Setting up CI Integrations
Setting up CI Gating

Setting up CI Gating

Introduction

CI gating is available for all of Aikido's CI integrations. With Aikido's CI Gating feature you can scan your feature branches for known vulnerabilities in open-source software packages (CVE), IaC and SAST.

How does it work

To get started, log into Aikido and go to the CI Integrations page. Start by generating a secret key. This key can be inserted in the GitHub Secrets or in GitLab Variables as AIKIDO_SECRET_KEY.

After running inside of your CI, Aikido will display a link with the scan results for this specific branch. Given we scan the specific branch (and not the entire repo again), Aikido tells you about both fixed and newly introduced issues for this specific change.

If Aikido detects an issue is fixed inside of a feature branch, it will be marked inside of Aikido as "PR open", so you can easily verify an issue will be fixed even before merging a feature branch.

Bypassing a failed state

In case you would like to bypass a failed state, this is possible by ignoring the issues that caused the CI gate to fail. You can do this by clicking the issue and in the top right Actions menu select Ignore/or snooze.

Only users that have the permission to snooze or ignore issues can bypass the CI gate.

Our CI Integrations

  • Bitbucket Pipes

  • GitLab CI

  • GitHub Actions

  • Azure Pipelines

If your integration is not in the list, you can still integrate by using our Public CI API.