https://github.com/seqra/seqra-gitlab
GitLab CI template for automated security scanning
https://github.com/seqra/seqra-gitlab
Last synced: 4 months ago
JSON representation
GitLab CI template for automated security scanning
- Host: GitHub
- URL: https://github.com/seqra/seqra-gitlab
- Owner: seqra
- License: mit
- Created: 2025-08-30T22:41:25.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2026-02-02T09:06:49.000Z (5 months ago)
- Last Synced: 2026-02-02T22:24:09.685Z (5 months ago)
- Homepage:
- Size: 23.4 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Seqra GitLab CI template
Run [Seqra](https://github.com/seqra/seqra) static code analysis in your GitLab CI pipelines.
Generates a SARIF report for code scanning integration or further processing.
### Quick Start
### Scan
> **Note:** This template runs on **Linux x86\_64** environments and requires **Docker-in-Docker**.
### Example: Run Seqra
```yaml
include:
- remote: https://raw.githubusercontent.com/seqra/seqra-gitlab/refs/heads/main/seqra.gitlab-ci.yml
stages:
- analysis
seqra-job:
extends: .seqra-template
variables:
PROJECT_ROOT: "."
```
### All Inputs
```yaml
include:
- remote: https://raw.githubusercontent.com/seqra/seqra-gitlab/refs/heads/main/seqra.gitlab-ci.yml
stages:
- analysis
seqra-job:
extends: .seqra-template
variables:
# Relative path to the root of the analyzed project
PROJECT_ROOT: "."
# Tag of seqra release
SEQRA_VERSION: "v2.4.0"
# Comma-separated paths to rule files or directories (e.g., "rules/custom.yml,rules/extra")
RULES_PATH: "builtin"
# Comma-separated severity levels to report: note, warning, error
SEVERITY: "warning,error"
# Scan timeout
TIMEOUT: "15m"
```
## Artifacts
After the job completes, you’ll find:
* `seqra-job:archive` in the job artifacts.
* These can be consumed by other CI jobs or uploaded to a code scanning service.
## Troubleshooting
* **Monorepos:** You can analyze only the project you need using `PROJECT_ROOT`.
* **Timeouts:** If the scan times out, increase `TIMEOUT` (e.g., `30m`).
## Changelog
See [CHANGELOG](CHANGELOG.md).
## License
This project is released under the [MIT License](LICENSE).
The [core analysis engine](https://github.com/seqra/seqra-jvm-sast) is source-available under the [Functional Source License (FSL-1.1-ALv2)](https://fsl.software/), which converts to Apache 2.0 two years after each release. You can use Seqra for free, including for commercial use, except for competing products or services.