🔘Pynt for GitLab
Integrate Pynt with GitLab for automated API security testing. Enhance your CI/CD pipeline by adding Pynt’s robust security scans to your GitLab workflows.
What is GitLab?
Pynt's integration with GitLab
As part of its API security testing, Pynt allows seamless integration with GitLab.
Pynt for GitLab enables you to seamlessly integrate powerful API security testing into your GitLab CI/CD pipelines. By incorporating Pynt into your GitLab workflows, you can automate comprehensive security scans with every build, ensuring that your APIs are protected from vulnerabilities throughout the development process. Pynt’s integration with GitLab is designed to be straightforward, allowing you to enhance your security posture without disrupting your existing CI/CD practices.
GitLab Configuration
Copy your Pynt ID into a variable in your GitLab variables
Settings -> CICD -> Variables
Add Pynt to you workflow, see following example of a job in GitLab workflow that runs Pynt on our goat vulnerable application:
stages:
- security_scan
run_pynt:
stage: security_scan
image: python:3.11
script:
# Get and install Pynt Binary
- wget https://cdn.pynt.io/binary-release/install.sh
- chmod +x install.sh
- ./install.sh
- cd ~/.pynt/bin/
# Get sample pytest
- wget https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat_functional_test.py
- python3 -m pip install --upgrade pip
- pip install pytest
- pip install requests
# Run Pynt on the pytest file
- export PYNT_ID=$pyntid
- ./pynt command --cmd "python3 -m pytest goat_functional_test.py" --severity-level none
artifacts:
paths:
- ~/.pynt/results
expire_in: 1 hour
Controlling the return code from Pynt
pynt newman and pynt command have an optional flag --severity-level
With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:
'all', 'medium', 'high', 'critical', 'none' (default) Last updated