GitLab

Akto integrates with GitLab to add automated API security testing to your CI/CD pipeline. This integration enables you to:

• Run API security tests during your GitLab pipelines

• View security test results directly in merge requests

• Block merges based on security test results

Prerequisites

• GitLab account with maintainer or owner permissions

• GitLab repository with CI/CD enabled

• Docker runner configured in GitLab

Steps to Configure GitLab

1. Add GitLab CI Configuration

   1. Create or update .gitlab-ci.yml in your repository root:

stages:    # List of stages for jobs, and their order of execution
  - build
  - test

build-job:       # This job runs in the build stage, which runs first.
  stage: build
  script:
    - echo "Compiling the code..."
    - echo "Compile complete."

variables:
  AKTO_DASHBOARD_URL: "https://app.akto.io"
  AKTO_API_KEY: "${AKTO_API_KEY}"        # Use GitLab CI/CD variable
  AKTO_TEST_ID: "${AKTO_TEST_ID}"        # Use GitLab CI/CD variable
  WAIT_TIME_FOR_RESULT: "1000"

test_scan:
  stage: test
  image: aktosecurity/akto-testing-scan:latest # Use Docker image to run docker commands
  script:
    - cd /usr/src/app
    - echo $AKTO_DASHBOARD_URL
    - echo $AKTO_API_KEY
    - echo $AKTO_TEST_ID
    - node index.js

1. Configure GitLab CI/CD Variables

   1. Go to Settings > CI/CD > Variables

   2. Add these variables:

      • AKTO_API_KEY (mark as masked and protected)

      • AKTO_TEST_ID

3. Verify Integration

1. Create a merge request

2. Pipeline will automatically run

3. Check "CI/CD > Pipelines" for test results