Available CI/CD variables

CI/CD variable	Description
`SECURE_ANALYZERS_PREFIX`	Specify the Docker registry base address from which to download the analyzer.
`FUZZAPI_VERSION`	Specify API Fuzzing container version. Defaults to `5`.
`FUZZAPI_IMAGE_SUFFIX`	Specify a container image suffix. Defaults to none.
`FUZZAPI_API_PORT`	Specify the communication port number used by API Fuzzing engine. Defaults to `5500`. Introduced in GitLab 15.5.
`FUZZAPI_TARGET_URL`	Base URL of API testing target.
`FUZZAPI_TARGET_CHECK_SKIP`	Disable waiting for target to become available. Introduced in GitLab 17.1.
`FUZZAPI_TARGET_CHECK_STATUS_CODE`	Provide the expected status code for target availability check. If not provided, any non-500 status code is acceptable. Introduced in GitLab 17.1.
`FUZZAPI_PROFILE`	Configuration profile to use during testing. Defaults to `Quick-10`.
`FUZZAPI_EXCLUDE_PATHS`	Exclude API URL paths from testing.
`FUZZAPI_EXCLUDE_URLS`	Exclude API URL from testing.
`FUZZAPI_EXCLUDE_PARAMETER_ENV`	JSON string containing excluded parameters.
`FUZZAPI_EXCLUDE_PARAMETER_FILE`	Path to a JSON file containing excluded parameters.
`FUZZAPI_OPENAPI`	OpenAPI Specification file or URL.
`FUZZAPI_OPENAPI_RELAXED_VALIDATION`	Relax document validation. Default is disabled.
`FUZZAPI_OPENAPI_ALL_MEDIA_TYPES`	Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled.
`FUZZAPI_OPENAPI_MEDIA_TYPES`	Colon (`:`) separated media types accepted for testing. Default is disabled.
`FUZZAPI_HAR`	HTTP Archive (HAR) file.
`FUZZAPI_GRAPHQL`	Path to GraphQL endpoint, for example `/api/graphql`. Introduced in GitLab 15.4.
`FUZZAPI_GRAPHQL_SCHEMA`	A URL or filename for a GraphQL schema in JSON format. Introduced in GitLab 15.4.
`FUZZAPI_POSTMAN_COLLECTION`	Postman Collection file.
`FUZZAPI_POSTMAN_COLLECTION_VARIABLES`	Path to a JSON file to extract Postman variable values. The support for comma-separated (`,`) files was introduced in GitLab 15.1.
`FUZZAPI_OVERRIDES_FILE`	Path to a JSON file containing overrides.
`FUZZAPI_OVERRIDES_ENV`	JSON string containing headers to override.
`FUZZAPI_OVERRIDES_CMD`	Overrides command.
`FUZZAPI_OVERRIDES_CMD_VERBOSE`	When set to any value. It shows overrides command output as part of the job output.
`FUZZAPI_PER_REQUEST_SCRIPT`	Full path and filename for a per-request script. See demo project for examples. Introduced in GitLab 17.2.
`FUZZAPI_PRE_SCRIPT`	Run user command or script before scan session starts. `sudo` must be used for privileged operations like installing packages.
`FUZZAPI_POST_SCRIPT`	Run user command or script after scan session has finished. `sudo` must be used for privileged operations like installing packages.
`FUZZAPI_OVERRIDES_INTERVAL`	How often to run overrides command in seconds. Defaults to `0` (once).
`FUZZAPI_HTTP_USERNAME`	Username for HTTP authentication.
`FUZZAPI_HTTP_PASSWORD`	Password for HTTP authentication.
`FUZZAPI_HTTP_PASSWORD_BASE64`	Password for HTTP authentication, Base64-encoded. Introduced in GitLab 15.4.
`FUZZAPI_SUCCESS_STATUS_CODES`	Specify a comma-separated (`,`) list of HTTP success status codes that determine whether an API Fuzzing testing scanning job has passed. Introduced in GitLab 17.1. Example: `'200, 201, 204'`

Available CI/CD variables

Help & feedback

Docs

Product

Feature availability and product trials

Get Help