Copy your Pynt ID into a variable in your GitLab variables
Settings -> CICD -> Variables
Add Pynt to you workflow, see following example of a job in GitLab workflow that runs Pynt on our goat vulnerable application:
stages: - pyntpynt-api-security:# Use the official docker image.image:dockerstage:pyntservices: - docker:dindbefore_script: - apk add --update curl && rm -rf /var/cache/apk/* - apk add --update python3 - apk add py3-pipvariables:SHARED_PATH:/builds/shared/$CI_PROJECT_PATHscript:# create shared folder - mkdir -p ${SHARED_PATH}# pynt should run from ${SHARED_PATH} context. - cd ${SHARED_PATH}# set $PYNT_CREDENTIALS environment variable - export PYNT_ID=$pyntid# get collection to test - curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json --output goat.json
# install pyntcli - python3 -m venv venv - source venv/bin/activate - pip install pyntcli# run pynt security scan against goat.json collection - pynt newman --collection ${SHARED_PATH}/goat.json --reporters --return-error=errors-only # results both html and json will be created at ${SHARED_PATH}: ${SHARED_PATH}/pynt_results.json, ${SHARED_PATH}/pynt_results.html
- cat ${SHARED_PATH}/pynt_results.json
Controlling the return code from Pynt
pynt newman and pynt command have an optional flag --return-error
With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:
'all-findings' (warnings or errors),
'errors-only',
'never' (default)