Gitlab

ZeroThreat integrates with GitLab CI/CD to help you automatically run security scans as part of your development pipeline. This ensures that vulnerabilities are detected early—before they make it to production.

This guide walks you through setting up ZeroThreat with GitLab using a basic example. You can follow this as-is or customize it later based on your team’s workflow.

Prerequisites

Before getting started, make sure:

  • Your target is verified in the ZeroThreat.

  • You have access to a GitLab project with CI/CD enabled.

  • You understand the basics of GitLab pipelines and .gitlab-ci.yml files.

Step 1. Start CI/CD Integration from ZeroThreat

  1. Navigate to the Targets ()section in ZeroThreat.

  2. Click on the "Continuous Integration" button () for your desired target.

  1. In the CI/CD settings drawer, click Add "GitLab CI/CD integration" and confirm.

Once confirmed, a unique ZT_Token will be generated. This token is used to start scans CI/CD for its associated target from the Ci/CD.

Step 2: Choose Scan Settings

  1. Select or create a Scan Profile suitable for your environment.

A scan profile is required for API scans in CI/CD integration. Without it, the integration pipeline cannot start the scan.

  1. If you're scanning authenticated sections of your app, select the appropriate Login Template for authenticated scans.

Make sure to select a working Login template for Authenticated Scan.

Step 3: Visit the GitLab CI/CD Catalog

Click the GitLab CI/CD icon in ZeroThreat. This will take you to the GitLab CI/CD Catalog page, where you can find the ZeroThreat integration details and required configuration.

Step 4: Open Your GitLab Project and Start Editing

  1. Go to your GitLab repository.

  2. In the left sidebar, click “Build” → “Jobs” to view previous pipeline jobs (if any).

  3. Then click on “Pipeline Editor” to open the .gitlab-ci.yml configuration file.

This is the file where you’ll define how your pipeline runs, and where you’ll add ZeroThreat’s configuration.

Step 5: Configure Your Pipeline

In the .gitlab-ci.yml file:

  1. Add a new stage named ZeroThreat AI Security Scan .

  2. Insert the ZeroThreat job configuration provided on the GitLab CI/CD Catalog page.

Here's a simplified example:

stages:
  - build
  - test
  - deploy
  - ZeroThreat AI Security Scan

[SNIP]

include:
    - component: $CI_SERVER_FQDN/zerothreatai/gitlab-ci-component/scanner@0.0.3
      inputs:
        ZT_TOKEN: $ZT_TOKEN
        WAIT_FOR_ANALYSIS: false

Always use the latest version of the zerothreatai/gitlab-ci-component. In the example above, replace @0.0.3 with the latest available version.

Step 6: Set ZT_TOKEN as a CI/CD Variable

It is advised to not hardcode tokens directly in your config files. Instead, store your ZeroThreat token securely as a GitLab CI/CD variable:

  1. Save your pipeline changes.

  2. Go to Settings → CI/CD → Variables in your GitLab project.

  1. Click “Add Variable”.

  2. Set:

    • Key: ZT_TOKEN

    • Value: (paste the token from ZeroThreat)

Use GitLab CI/CD Variables to safely store secrets like ZT_TOKEN. This prevents sensitive data from being exposed in your version control.

Step 7: Run the Pipeline

Once everything is saved and committed:

  1. Go and start or rerun the pipeline.

  2. When it reaches the ZeroThreat AI Security Scan stage, ZeroThreat will start the scan.

The Job will begin and a scan will be triggered in ZeroThreat portal.

Flexible Automation Options

This example uses a basic manual setup, but you can customize it further. GitLab allows you to trigger pipelines on:

  • Code pushes

  • Merge requests

  • Scheduled jobs (cron)

  • Tags or custom conditions

This gives your team full control over how and when ZeroThreat scans are triggered—making it easy to fit security testing into your existing development process.

Finished setting up your CI/CD integration?

Head over to our guide on Reviewing Scan Reports to learn and analyze different sections of the scan report.

PreviousCircle CINextAWS CI/CD

Last updated