Introduction

Introduction

Fluid Attacks' PR/MR analyzer is a comprehensive security analysis solution that automatically detects vulnerabilities and code smells by analyzing code changes in PR/MR and provides immediate feedback to developers through automated discussions on GitLab and Azure DevOps platforms.

Overview

Fluid Attacks' provides a client through a docker image that integrates with CI/CD pipelines to trigger security analysis. This client automatically detects the CI/CD environment and submits analysis requests with the appropriate platform-specific parameters.

The client requiere the CI/CD pipeline where the image is being executed define the following environments variables.
  1. FLUIDATTACKS_JWT
  2. AZURE_TOKEN or GITLAB_TOKEN
Additionally the client will get automatically the following environments variable from the CI/CD pipeline

GitLab
  1. CI_MERGE_REQUEST_PROJECT_ID - Project ID 
  2. CI_MERGE_REQUEST_IID - Merge request IID
Azure DevOps
  1. SYSTEM_TEAMFOUNDATIONCOLLECTIONURI - Organization URI
  2. SYSTEM_TEAMPROJECT - Project name
  3. BUILD_REPOSITORY_ID - Repository ID 
  4. SYSTEM_PULLREQUEST_PULLREQUESTID - Pull request ID
Idea
Development: PR/MR analyzer