SafeSCARF Snippets
All available snippets are written, tested, and design for Gitlab CI. All of them are prepared to run on every commit on the selected branch but they can be run in any scenario, based on your preferences and needs.
More about security testing and its phases can be found on CI/CD Security documentation.
Snippets require to define SAFESCARF_HOST (which represents the hostname of your SVMP) and SAFESCARF_ENG_ID (which represents engagement ID from your SVMP - check SafeSCARF Engagement creation). Snippets can require more variables which are described in the documentation page of each snippet.
The authentication of the scanner is provided by the Machine account API key which needs to be saved as SAFESCARF_TOKEN into project or group CI/CD variables (page of Gitlab project/group → “Settings” → “CI/CD” → “Variables” → “Add variable”).
Keep in mind SAFESCARF_TOKEN should be secret, so be sure you using it as protected variable in encrypted form.
CI jobs are assigned to stage test, which needs to be part of .gitlab-ci.yml like
stages: ... - test ...