GitLab Runner Integration
GitLab
is an open-core company that provides GitLab, a DevOps software package that combines the ability to develop, secure, and operate software in a single application. Its application, GitLab Runner
, works with GitLab CI/CD to run jobs in a pipeline.
Using the installation script
You may automatically install the scanner using the installation script available from https://get.xygeni.io/latest/scanner/TYPE
, with TYPE either bash
or powershell
:
build-job:
stage: scan
script:
- >
curl -L https://get.xygeni.io/latest/scanner/install.sh |
/bin/bash -s -- -o -t $XYGENI_TOKEN
- >
$HOME/.xygeni/xygeni scan \
-n ${CI_PROJECT_NAME} --dir ${CI_PROJECT_DIR}
Using the docker image
If it is not possible to install the scanner in the GitLab host running the pipeline, you may run the docker image instead:
build-job:
stage: scan
script:
- >
docker run
-v $PROJECT_HOME:/app
-v $DD_CONF:/opt/xygeni_scanner/conf
-t -rm xygeni_scanner/xygeni scan
-n $PROJECT_NAME --dir /app
Integrate with Gitlab Security Reports
GitLab provides built-in security reporting capabilities that allow you to view security vulnerabilities directly within your GitLab project. When integrated with Xygeni, security findings can be automatically sent to GitLab's security dashboard, providing a centralized view of your project's security posture.
Sending Xygeni Secrets Findings to GitLab
Xygeni can automatically send secrets detection findings to GitLab's security dashboard using the following command:
build-job:
stage: scan
script:
- >
curl -L https://get.xygeni.io/latest/scanner/install.sh |
/bin/bash -s -- -o -t $XYGENI_TOKEN
- >
$HOME/.xygeni/xygeni secrets --dir . --send-to=gitlab/alerts --no-stdin --never-fail
Command Parameters Explained:
--dir .
: Scans the current directory for secrets--send-to=gitlab/alerts
: Sends findings directly to GitLab's security alerts system--no-stdin
: Prevents reading from standard input, ensuring the command runs non-interactively--never-fail
: Ensures the pipeline continues even if secrets are found, allowing for reporting without blocking development
GitLab CI/CD Configuration:
To properly receive Xygeni findings, ensure your GitLab project has the security scanning features enabled. The findings will appear in:
Security & Compliance > Vulnerability Report
CI/CD > Pipelines > Security tab for each pipeline run
Project > Security Dashboard

Example GitLab CI Configuration:
variables:
XYGENI_TOKEN: $XYGENI_TOKEN
stages:
- scan
secrets-scan:
stage: scan
script:
- >
curl -L https://get.xygeni.io/latest/scanner/install.sh |
/bin/bash -s -- -o -t $XYGENI_TOKEN
- >
$HOME/.xygeni/xygeni secrets --dir . --send-to=gitlab/alerts --no-stdin --never-fail
artifacts:
reports:
secret_detection: gl-secret-detection-report.json
allow_failure: true
Benefits of Integration:
Centralized security reporting in GitLab
Automated vulnerability tracking
Historical trend analysis
Integration with GitLab's issue tracking system
Compliance reporting capabilities
Last updated