Versions Compared

Old Version 1

changes.mady.by.user John Gerlock

Saved on

compared with

New Version 2

changes.mady.by.user John Gerlock

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Let’s connect your GitLab integration! Data Theorem’s SAST can connect to GitLab.com, GitLab On-Prem, and GitLab Ultimate.

Onboarding your GitLab instance will require communication with Data Theorem. This page will guide you through the how to configure your GitLab Self-Managed instance to use Data Theorem’s SAST scanning without sharing your code with Data Theorem. It will create AWS resources to run a container-based SAST scanner provided by Data Theorem. The SAST scan results will be visible in the Data Theorem portal

Please reach out to support@datatheorem.com if you need help!

Table of Contents
minLevel1
maxLevel1
outlinefalse
typelist
printablefalse

Installation

Requirements

Onboard GitLab (Cloud)

Note that the onboarding user must be an admin within your GitLab workspace.

...

Navigate to gitLab.com.

...

Select Groups and select the group that you would like to connect to Data Theorem's SAST analyzer.

...

Select Settings, then Applications.

...

Select Add new application.

...

Configure the application using the following options:

...

Name: Data Theorem SAST

...

Trusted: Not required

...

  • The GitLab installation must be exposed to the internet

  • The user following these instructions must have administrator permissions to the GitLab instance

  • AWS Account with Admin Access

Step 1: Generate a SAST Security Results API Key

Navigate to Data Theorem’s API key provisioning portal https://www.securetheorem.com/

...

Confidential: checked

...

Scoped: api and read_repository

...

Select Save Application

...

Send the URL, the Application ID, and the Secret to your Data Theorem contact. These are the credentials that the Data Theorem SAST Analyzer will use to connect to your GitLab instance.

...

  1. Important: Click the link in the email, then click Authorize.

    Image Removed

  2. Your GitLab Ultimate instance has been successfully onboarded! Your source code will now continuously be scanned for security and privacy issues, which can be found on https://www.securetheorem.com/mobile-secure/v2/security/sast?view=issues or directly in your GitLab Ultimate merge requests.

    Image Removed

Onboard GitLab (Self-Managed)

Requirements

  • The GitLab installation must be exposed to the internet

  • The user following these instructions must have administrator permissions to the GitLab instance

  • AWS Account with Admin Access

Onboarding the GitLab installation

devsecops/v2/results_api_access

Make sure the API key has the “SAST Scanning” feature permission

Keep the window open or securely store the API Key, you will need to enter it in a later step.

...

Step 2: Create A Data Theorem App In GitLab

Start with creating the GitLab application for the Data Theorem integration:

  • Log into the GitLab instance

  • Open “Applications” in the Admin Area

    Image Removed

  • Create a new instance-wide application with the following settings

    • Name: Data Theorem SAST

    • Trusted: Not required

    • Redirect URI: https://www.securetheorem.com/gitlab-integration/onboarding

    • Trusted: checked

    • Confidential: checked

    • ScopedScopes: api and read_repository

...

...

The application settings should look like this:

...

Info

We will update the “Redirect URI” value to the the URI of our AWS Lambda handler in a later step. We use this value a secure placeholder, but OAuth redirects will not be sent to this URI.

  • Clicking “Save application”

  • Securely make a note of the Application ID, Secret, and instance URL (from the address bar of your browser)

Deploy AWS Resources

...

  • . You will need to enter these values in the next step

...

Screenshot 2024-07-24 at 15.02.09.pngImage Added

Step 3: Create AWS Resources

Open the AWS CloudFormation Quick Create Link you received from Data Theorem, and sign in the AWS account where you want the SAST scanning resources to be created.

Create a new system hook with the following settings:

  • URL: Copy/Paste the CloudFormation Stack Output named GitLabSystemHookUrl

  • Secret Token: Copy/Paste the CloudFormation Stack Output named GitLabSystemHookSecret

Paste the values for the GitLab App Id, Gitlab App Secret

Screenshot 2024-07-24 at 15.50.05.pngImage Added

...

Step 4: Configuring The GitLab System Hook

The system hook will notify the GitLab integration of changes to any of the repositories present in the GitLab integration.Once the Data Theorem SAST application has been created in the GitLab instance. You should have received an email titled “GitLab hook authorization token”. Please reach out to the Data Theorem support team if you haven’t received this email.

Configuration steps:

  • Log into the GitLab instance

  • Open Navigate to “System Hooks” in the Admin Area

    Image Removed

  • Create a new system hook with the following settings:

    • URL: Past the value of the CloudFormation Template Copy/Paste the CloudFormation Stack Output named GitLabSystemHookUrl

    • Secret Token: Copy and paste the code from the email/Paste the CloudFormation Stack Output named GitLabSystemHookSecret

    • Trigger:

      • Check “Repository update events”

      • Check “Merge request events”

    • Check “SSL verification”

Screenshot 2024-07-24 at 15.15.20.pngImage Added

The system hook should look like this:

...

Step 5: Update The GitLab App OAuth Redirect URI

  • Open “Applications” in the Admin Area

  • Edit the Data Theorem SAST application and update the Redirect URI setting

    • Redirect URI: Copy/Paste the CloudFormation Stack Output named GitLabOAuthRedirectUri

Screenshot 2024-07-24 at 15.02.26.pngImage Added