From a19fb82f191d5f15ad1d00a4ae91e28c2eb667a4 Mon Sep 17 00:00:00 2001 From: gotbadger Date: Wed, 10 Jan 2024 14:17:50 +0000 Subject: [PATCH 1/2] docs: update gitlab cloud example to do diffscan on mr --- docs/_data/examples/ci/gitlab/cloud.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/_data/examples/ci/gitlab/cloud.yaml b/docs/_data/examples/ci/gitlab/cloud.yaml index 60f04c202..b655b8eb1 100644 --- a/docs/_data/examples/ci/gitlab/cloud.yaml +++ b/docs/_data/examples/ci/gitlab/cloud.yaml @@ -1,5 +1,11 @@ -bearer: +bearer_cloud: + stage: bearer image: name: bearer/bearer entrypoint: [""] + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + variables: + BEARER_DIFF: 1 script: bearer scan . --api-key=$BEARER_TOKEN From 88d1056da20419f351aa4362055bbd315728741f Mon Sep 17 00:00:00 2001 From: gotbadger Date: Tue, 16 Jan 2024 15:56:36 +0000 Subject: [PATCH 2/2] docs: update gitlab cloud docs --- docs/_data/examples/ci/gitlab/cloud.yaml | 1 - docs/guides/bearer-cloud.md | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/_data/examples/ci/gitlab/cloud.yaml b/docs/_data/examples/ci/gitlab/cloud.yaml index b655b8eb1..69106b9a5 100644 --- a/docs/_data/examples/ci/gitlab/cloud.yaml +++ b/docs/_data/examples/ci/gitlab/cloud.yaml @@ -1,5 +1,4 @@ bearer_cloud: - stage: bearer image: name: bearer/bearer entrypoint: [""] diff --git a/docs/guides/bearer-cloud.md b/docs/guides/bearer-cloud.md index 0da274f31..ed97182e6 100644 --- a/docs/guides/bearer-cloud.md +++ b/docs/guides/bearer-cloud.md @@ -44,6 +44,15 @@ Set up the [GitLab CI/CD configuration](/guides/gitlab), then adjust your settin We recommend using [GitLab's CI/CD variables](https://docs.gitlab.com/ee/ci/variables/) to protect your token. In the example above, the variable is named `BEARER_TOKEN`. +#### Enhanced Integration + +Once the above is configured and your first scan is complete, visit the integrations section to configure our direct GitLab integration. This gives developers the ability to ignore findings directly in the MR workflow, and for your Security team to review those in the Bearer Cloud Dashboard. Setup is done per project with the following steps: + +- Create an access token with the ‘api’ scope and ‘maintainer’ role. We recommend using a [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html). +- Enter the details for your desired project. +- Behind the scenes, we validate the token and automatically create and configure a webhook to capture MR events. +- Open an MR and see bearer findings directly in the comments! + ### Local projects Use the `--api-key` flag with the `scan` command: