From 66b56af672b064f35169572669b5f01b83cb7005 Mon Sep 17 00:00:00 2001 From: idiottrader <429136075@qq.com> Date: Sat, 28 Feb 2026 23:52:13 +0800 Subject: [PATCH 1/2] feat: add GitLab CI integration template --- integrations/gitlab-ci.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 integrations/gitlab-ci.yml diff --git a/integrations/gitlab-ci.yml b/integrations/gitlab-ci.yml new file mode 100644 index 00000000..bb1a0f18 --- /dev/null +++ b/integrations/gitlab-ci.yml @@ -0,0 +1,38 @@ +# GitLab CI Template for ISNAD Scan +image: node:18 + +variables: + ISNAD_TARGET: "." + ISNAD_OUTPUT_FORMAT: "sarif" + ISNAD_FAIL_ON_FINDINGS: "true" + +stages: + - security + +isnad-scan: + stage: security + script: + - npm install -g @isnad/cli + - isnad scan $ISNAD_TARGET --format $ISNAD_OUTPUT_FORMAT --output isnad-results.sarif + artifacts: + reports: + sast: isnad-results.sarif + paths: + - isnad-results.sarif + expire_in: 1 week + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + allow_failure: true + +# Optional: Upload to ISNAD dashboard +isnad-upload: + stage: security + script: + - npm install -g @isnad/cli + - isnad upload isnad-results.sarif --api-key $ISNAD_API_KEY + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + needs: + - isnad-scan + when: on_success \ No newline at end of file From 959285948ceee45382b56fb20e6fcb71b28d75b9 Mon Sep 17 00:00:00 2001 From: idiottrader <429136075@qq.com> Date: Sat, 28 Feb 2026 23:52:27 +0800 Subject: [PATCH 2/2] docs: add GitLab CI documentation --- integrations/README.md | 91 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 integrations/README.md diff --git a/integrations/README.md b/integrations/README.md new file mode 100644 index 00000000..a25c2f6a --- /dev/null +++ b/integrations/README.md @@ -0,0 +1,91 @@ +# GitLab CI Integration for ISNAD + +This document explains how to integrate ISNAD scanning into your GitLab CI/CD pipeline. + +## Quick Start + +Add the following to your `.gitlab-ci.yml`: + +```yaml +include: + - remote: 'https://raw.githubusercontent.com/counterspec/isnad/main/integrations/gitlab-ci.yml' +``` + +## Configuration + +### Environment Variables + +| Variable | Description | Default | +|----------|-------------|---------| +| `ISNAD_TARGET` | Directory to scan | `.` | +| `ISNAD_OUTPUT_FORMAT` | Output format (json, sarif) | `sarif` | +| `ISNAD_FAIL_ON_FINDINGS` | Fail pipeline on findings | `true` | +| `ISNAD_API_KEY` | API key for dashboard upload | - | + +### Example Pipeline + +```yaml +stages: + - build + - test + - security + +include: + - remote: 'https://raw.githubusercontent.com/counterspec/isnad/main/integrations/gitlab-ci.yml' + +# Your existing jobs... +build: + stage: build + script: + - npm run build + +test: + stage: test + script: + - npm test +``` + +## GitLab Security Dashboard + +When using SARIF output, findings will appear in the GitLab Security Dashboard: + +1. Go to **Security & Compliance > Security Dashboard** +2. View ISNAD scan results alongside other security tools + +## Advanced Configuration + +### Custom Scan Targets + +```yaml +isnad-scan: + variables: + ISNAD_TARGET: "./src" + ISNAD_OUTPUT_FORMAT: "json" +``` + +### Ignore Specific Rules + +Create `.isnadignore`: + +``` +# Ignore test files +**/*.test.js + +# Ignore specific patterns +**/node_modules/** +``` + +## Troubleshooting + +### High False Positive Rate + +Adjust the sensitivity level in your scan configuration. + +### Pipeline Fails + +Set `ISNAD_FAIL_ON_FINDINGS: "false"` to make the scan informational only. + +## Support + +- Documentation: https://isnad.md/docs +- Issues: https://github.com/counterspec/isnad/issues