OUTPUT=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} | tail -1)
+        echo ${SCAN_OUTPUT}
+        echo "-----------------------------------"
+        SCAN_STATUS=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} -o JSON | jq -r '.[0].status')
+        if [[ "$SCAN_STATUS" == "started" ]] || [[ "$SCAN_STATUS" == "queued" ]]; then
+          echo "Scan is running or queued!";
+        else
+          echo "Scan is not running... finishing"
+          break;
+        fi
+        sleep 30;
+      done
+
+    # Check for high vulnerabilities
+    - HIGH_VULNS=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} -o JSON | jq -r '.[0].highs')
+    - echo "HIGH vulnerabilities  ${HIGH_VULNS}"
+    - |
+      if [[ "$HIGH_VULNS" -gt 0 ]]; then
+        echo "Scan has High vulnerabilities... aborting"
+        exit 1
+      else
+        echo "Scan doesn't have high vulnerabilities"
+      fi
+
+    # Clean up
+    - docker stop test-app
+    - docker rm test-app
+    - docker network rm custom-network
diff --git a/cicd-examples/gitlab/gitlab-remote-app-blocking-mode.yaml b/cicd-examples/gitlab/gitlab-remote-app-blocking-mode.yaml
@@ -0,0 +1,54 @@
+stages:
+  - scan
+
+scan:
+  stage: scan
+  image: python:3.11-bullseye
+  script:
+    - apt-get update && apt-get install -y jq
+    # Install Probely CLI
+    - pip install probely
+    - probely targets get --api-key ${PROBELY_API_KEY}
+    - |
+      for i in {1..20}; do
+        echo "-----------------------------------"
+        SCAN_ID=$(probely targets start-scan ${TARGET_ID} -o IDS_ONLY --api-key ${PROBELY_API_KEY})
+        echo ${SCAN_ID}
+        if [[ -z "$SCAN_ID" ]]; then
+          echo "Scan didn't start... Retry start-scan"
+        else
+          echo "Scan started with SCAN ID ${SCAN_ID}";
+          break;
+        fi
+        sleep 5
+      done
+      if [[ -z "$SCAN_ID" ]]; then
+        echo "No Scan ID, aborting..."
+        exit 1
+      fi
+
+    - |
+      while true; do
+        echo "-----------------------------------"
+        SCAN_OUTPUT=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} | tail -1)
+        echo ${SCAN_OUTPUT}
+        echo "-----------------------------------"
+        SCAN_STATUS=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} -o JSON | jq -r '.[0].status')
+        if [[ "$SCAN_STATUS" == "started" ]] || [[ "$SCAN_STATUS" == "queued" ]]; then
+          echo "Scan is running or queued!";
+        else
+          echo "Scan is not running... finishing"
+          break;
+        fi
+        sleep 30;
+      done
+
+    - HIGH_VULNS=$(probely scans get ${SCAN_ID} --api-key ${PROBELY_API_KEY} -o JSON | jq -r '.[0].highs')
+    - echo "HIGH risk vulnerabilities ${HIGH_VULNS}"
+    - |
+      if [[ "$HIGH_VULNS" -gt 0 ]]; then
+        echo "Scan has High risk vulnerabilities... aborting"
+        exit 1
+      else
+        echo "Scan doesn't have High risk vulnerabilities"
+      fi
diff --git a/cicd-examples/gitlab/gitlab-remote-app-non-blocking-mode.yaml b/cicd-examples/gitlab/gitlab-remote-app-non-blocking-mode.yaml
@@ -0,0 +1,26 @@
+stages:
+  - scan
+
+scan:
+  stage: scan
+  image: python:latest
+  script:
+    - pip install probely
+    - probely targets get --api-key ${PROBELY_API_KEY}
+    - |
+      for i in {1..20}; do
+        echo "-----------------------------------"
+        SCAN_ID=$(probely targets start-scan ${TARGET_ID} -o IDS_ONLY --api-key ${PROBELY_API_KEY})
+        echo ${SCAN_ID}
+        if [[ -z "$SCAN_ID" ]]; then
+          echo "Scan didn't start... Retry start-scan"
+        else
+          echo "Scan started with SCAN ID: ${SCAN_ID}";
+          break;
+        fi
+        sleep 5
+      done
+      if [[ -z "$SCAN_ID" ]]; then
+        echo "No Scan ID, aborting..."
+        exit 1
+      fi
