Agnech

GitLab CI

Pipeline Security Integration

Integrate Agnech into GitLab CI/CD pipelines with merge request comments, security dashboard integration, and SAST reports.

Setup

Configure GitLab CI variables and create your pipeline.

1. Add CI/CD Variables

Go to Settings → CI/CD → Variables. Add AGNECH_LICENSEas a masked, protected variable.

2. Create .gitlab-ci.yml

Add the pipeline configuration to your repository root.

Basic Pipeline

.gitlab-ci.yml
YAML
1stages:
2  - security
3  - build
4  - test
5  - deploy
6

7security-scan:
8  stage: security
9  image: node:20
10  variables:
11    AGNECH_LICENSE: $AGNECH_LICENSE
12  before_script:
13    - npm install -g @agnech/cli
14    - agnech license activate $AGNECH_LICENSE
15  script:
16    - agnech scan --mode advanced --report json,sarif ./src
17    - mv results.json gl-sast-report.json
18  artifacts:
19    reports:
20      sast: gl-sast-report.json
21    paths:
22      - results.sarif
23    expire_in: 1 week
24  rules:
25    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
26    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

MR Integration

Configure merge request integration for security feedback.

.gitlab-ci.yml
YAML
1security-scan-mr:
2  stage: security
3  image: node:20
4  script:
5    - npm install -g @agnech/cli
6    - agnech license activate $AGNECH_LICENSE
7    - |
8      agnech scan \
9        --mode advanced \
10        --report gitlab \
11        --output gl-sast-report.json \
12        ./src
13  artifacts:
14    reports:
15      sast: gl-sast-report.json
16  rules:
17    - if: $CI_MERGE_REQUEST_IID
18

19# Optional: Add comment to MR
20security-comment:
21  stage: security
22  needs: [security-scan-mr]
23  image: alpine:latest
24  before_script:
25    - apk add --no-cache curl jq
26  script:
27    - |
28      CRITICAL=$(jq '.vulnerabilities | map(select(.severity == "Critical")) | length' gl-sast-report.json)
29      HIGH=$(jq '.vulnerabilities | map(select(.severity == "High")) | length' gl-sast-report.json)
30

31      COMMENT="## Security Scan Results\n\n"
32      COMMENT+="${CRITICAL} Critical | ${HIGH} High\n\n"
33

34      if [ "$CRITICAL" -gt 0 ]; then
35        COMMENT+="⚠️ Please fix critical issues before merging."
36      else
37        COMMENT+="✅ No critical vulnerabilities found."
38      fi
39

40      curl --request POST \
41        --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
42        --header "Content-Type: application/json" \
43        --data "{\"body\": \"$COMMENT\"}" \
44        "$CI_API_V4_URL/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes"
45  rules:
46    - if: $CI_MERGE_REQUEST_IID

Security Dashboard

Integrate with GitLab's Security Dashboard for vulnerability tracking.

GitLab Ultimate

The Security Dashboard is available in GitLab Ultimate. For other tiers, use the artifacts and pipeline reports.
.gitlab-ci.yml
YAML
1include:
2  - template: Security/SAST.gitlab-ci.yml
3

4agnech-sast:
5  stage: security
6  image: node:20
7  script:
8    - npm install -g @agnech/cli
9    - agnech license activate $AGNECH_LICENSE
10    - agnech scan --report gitlab --output gl-sast-report.json ./src
11  artifacts:
12    reports:
13      sast: gl-sast-report.json
14  rules:
15    - if: $CI_COMMIT_BRANCH