Available CI/CD variables
| CI/CD variable | Description |
|---|---|
SECURE_ANALYZERS_PREFIX | Specify the Docker registry base address from which to download the analyzer. |
FUZZAPI_VERSION | Specify API Fuzzing container version. Defaults to 5. |
FUZZAPI_IMAGE_SUFFIX | Specify a container image suffix. Defaults to none. |
FUZZAPI_API_PORT | Specify the communication port number used by API Fuzzing engine. Defaults to 5500. Introduced in GitLab 15.5. |
FUZZAPI_TARGET_URL | Base URL of API testing target. |
FUZZAPI_TARGET_CHECK_SKIP | Disable waiting for target to become available. Introduced in GitLab 17.1. |
FUZZAPI_TARGET_CHECK_STATUS_CODE | Provide the expected status code for target availability check. If not provided, any non-500 status code is acceptable. Introduced in GitLab 17.1. |
FUZZAPI_PROFILE | Configuration profile to use during testing. Defaults to Quick-10. |
FUZZAPI_EXCLUDE_PATHS | Exclude API URL paths from testing. |
FUZZAPI_EXCLUDE_URLS | Exclude API URL from testing. |
FUZZAPI_EXCLUDE_PARAMETER_ENV | JSON string containing excluded parameters. |
FUZZAPI_EXCLUDE_PARAMETER_FILE | Path to a JSON file containing excluded parameters. |
FUZZAPI_OPENAPI | OpenAPI Specification file or URL. |
FUZZAPI_OPENAPI_RELAXED_VALIDATION | Relax document validation. Default is disabled. |
FUZZAPI_OPENAPI_ALL_MEDIA_TYPES | Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. |
FUZZAPI_OPENAPI_MEDIA_TYPES | Colon (:) separated media types accepted for testing. Default is disabled. |
FUZZAPI_HAR | HTTP Archive (HAR) file. |
FUZZAPI_GRAPHQL | Path to GraphQL endpoint, for example /api/graphql. Introduced in GitLab 15.4. |
FUZZAPI_GRAPHQL_SCHEMA | A URL or filename for a GraphQL schema in JSON format. Introduced in GitLab 15.4. |
FUZZAPI_POSTMAN_COLLECTION | Postman Collection file. |
FUZZAPI_POSTMAN_COLLECTION_VARIABLES | Path to a JSON file to extract Postman variable values. The support for comma-separated (,) files was introduced in GitLab 15.1. |
FUZZAPI_OVERRIDES_FILE | Path to a JSON file containing overrides. |
FUZZAPI_OVERRIDES_ENV | JSON string containing headers to override. |
FUZZAPI_OVERRIDES_CMD | Overrides command. |
FUZZAPI_OVERRIDES_CMD_VERBOSE | When set to any value. It shows overrides command output as part of the job output. |
FUZZAPI_PER_REQUEST_SCRIPT | Full path and filename for a per-request script. See demo project for examples. Introduced in GitLab 17.2. |
FUZZAPI_PRE_SCRIPT | Run user command or script before scan session starts. sudo must be used for privileged operations like installing packages. |
FUZZAPI_POST_SCRIPT | Run user command or script after scan session has finished. sudo must be used for privileged operations like installing packages. |
FUZZAPI_OVERRIDES_INTERVAL | How often to run overrides command in seconds. Defaults to 0 (once). |
FUZZAPI_HTTP_USERNAME | Username for HTTP authentication. |
FUZZAPI_HTTP_PASSWORD | Password for HTTP authentication. |
FUZZAPI_HTTP_PASSWORD_BASE64 | Password for HTTP authentication, Base64-encoded. Introduced in GitLab 15.4. |
FUZZAPI_SUCCESS_STATUS_CODES | Specify a comma-separated (,) list of HTTP success status codes that determine whether an API Fuzzing testing scanning job has passed. Introduced in GitLab 17.1. Example: '200, 201, 204' |
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support