Version: Next

Administrative Setup For The Pillars of Creation Pipeline Repository

Introduction

This guide will walk you through the administrative tasks for setting up the Pillars of Creation pipeline in your GitLab instance.

Organization Administrators and Privileged only

Before you begin, ensure you have the following items ready:

tip

It is recommended to create variables at the Group level in GitLab. This will make them accessible to all projects within that group.

GitLab Account: Access to the target project's GitLab repository.
NIST API Key: Obtain from the National Vulnerability Database (NVD) Portal (found at https://nvd.nist.gov/developers/request-an-api-key) for vulnerability assessments.
NeuVector API Key: Needed for container security scans.
CI/CD Tokens: Configured for accessing the container registry.

CI/CD: Continuous Integration and Continuous Deployment. A strategy for automating code integration, testing, and deployment.
NIST: National Institute of Standards and Technology. Manages the National Vulnerability Database (NVD) used for security vulnerability assessments.
NeuVector: A security platform for container vulnerability scanning.

The container image requires access via CI tokens for registry authentication:

The pipeline utilizes the NVD_API_KEY for dependency vulnerability checks (required if you are building the dependency-check container image):

Register at the NIST NVD Portal (found at https://nvd.nist.gov/developers/request-an-api-key) to obtain an API key.
In your GitLab project, navigate to Settings > CI/CD > Variables.
Add a new variable:
- Key: NVD_API_KEY
- Value: Your NIST API Key
- Protect variable: Enable (optional)
- Mask variable: Enable

For container vulnerability scanning:

Obtain the NV_X_AUTH_APIKEY with the image-scanner role to initiate scans.
In your GitLab project, go to Settings > CI/CD > Variables and add a new variable:
- Key: NV_X_AUTH_APIKEY
- Value: Your NeuVector API Key
- Protect variable: Enable (optional)
- Mask variable: Enable