{"id":20159737,"url":"https://github.com/nowsecure/gitlabci","last_synced_at":"2025-03-03T02:25:03.546Z","repository":{"id":142394218,"uuid":"314322624","full_name":"nowsecure/gitlabci","owner":"nowsecure","description":null,"archived":false,"fork":false,"pushed_at":"2020-12-15T18:14:04.000Z","size":1237,"stargazers_count":3,"open_issues_count":0,"forks_count":3,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-01-13T13:49:11.211Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nowsecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-19T17:33:22.000Z","updated_at":"2023-09-18T01:24:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"27bc715b-0c93-4039-bd63-d405df5b9a43","html_url":"https://github.com/nowsecure/gitlabci","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fgitlabci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fgitlabci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fgitlabci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fgitlabci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nowsecure","download_url":"https://codeload.github.com/nowsecure/gitlabci/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241597541,"owners_count":19988268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T00:09:54.886Z","updated_at":"2025-03-03T02:25:03.541Z","avatar_url":"https://github.com/nowsecure.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NowSecure GitLab CI\n\nThis is the source repository to build the docker image available at https://hub.docker.com/repository/docker/nowsecure/gitlab-ci to be used within GitLab CI. \n\nThis image gives you the ability to perform automatic mobile app security testing for Android and iOS mobile apps through the NowSecure test engine.\n\n## Summary\n\nPurpose-built for mobile app teams, NowSecure provides fully automated, mobile appsec testing coverage (static+dynamic+behavioral tests) optimized for the dev pipeline. Because NowSecure tests the mobile app binary post-build from Gitlab, it can test software developed in any language and provides complete results including newly developed code, 3rd party code, and compiler/operating system dependencies. With near zero false positives, NowSecure pinpoints real issues in minutes, with developer fix details, and routes tickets automatically into ticketing systems, such as Jira. NowSecure is frequently used to perform security testing in parallel with functional testing in the dev cycle. Requires a license for and connection to the NowSecure software.\n https://www.nowsecure.com\n\n## Getting Started\n\n### Access token\nGenerate token as described in https://nowsecurehelp.zendesk.com/hc/en-us/articles/360034149691 (Note: customer sign in is required to access this resource). This token will be specified by environment variable `NOWSECURE_TOKEN`.\n\n### Required Environment variables\n\n- `NOWSECURE_GROUP=default_group` - Specifies group for your account\n- `NOWSECURE_TOKEN=Access_Token` - Specifies token from your Platform account\n- `NOWSECURE_BINARY_FILE=default_binary` - Path to Android apk or IOS ipa - this file must be mounted via volume for the access\n\n**Note**: We recommend using secured environment variables in Gitlab to specify `NOWSECURE_GROUP` and `NOWSECURE_BINARY_FILE` values.\n\n### Optional Environment variables\n\nFollowing are optional parameters that can be set from environment variables:\n\n- `NOWSECURE_MIN_WAIT=nn (default 30)` - Default max wait in minutes for the mobile analysis\n- `NOWSECURE_MIN_SCORE=nn (default 50)` - Minimum score the app must have otherwise it would fail\n- `NOWSECURE_ARTIFACTS_DIR=/home/gradle/artifacts` - Specifies artifacts directory where json files are stored\n\n\n## Creating a Gitlab-CI Pipeline:\nHere is a sample config that you can save under `.gitlab-ci.yml` in your mobile project. Please read https://docs.gitlab.com/ee/ci/pipelines/pipeline_architectures.html for more information on Gitlab Pipeline.\n```yaml\nnowsecure:\n  stage: test\n  image: nowsecure/gitlab-ci:latest\n  variables:\n    NOWSECURE_BINARY_FILE: test.apk\n  script:\n    - nowsecure.sh\n\nstages:\n  - build\n  - test\n  - deploy\n\nimage: alpine\n\nbuild_a:\n  stage: build\n  script:\n    - echo \"Building....\"\n\ntest_a:\n  stage: test\n  script:\n    - echo \"Testing...\"\n\ndeploy_a:\n  stage: deploy\n  script:\n    - echo \"Deploying...\"\n```\n\n## Adding Environment variables in Gitlab Pipeline\nSelect Settings option from your Gitlab project and then jump to `Variables` section to add environment variables for your pipeline, e.g.\n\n![Gitlab Environment Add Variable](/images/gitlab_1a.png)\n\n![Gitlab Environment Variables](/images/gitlab_2a.png)\n\n\n## Submitting CI/CD Submitting Pipeline\nThe CI/CD will be run when you check-in new changes or you can select CI/CD option from your Gitlab project and then click on `Run Pipeline` to submit a pipeline, e.g. \n\n![Submit Pipeline](/images/gitlab_3.png)\n\n![View Pipeline](/images/gitlab_4.png)\n\n## Verifying the Build\nUpon completion of CI/CD job, you will see a score of your mobile app. Note: you can configure your build to fail the CI/CD job when score is below a configurable miniumum value, e.g.\n\n![View Score](/images/gitlab_5.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnowsecure%2Fgitlabci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnowsecure%2Fgitlabci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnowsecure%2Fgitlabci/lists"}