In this post, we are going to show how to integrate Shiflett into a modern CI/CD orchestrator like Gitlab. We will take the perspective of an application developer that integrates Shiftleft blades into the CI/CD pipeline and how leverages Shiftleft information to start solving vulnerabilities detected in the code, container image that the pipeline build as well as an infrastructure project that uses Terraform.
The following is a short description of Shiftleft modules also known as blades:
- code-scan: Using as input a directory that contains a Git repository, Shiftleft will scan it for vulnerabilities, weak coding practices, sensitive content, and malicious files among other categories
- image-scan: Using as input a container image, compressed into a file, this blade will apply all the capabilities already provided by code-scan and will add on top of that the scanning of OS-level packages included in the container image.
- iac-assessment: In combination with CloudGuard, Infrastructure as code assessment allows users to apply policies to their Terraform projects. The mechanism to define those rules is by making use of CloudGuard Governance Specification Language (GSL). A high-level, human-friendly language.