Qualys IaC Security Integration for GitLab
The security scans are conducted on cloud resources after deployment in the current continuous integration and continuous deployment (CICD) environment. As a result, you secure your cloud resources post-deployment to respective Cloud accounts.
With an introduction of the Infrastructure as Code (IaC) security feature by Qualys Qualys TotalCloud, you can now secure your IaC templates before the cloud resources are deployed in your cloud environments. The IaC Security feature helps you shift cloud security and compliance posture to the left, allowing evaluation of cloud resources for misconfigurations much earlier during the development phase.
Qualys TotalCloud offers an integration with GitLab to secure GitHub repositories using a pipeline script that can be used to scan your IaC templates from GitHub repositories. It continuously verifies security misconfigurations against Qualys TotalCloud security controls and displays the failed checks for each run. You have continuous visibility of the security posture of your IaC Templates at GitLab Pipeline and plan for remediation. Follow this guide for more details.
For supported templates, other integrations, and features of Cloud IaC Security, refer to TotalCloud Online Help and TotalCloud API User Guide.
Scan IaC Template at GitLab
The GitLab integration allows you to perform IaC scans at the GitHub repositories on the push and merge requests. It checks the security issues and displays the failed checks as pipeline annotations. We provide you with a pipeline script and options that can be configured to run based on various triggers.
You can perform an IaC scan on either of the following:
- The entire branch repository where the push, manual, or scheduled event was performed.
- The templates that were newly added to the branch.
The results are generated within GitLab pipeline output that provides you with proactive visibility into the security of your IaC templates residing in GitHub repositories.
Pre-requisites
- Ensure that you have a valid Qualys subscription to the Qualys Cloud Security Assessment application.
- Before you trigger IaC scans in GitLab, ensure that you configure environment variables that are used in the script.
Next step: