debian-mirror-gitlab/doc/user/application_security/generate_test_vulnerabilities/index.md
2022-11-25 23:54:43 +05:30

1.6 KiB

type stage group info
reference, howto Govern Threat Insights To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

Generate test vulnerabilities

You can generate test vulnerabilities for the Vulnerability Report to test GitLab vulnerability management features without running a pipeline.

  1. Login in to GitLab.
  2. Go to /-/profile/personal_access_tokens and generate a personal access token with api permissions.
  3. Go to your project page and find the project ID. You can find the project ID below the project title.
  4. Clone the GitLab repository to your local machine.
  5. Open a terminal and go to gitlab/qa directory.
  6. Run bundle install
  7. Run the following command:
GITLAB_QA_ACCESS_TOKEN=<your_personal_access_token> GITLAB_URL="<address:port>" bundle exec rake vulnerabilities:setup\[<your_project_id>,<vulnerability_count>\] --trace

Make sure you do the following:

  • Replace <your_personal_access_token> with the token you generated in step one.
  • Double check the GITLAB_URL. It should point to address and port of your GitLab instance, for example http://localhost:3000 if you are running GDK
  • Replace <your_project_id> with the ID you obtained in step three above.
  • Replace <vulnerability_count> with the number of vulnerabilities you'd like to generate.

The script creates the specified number of placeholder vulnerabilities in the project.