Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add guide for gitlab #91

Merged
merged 4 commits into from
Jul 8, 2024
Merged

Add guide for gitlab #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
57ab686
add guide for gitlab
4xpl0r3r Jun 29, 2024
fa242ac
Update to meed CI Requirement
4xpl0r3r Jul 1, 2024
88b339d
Update gitlab.md
4xpl0r3r Jul 8, 2024
9a2c07b
Update wordlist
4xpl0r3r Jul 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .wordlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,3 +187,7 @@ GitLab
githubusercontent
nvm
LTS

configs
URI
BaseURL
59 changes: 59 additions & 0 deletions docs-2/development/testing/gitlab.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---

title: GitLab repo testing
layout: col-document
tags: threatdragon
document: Threat Dragon version 2.0
permalink: /docs-2/gitlab-repo/

---

{% include breadcrumb.html %}

## [OWASP](https://www.owasp.org) Threat Dragon

### GitLab repository access

Most of steps are the same as the GitHub Guide, but there are several parts different:

1. Web App GitLab Access
2. Environment variables

#### Web App GitLab Access

It's recommended to follow the [gitlab official guide](https://docs.gitlab.com/ee/integration/oauth_provider.html)
to set up the OAuth Application.

The recommended configs are like bellow:

- Redirect URI: `{BaseURL of your Threat Dragon Instance}/api/oauth/return`
- Scopes: Check `read_user read_repository write_repository profile read_api api`

For other options like `Trusted`, you could decide it by yourself.

After finishing the application, you will get `Application ID` and `Application Secret`,
they will be useful in the next part.

#### Example Environment variables

To help your threat dragon instance to support GitLab access, you have to set the environment variables like bellow

```bash
GITLAB_CLIENT_ID=0000000000000000000000000000000
GITLAB_CLIENT_SECRET=gloas-0000000000000000000000000000000
GITLAB_SCOPE=read_user read_repository write_repository profile read_api api
GITLAB_REDIRECT_URI=http://threat-dragon-instance/api/oauth/return
GITLAB_HOST=http://gitlab-instance
```

- GITLAB_CLIENT_ID: the `Application ID` you got from Gitlab
- GITLAB_CLIENT_SECRET: the `Application Secret` you got from Gitlab
- GITLAB_SCOPE: the functionalities you allow the threat dragon to use
- GITLAB_REDIRECT_URI: set it like this pattern ``{BaseURL of your Threat Dragon Instance}/api/oauth/return``
- GITLAB_HOST: it is the BaseURL of your GitLab Instance, if you're using official GitLab instance,
it remove this variable or set it to `https://gitlab.com/`

#### The End

Now you have successfully configured the GitLab Access for your Threat Dragon instance,
for anything not mentioned in this guide, you can check [the Guide of GitHub one](/docs-2/github-repo/)