Skip to main content
This document provides the YAML configuration for setting up a CI/CD pipeline in GitLab to run the SLS scanners from a Docker image, using a private repository in Azure Container Registry (ACR). The example is shown with in-line variables for the SLS_CLIENT_ID, SLS_CLIENT_SECRET, and SLS_SCAN_KEY. These variables are used to authenticate with the ACR and to identify the asset being scanned. It is recommended that these be defined as pipeline variables in your GitLab CI/CD settings under Settings > CI/CD > Variables.

.gitlab-ci.yml

image: mcr.microsoft.com/dotnet/sdk:8.0

services:
  - docker:dind

variables:
  DOCKER_DRIVER: overlay2
  SLS_CLIENT_ID: "<your-acr-username>"
  SLS_CLIENT_SECRET: "<your-acr-token>"
  ACR_URL: "tauruseer.azurecr.io"
  SLS_SCAN_KEY: "<your-scan-key>"

stages:
  - build
  - scanProject

before_script:
  - docker login -u ${SLS_CLIENT_ID} -p ${SLS_CLIENT_SECRET} ${ACR_URL}

build:
  stage: build
  script:
    # Project build steps
    #- dotnet restore
    #- dotnet build --configuration Release

scanProject:
  stage: scanProject
  script:
    # Run the SCA scanner
    - docker pull ${ACR_URL}/sca-scanner-pipeline:latest'
    - docker run -v $(pwd):/source ${ACR_URL}/sca-scanner-pipeline:latest --scan-key=${SLS_SCAN_KEY}'

    # Run the SAST scanner
    - docker pull ${ACR_URL}/sast-scanner-pipeline:latest'
    - docker run -v $(pwd):/source ${ACR_URL}/sast-scanner-pipeline:latest --scan-key=${SLS_SCAN_KEY}'