Integration with Gitlab Pipelines¶
Introduction¶
Integrating Licensight into your CI/CD pipeline helps you automatically scan every code change for open-source vulnerabilities, license risks, and policy violations. This ensures continuous monitoring and helps catch issues early in the development process.
Prerequisites¶
Configure variables¶
Define these variables in the GitLab project's CI/CD settings (Settings > CI/CD > Variables) or in a parent group.
Variable |
Description |
|---|---|
LICENSIGHT_APPLICATION_NAME |
The name of the application in Licensight platform. |
LICENSIGHT_ACCESS_TOKEN |
Your Licensight access token. Please refer to Creating an access token for detailed instructions. |
LICENSIGHT_URL |
Licensight platform endpoint |
GITLAB_TOKEN |
To enable GitLab PR decoration, set a variable with a valid GitLab token (API access required). |
Licensight Integration for GitLab Platforms¶
For details on the parameters of Licensight Scan, refer to Using Licensight Scan.
Create a .gitlab-ci.yml file in the root directory.
Scan Pull Requests with GitLab pipeline¶
stages:
- deploy
licensight:
stage: deploy
script:
- apt update && apt install -y python3 golang maven curl
- curl -O https://licensight.s3.eu-central-1.amazonaws.com/latest/linux/licensight-scan
- chmod +x ./licensight-scan
- |
./licensight-scan generate \
-d . \
-a "$LICENSIGHT_APPLICATION_NAME" \
-e $LICENSIGHT_URL \
-at $LICENSIGHT_ACCESS_TOKEN \
-b $CI_COMMIT_REF_NAME \
-dpr true
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event' && $GITLAB_TOKEN != null
When a new PR is created, the pipeline will:
- Automatically run the scanner on the changed code:
- Decorate the Pull Request with scan results:
Scan on Default Branch¶
This pipeline below trigger Licensight every time code merge to default branch
stages:
- deploy
licensight:
stage: deploy
script:
- apt update && apt install -y python3 golang maven curl
- curl -O https://licensight.s3.eu-central-1.amazonaws.com/latest/linux/licensight-scan
- chmod +x ./licensight-scan
- |
./licensight-scan generate \
-d . \
-a "$LICENSIGHT_APPLICATION_NAME" \
-e $LICENSIGHT_URL \
-at $LICENSIGHT_ACCESS_TOKEN \
-b $CI_COMMIT_BRANCH
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
The pipeline result:
Example for default branch has been scanned:
Scan on Release Tags¶
This Pipeline trigger Licensight every time release tags created:
stages:
- deploy
licensight:
stage: deploy
script:
- apt update && apt install -y python3 golang maven curl
- curl -O https://licensight.s3.eu-central-1.amazonaws.com/latest/linux/licensight-scan
- chmod +x ./licensight-scan
- |
./licensight-scan generate \
-d . \
-a "$LICENSIGHT_APPLICATION_NAME" \
-e $LICENSIGHT_URL \
-at $LICENSIGHT_ACCESS_TOKEN \
-t $CI_COMMIT_TAG
rules:
- if: $CI_COMMIT_TAG
The pipeline result:
Troubleshooting Common Issues¶
| Issue | Description | Solution |
|---|---|---|
| Exit code 3 | A space in the application name (e.g., My App) is interpreted as two arguments | Wrap the value in quotes: -a "My App" |
| Invalid access token | LICENSIGHT_ACCESS_TOKEN is incorrect or missing |
Regenerate the token from Licensight and update it in Gitlab variables |
| Unauthorized access to application | You do not have permission to access the Licensight application. | Contact the application's owner to request access rights |
| Scan results not visible in Licensight platform |
|
|
| Licensight not triggered | Pipeline not triggered due to unmet conditions | Check rules: section in .gitlab-ci.yml to ensure correct conditions |
| Private dependencies not resolved | Licensight can't access private repos | Configure credentials (e.g., Maven settings.xml) in the pipeline |
| Error: No dependencies found |
|
|
| Unauthorized Gitlab access token | Token is expired or lacks sufficient permissions | Regenerate a new token with appropriate API permission levels and assign it to GITLAB_TOKEN |