This tool allows you to read a security report file, process it, and comment on a GitLab merge request using the GitLab API.
- Reads a JSON security report.
- Comments on a specific merge request in GitLab with findings.
- Uses GitLab API for authentication.
- Golang 1.18+ (if running via binary)
- Docker (if running via Docker)
git clone https://github.com/yourusername/your-repo.git
cd your-repogo build -o security-report-tool./security-report-tool -f path/to/report.json \
-i <gitlab-project-id> \
-u <gitlab-project-url> \
-n <gitlab-namespace> \
-m <merge-request-id> \
-t <gitlab-private-token>-f: Path to the file containing the security report (e.g.,report.json)-i: GitLab project ID (e.g.,$CI_PROJECT_ID)-u: GitLab project URL (e.g.,$GITLAB_URL)-n: Project namespace (e.g.,$CI_PROJECT_PATH)-m: Merge request ID (e.g.,$CI_MERGE_REQUEST_IID)-t: GitLab private token (your personal or CI/CD token)
docker build -t security-report-tool .docker run --rm \
-v $(pwd)/path/to/report.json:/app/report.json \
-e GITLAB_PROJECT_ID=<gitlab-project-id> \
-e GITLAB_URL=<gitlab-project-url> \
-e GITLAB_NAMESPACE=<gitlab-namespace> \
-e MERGE_REQUEST_ID=<merge-request-id> \
-e GITLAB_TOKEN=<gitlab-private-token> \
security-report-toolGITLAB_PROJECT_ID: GitLab project ID (e.g.,$CI_PROJECT_ID)GITLAB_URL: GitLab project URL (e.g.,$GITLAB_URL)GITLAB_NAMESPACE: GitLab namespace (e.g.,$CI_PROJECT_PATH)MERGE_REQUEST_ID: Merge request ID (e.g.,$CI_MERGE_REQUEST_IID)GITLAB_TOKEN: GitLab private token (your personal or CI/CD token)
FROM golang:1.18-alpine
WORKDIR /app
COPY . .
RUN go build -o security-report-tool
ENTRYPOINT ["/app/security-report-tool"]MIT License