2019-09-30 21:07:59 +05:30
|
|
|
# Gemnasium **(ULTIMATE)**
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
This guide describes how to migrate from Gemnasium.com to your own GitLab
|
|
|
|
instance or GitLab.com.
|
|
|
|
|
|
|
|
## Why is Gemnasium.com closed?
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
Gemnasium was [acquired by GitLab](https://about.gitlab.com/press/releases/2018-01-30-gemnasium-acquisition.html)
|
2019-07-31 22:56:46 +05:30
|
|
|
in January 2018. Since May 15, 2018, the services provided by Gemnasium are no longer available.
|
|
|
|
The team behind Gemnasium has joined GitLab as the new Security Products team
|
2019-10-12 21:52:04 +05:30
|
|
|
and is working on a [wide range of tools](../../application_security/index.md),
|
|
|
|
including:
|
|
|
|
|
|
|
|
- [Dependency Scanning](../../application_security/dependency_scanning/index.md)
|
|
|
|
- [SAST](../../application_security/sast/index.md)
|
|
|
|
- [DAST](../../application_security/dast/index.md)
|
|
|
|
- [Container Scanning](../../application_security/container_scanning/index.md)
|
|
|
|
|
2019-07-31 22:56:46 +05:30
|
|
|
If you want to continue monitoring your dependencies, see the
|
|
|
|
[Migrating to GitLab](#migrating-to-gitlab) section below.
|
|
|
|
|
|
|
|
## What happened to my account?
|
|
|
|
|
|
|
|
Your account has been automatically closed on May 15th, 2018. If you had a paid
|
|
|
|
subscription at that time, your card will be refunded on a pro rata temporis basis.
|
|
|
|
You may contact `gemnasium@gitlab.com` regarding your closed account.
|
|
|
|
|
|
|
|
## Will my account/data be transferred to GitLab Inc.?
|
|
|
|
|
|
|
|
All accounts and data have been deleted on May 15th, 2018. GitLab Inc.
|
|
|
|
doesn't know anything about your private data, nor your projects, and therefore
|
|
|
|
if they were vulnerable or not. GitLab Inc. takes personal information very seriously.
|
|
|
|
|
|
|
|
## What happened to my badge?
|
|
|
|
|
|
|
|
To avoid broken 404 images, all badges pointing to Gemnasium.com will be a
|
|
|
|
placeholder, inviting you to migrate to GitLab (and pointing to this page).
|
|
|
|
|
|
|
|
## Migrating to GitLab
|
|
|
|
|
|
|
|
Gemnasium has been ported and integrated directly into GitLab CI/CD.
|
|
|
|
You can still benefit from our dependency monitoring features, and it requires
|
|
|
|
some steps to migrate your projects. There is no automatic import since GitLab
|
|
|
|
doesn't know anything about any projects which existed on Gemnasium.com.
|
|
|
|
Security features are free for public (open-source) projects hosted on GitLab.com.
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
### If your project is hosted on GitLab (`https://gitlab.com` / self-hosted)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
You're almost set! If you're already using
|
|
|
|
[Auto DevOps](../../../topics/autodevops/), you are already covered.
|
|
|
|
Otherwise, you must configure your `.gitlab-ci.yml` according to the
|
2019-09-04 21:01:54 +05:30
|
|
|
[dependency scanning page](../../application_security/dependency_scanning/index.md).
|
2019-07-31 22:56:46 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
### If your project is hosted on GitHub (`https://github.com` / GitHub Enterprise)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
Since [GitLab 10.6 comes with GitHub integration](https://about.gitlab.com/features/github/),
|
|
|
|
GitLab users can now create a CI/CD project in GitLab connected to an external
|
|
|
|
GitHub.com or GitHub Enterprise repository. This will automatically prompt
|
|
|
|
GitLab CI/CD to run whenever code is pushed to GitHub and post CI/CD results
|
|
|
|
back to both GitLab and GitHub when completed.
|
|
|
|
|
|
|
|
1. Create a new project, and select the "CI/CD for external repo" tab:
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![Create new Project](img/gemnasium/create_project.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
1. Use the "GitHub" button to connect your repositories.
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![Connect from GitHub](img/gemnasium/connect_github.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
1. Select the project(s) to be set up with GitLab CI/CD and chose "Connect".
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![Select projects](img/gemnasium/select_project.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
Once the configuration is done, you may click on your new
|
|
|
|
project on GitLab.
|
2019-07-31 22:56:46 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![click on connected project](img/gemnasium/project_connected.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
Your project is now mirrored on GitLab, where the Runners will be able to access
|
|
|
|
your source code and run your tests.
|
2019-07-31 22:56:46 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
Optional step: If you set this up on GitLab.com, make sure the project is
|
|
|
|
public (in the project settings) if your GitHub project is public, since
|
|
|
|
the security feature is available only for [GitLab Ultimate](https://about.gitlab.com/pricing).
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
1. To set up the dependency scanning job, corresponding to what Gemnasium was
|
|
|
|
doing, you must create a `.gitlab-ci.yml` file, or update it according to
|
2019-09-04 21:01:54 +05:30
|
|
|
the [dependency scanning docs](../../application_security/dependency_scanning/index.md).
|
2019-07-31 22:56:46 +05:30
|
|
|
The mirroring is pull-only by default, so you may create or update the file on
|
|
|
|
GitHub:
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![Edit gitlab-ci.yml file](img/gemnasium/edit_gitlab-ci.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
1. Once your file has been committed, a new pipeline will be automatically
|
|
|
|
triggered if your file is valid:
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![pipeline](img/gemnasium/pipeline.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
1. The result of the job will be visible directly from the pipeline view:
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
![security report](img/gemnasium/report.png)
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
NOTE: **Note:**
|
|
|
|
If you don't commit very often to your project, you may want to use
|
|
|
|
[scheduled pipelines](../pipelines/schedules.md) to run the job on a regular
|
|
|
|
basis.
|