Skip to main content

GitLab Cloud Procedure

Setting up the Integration and Initiating a Scan

To integrate your GitLab organization with Checkmarx One, perform the following:

  1. In the Applications and Projects home page, click on New > New Project - Code Repository Integration.

    Code_Repo_Integration.png

    The Import From window opens.

  2. Select Cloud-hosted >GitLab >Next.

    Image_082.png

  3. For first-time use, click Authorize checkmarx-ast

    Image_076.png

    Enter your authentication code to confirm access, and then click Verify.

    6428295198.png

  4. Select the GitLab User/Organization or Group (for the requested repository) and click Select Organization.

    The screen contains the following functionalities:

    • Search bar - Users need to type at least 3 characters of the organization name (GitLab limitation). The search is not case sensitive.

    • Infinite scroll - For enterprises with a large amount of organizations.

    Note

    In case you selected GitLab User skip step 5.

    Image_088.png

  5. Select Repositories inside the GitLab organization and click Select Repositories.

    If the organization contains active repositories, suggested repos will be presented and selected automatically. For additional information see Suggested Repositories.

    Note

    • A separate Checkmarx One Project will be created for each repo that you import.

    • There can’t be more than one Checkmarx One Project per repo. Therefore, once a Project has been created for a repo, that repo is greyed out in the Import dialog.

    Image_089.png

  6. In the Repositories Settings screen, if you would like to adjust the default settings, configure the following and click Next.

    Note

    If multiple repositories are selected, click All Repositories Settings to apply changes to all of them. To adjust settings for a specific repository, click that repository’s name.

    Image_129.png

    • Expand the Permissions Settings:

      • Scan Trigger: Push, Pull request - Automatically trigger a scan when a push event or pull request is done in your SCM. (Default: On)

      • Pull Request Decoration - Automatically send the scan results summary to the SCM. (Default: On)

      • SCA Auto Pull Request - Automatically send PRs to your SCM with recommended changes in the manifest file, in order to replace the vulnerable package versions. (Default: Off)

    • Expand the Scanner Settings: and enable the toggle for each scanner you want to use (SAST, SCA, IaC Security, Container Security, API Security, OSSF Scorecard, Secret Detection) for your repositories. At least 1 scanner must be selected for each repository.

    • Protected Branches: Select which Protected Branches to scan for each repository.

      Note

      For additional information about Protected Branches see About Protected Branches

    • Add SSH key.

    • Assign Tags: Add Tags to the Project. Tags can be added as a simple strings or as key:value pairs.

    • Set Criticality Level: Manually set the project criticality level.

      Image_090.png

  7. In the Select Branches screen you can decide whether to enable the "Scan the default Branch upon the creation of the project" feature.

    Next, Select which Protected Branches you want to scan for each Repository and click Create Project.

    Note

    For additional information about Protected Branches see About Protected Branches

    Image_130.png

  8. The Project is successfully created in the Applications and Projects home page, and the scan is initiated.

    GitHub_scan_initiated.png

    Note

    In order to update the scanners see Imported Project Settings

In this section: