Setting up CI Gating
Introduction
CI gating is available for all of Aikido's CI integrations. With Aikido's CI Gating feature you can scan your feature branches for known vulnerabilities in open-source software packages (CVE), IaC and SAST.
How does it work
To get started, log into Aikido and go to the CI Integrations page. Start by generating a secret key. This key can be inserted in the GitHub Secrets or in GitLab Variables as AIKIDO_SECRET_KEY.
After running inside of your CI, Aikido will display a link with the scan results for this specific branch. Given we scan the specific branch (and not the entire repo again), Aikido tells you about both fixed and newly introduced issues for this specific change.
If Aikido detects an issue is fixed inside of a feature branch, it will be marked inside of Aikido as "PR open", so you can easily verify an issue will be fixed even before merging a feature branch.
Bypassing a failed state
In case you would like to bypass a failed state, this is possible by ignoring the issues that caused the CI gate to fail. You can do this by clicking the issue and in the top right Actions menu select Ignore/or snooze.
Only users that have the permission to snooze or ignore issues can bypass the CI gate.
Our CI Integrations
Bitbucket Pipes
GitLab CI
GitHub Actions
Azure Pipelines
If your integration is not in the list, you can still integrate by using our Public CI API.