Available CI/CD variables
| CI/CD variable | Description |
|---|---|
SECURE_ANALYZERS_PREFIX |
Specify the Docker registry base address from which to download the analyzer. |
FUZZAPI_VERSION |
Specify API Fuzzing container version. Defaults to 5. |
FUZZAPI_IMAGE_SUFFIX |
Specify a container image suffix. Defaults to none. |
FUZZAPI_API_PORT |
Specify the communication port number used by API Fuzzing engine. Defaults to 5500. Introduced in GitLab 15.5. |
FUZZAPI_TARGET_URL |
Base URL of API testing target. |
FUZZAPI_TARGET_CHECK_SKIP |
Disable waiting for target to become available. Introduced in GitLab 17.1. |
FUZZAPI_TARGET_CHECK_STATUS_CODE |
Provide the expected status code for target availability check. If not provided, any non-500 status code is acceptable. Introduced in GitLab 17.1. |
FUZZAPI_PROFILE |
Configuration profile to use during testing. Defaults to Quick-10. |
FUZZAPI_EXCLUDE_PATHS |
Exclude API URL paths from testing. |
FUZZAPI_EXCLUDE_URLS |
Exclude API URL from testing. |
FUZZAPI_EXCLUDE_PARAMETER_ENV |
JSON string containing excluded parameters. |
FUZZAPI_EXCLUDE_PARAMETER_FILE |
Path to a JSON file containing excluded parameters. |
FUZZAPI_OPENAPI |
OpenAPI Specification file or URL. |
FUZZAPI_OPENAPI_RELAXED_VALIDATION |
Relax document validation. Default is disabled. |
FUZZAPI_OPENAPI_ALL_MEDIA_TYPES |
Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. |
FUZZAPI_OPENAPI_MEDIA_TYPES |
Colon (:) separated media types accepted for testing. Default is disabled. |
FUZZAPI_HAR |
HTTP Archive (HAR) file. |
FUZZAPI_GRAPHQL |
Path to GraphQL endpoint, for example /api/graphql. Introduced in GitLab 15.4. |
FUZZAPI_GRAPHQL_SCHEMA |
A URL or filename for a GraphQL schema in JSON format. Introduced in GitLab 15.4. |
FUZZAPI_POSTMAN_COLLECTION |
Postman Collection file. |
FUZZAPI_POSTMAN_COLLECTION_VARIABLES |
Path to a JSON file to extract Postman variable values. The support for comma-separated (,) files was introduced in GitLab 15.1. |
FUZZAPI_OVERRIDES_FILE |
Path to a JSON file containing overrides. |
FUZZAPI_OVERRIDES_ENV |
JSON string containing headers to override. |
FUZZAPI_OVERRIDES_CMD |
Overrides command. |
FUZZAPI_OVERRIDES_CMD_VERBOSE |
When set to any value. It shows overrides command output as part of the job output. |
FUZZAPI_PER_REQUEST_SCRIPT |
Full path and filename for a per-request script. See demo project for examples. Introduced in GitLab 17.2. |
FUZZAPI_PRE_SCRIPT |
Run user command or script before scan session starts. sudo must be used for privileged operations like installing packages. |
FUZZAPI_POST_SCRIPT |
Run user command or script after scan session has finished. sudo must be used for privileged operations like installing packages. |
FUZZAPI_OVERRIDES_INTERVAL |
How often to run overrides command in seconds. Defaults to 0 (once). |
FUZZAPI_HTTP_USERNAME |
Username for HTTP authentication. |
FUZZAPI_HTTP_PASSWORD |
Password for HTTP authentication. |
FUZZAPI_HTTP_PASSWORD_BASE64 |
Password for HTTP authentication, Base64-encoded. Introduced in GitLab 15.4. |
FUZZAPI_SUCCESS_STATUS_CODES |
Specify a comma-separated (,) list of HTTP success status codes that determine whether an API Fuzzing testing scanning job has passed. Introduced in GitLab 17.1. Example: '200, 201, 204'
|