GitLab CI
Run Hacker Bot scans in your GitLab CI/CD pipeline.
Basic Configuration
Add this to your .gitlab-ci.yml:
stages:
- test
- security
security_scan:
stage: security
image: hackerbot/scanner:latest
variables:
HACKERBOT_API_KEY: $HACKERBOT_API_KEY
TARGET_URL: https://staging.example.com
script:
- hackerbot scan --target $TARGET_URL --profile standard
artifacts:
reports:
sast: hackerbot-report.json
paths:
- hackerbot-report.json
expire_in: 30 days
only:
- main
- merge_requestsEnvironment Variables
Set these variables in GitLab CI/CD settings:
- Go to Settings → CI/CD → Variables
- Add
HACKERBOT_API_KEY(masked, protected) - Optionally add
TARGET_URLper environment
Merge Request Scanning
Scan review apps or dynamic environments:
security_scan_mr:
stage: security
image: hackerbot/scanner:latest
script:
- hackerbot scan --target $CI_ENVIRONMENT_URL --profile quick
environment:
name: review/$CI_COMMIT_REF_SLUG
url: https://$CI_COMMIT_REF_SLUG.review.example.com
only:
- merge_requests
allow_failure: trueSecurity Dashboard Integration
Hacker Bot reports are compatible with GitLab's Security Dashboard. Findings appear alongside other security tools.
Enable the SAST report artifact to see findings in:
- Merge Request security widget
- Project Security Dashboard
- Group Security Dashboard (Ultimate)
Fail Pipeline on Findings
Block merges when vulnerabilities are detected:
security_scan:
stage: security
image: hackerbot/scanner:latest
script:
- |
hackerbot scan --target $TARGET_URL --profile standard --output json > report.json
CRITICAL=$(cat report.json | jq '[.findings[] | select(.severity == "critical")] | length')
if [ "$CRITICAL" -gt 0 ]; then
echo "Critical vulnerabilities found!"
exit 1
fi