GitLab IaC Variables

Home
Getting Started
Getting Started
- AccuKnox Enterprise Architecture
- Deployment Models
  Deployment Models
- Release Notes
  Release Notes
  - AccuKnox
    AccuKnox
    
    v2.1-v2.2 Release Notes
    
    v2.0 Release Notes
    
    v1.7 Release Notes
    
    v1.6 Release Notes
    
    v1.5 Release Notes
  - KubeArmor
- Open Source
  Open Source
  - Open source vs Enterprise
  - Open Source Installation
- Sample Workloads Protection
  Sample Workloads Protection
- AccuKnox Agents
How To
How To
- CSPM Prerequisites
  CSPM Prerequisites
  - AWS
  - Azure
  - GCP
- Onboard Cloud Account
  Onboard Cloud Account
  - AWS
  - Azure
  - GCP
  - Offboard Clound Account
- Onboard Cluster
  Onboard Cluster
- Onboard Registry
  Onboard Registry
  - ACR
  - ECR
  - GAR
  - Harbor
- Onboard VM
  Onboard VM
  - SystemD/Docker Mode
  - SystemD Based Non-BTF Environments
- Create Tokens
- Create Labels
- Signup/Login via SSO
- Generate CWPP Reports
- CIS Benchmarking
- Configure Custom Report
Integrations
Integrations
- CI/CD
  CI/CD
  - Azure DevOps
    Azure DevOps
    
    DAST
    
    SAST
    
    Container Image Scan
    
    Iac Scan
  - Google Cloud Build
    Google Cloud Build
    
    DAST
    
    SAST
    
    Container Image Scan
    
    IaC Scan
  - Harness
    Harness
    
    DAST
    
    SAST
    
    Container Image Scan
    
    IaC Scan
  - Jenkins
    Jenkins
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan
  - AWS Code Pipeline
    AWS Code Pipeline
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan
  - GitHub
    GitHub
    
    IaC Scan
    
    Onboard Private Repos
  - Gitlab
    Gitlab
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan (AccuKnox)
    
    IaC Scan (GitLab Pipeline)
    
    Scan Variables
    Scan Variables
    
    Container Scan Variables
    
    IaC Scan Variables
    
    DAST Scan Variables
    
    SAST Scan variables
  - Bitbucket
    Bitbucket
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan
    
    Scan Variables
    Scan Variables
    
    Container Scan Variables
    
    IaC Scan Variables
    
    DAST Scan Variables
    
    SAST Scan variables
  - CheckMarx
    CheckMarx
    
    SAST
    
    SCA
- Private Cloud
  Private Cloud
  - Nutanix
    Nutanix
    
    AccuKnox
    
    KubeArmor
  - Mirantis Lens
    Mirantis Lens
    
    KubeArmor
    
    AccuKnox Agents
  - Rafay
  - SpectroCloud
- Marketplace
  Marketplace
  - Azure Marketplace Installation Guide
  - Oracle Marketplace Installation Guide
  - AWS Marketplace
    AWS Marketplace
    
    AWS Installation Guide
    
    KubeArmor Installation Guide
    
    KubeArmor EKS add-on
  - RedHat Marketplace Installation Guide
- Notification
  Notification
- OAuth
- SIEM/ Security Events
  SIEM/ Security Events
  - Telemetry (Sample)
    Telemetry (Sample)
    
    Logs
    
    Alerts
  - Splunk
  - AWS Cloudwatch
  - Rsyslog
  - Azure Sentinel
  - AccuKnox SplunkApp
  - Rsyslog feeder integration
  - Azure Sentinel feeder integration
  - KubeArmor Splunk Integration
- Ticketing
  Ticketing
Use-Cases
Use-Cases
- Use Cases By Categories
- CNAPP Dashboard Widgets
- AI/ML Security
  AI/ML Security
  - Jupyter Notebook
  - ModelArmor
    ModelArmor
    
    Overview
    
    Pickle Code Injection PoC
    
    Adversarial Attacks on Deep Learning Models
    
    Deploy PyTorch App with ModelKnox
- Cloud Security Posture Management (CSPM)
- Cloud Workload Protection Platform (CWPP)
- Application Security Posture Management (ASPM)
- Kubernetes Security Posture Management (KSPM)
  Kubernetes Security Posture Management (KSPM)
- DevSecOps (ASPM)
  DevSecOps (ASPM)
- Vulnerability Management (ASPM)
- Cloud Security (CSPM)
  Cloud Security (CSPM)
  - Asset Inventory
  - Cloud Misconfiguration and Drift Detection
- Container Security (CWPP)
  Container Security (CWPP)
- Least Permissive Posture Assessment (CWPP)
  Least Permissive Posture Assessment (CWPP)
- Advanced Persistent Threat (CWPP)
  Advanced Persistent Threat (CWPP)
  - Cryptojacking
  - Hildegard
- Securing Secrets Managers (CWPP)
  Securing Secrets Managers (CWPP)
  - HashiCorp Vault Hardening
  - CyberArk Conjur Hardening
- Host Security (CWPP)
  Host Security (CWPP)
- Continuous Compliance (GRC)
  Continuous Compliance (GRC)
  - Multi-cloud Compliance
- Automation
  Automation
  - Automated Ticket Creation Using Rules Engine
- Prioritization
  Prioritization
  - EPSS Scoring
- 5G Control Plane Security
- IoT/Edge Security
Support Matrix
Support Matrix
Resources
Resources
- Calculate Pricing
  Calculate Pricing
- Upgrading AccuKnox Agents
- Backup my Scan Data
- CWPP Troubleshooting
- CSPM Troubleshooting
- User Manual
- Technical Guide
- Ticketing Procedures
- Glossary
FAQs

IaC Scan Variables

The Infrastructure as Code (IaC) scanning section of the GitLab CI/CD pipeline is designed to integrate with AccuKnox to scan infrastructure code files (e.g., Terraform) for security vulnerabilities.

Here’s the table that outlines the inputs and their descriptions, along with default values:

Input Value	Description	Default Value
STAGE	Specifies the pipeline stage.	test
INPUT_FILE	Specify a file for scanning (e.g., ".tf" for Terraform). Cannot be used with directory input.	"" (empty, optional)
INPUT_DIRECTORY	Directory with infrastructure code and/or package manager files to scan.	"." (current directory)
INPUT_COMPACT	Do not display code blocks in the output.	true (boolean)
INPUT_QUIET	Display only failed checks.	true (boolean)
INPUT_SOFT_FAIL	Do not return an error code if there are failed checks.	true (boolean)
INPUT_FRAMEWORK	Run only on a specific infrastructure (Kubernetes or Terraform).	"" (empty, optional)
ACCUKNOX_TOKEN	The token for authenticating with the CSPM panel.	N/A (Required)
ACCUKNOX_TENANT	ID of the tenant associated with the CSPM panel.	N/A (Required)
ACCUKNOX_ENDPOINT	URL of the CSPM panel to push the scan results to.	cspm.demo.accuknox.com
ACCUKNOX_LABEL	Label created in AccuKnox SaaS for associating scan results.	N/A (Required)