Available CI/CD variables

CI/CD variable	Description
`SECURE_ANALYZERS_PREFIX`	Specify the Docker registry base address from which to download the analyzer.
`FUZZAPI_VERSION`	Specify API Fuzzing container version. Defaults to `3`.
`FUZZAPI_IMAGE_SUFFIX`	Specify a container image suffix. Defaults to none.
`FUZZAPI_API_PORT`	Specify the communication port number used by API Fuzzing engine. Defaults to `5500`. Introduced in GitLab 15.5.
`FUZZAPI_TARGET_URL`	Base URL of API testing target.
`FUZZAPI_CONFIG`	Deprecated in GitLab 13.12, replaced with default `.gitlab/gitlab-api-fuzzing-config.yml`. API Fuzzing configuration file.
`FUZZAPI_PROFILE`	Configuration profile to use during testing. Defaults to `Quick-10`.
`FUZZAPI_EXCLUDE_PATHS`	Exclude API URL paths from testing.
`FUZZAPI_EXCLUDE_URLS`	Exclude API URL from testing. Introduced in GitLab 14.10.
`FUZZAPI_EXCLUDE_PARAMETER_ENV`	JSON string containing excluded parameters. Introduced in GitLab 14.10.
`FUZZAPI_EXCLUDE_PARAMETER_FILE`	Path to a JSON file containing excluded parameters. Introduced in GitLab 14.10.
`FUZZAPI_OPENAPI`	OpenAPI Specification file or URL.
`FUZZAPI_OPENAPI_RELAXED_VALIDATION`	Relax document validation. Default is disabled. Introduced in GitLab 14.7. GitLab team members can view more information in this confidential issue: `https://gitlab.com/gitlab-org/gitlab/-/issues/345950`.
`FUZZAPI_OPENAPI_ALL_MEDIA_TYPES`	Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. Introduced in GitLab 14.10.
`FUZZAPI_OPENAPI_MEDIA_TYPES`	Colon (`:`) separated media types accepted for testing. Default is disabled. Introduced in GitLab 14.10.
`FUZZAPI_HAR`	HTTP Archive (HAR) file.
`FUZZAPI_GRAPHQL`	Path to GraphQL endpoint, for example `/api/graphql`. Introduced in GitLab 15.4.
`FUZZAPI_GRAPHQL_SCHEMA`	A URL or filename for a GraphQL schema in JSON format. Introduced in GitLab 15.4.
`FUZZAPI_POSTMAN_COLLECTION`	Postman Collection file.
`FUZZAPI_POSTMAN_COLLECTION_VARIABLES`	Path to a JSON file to extract Postman variable values. The support for comma-separated (`,`) files was introduced in GitLab 15.1.
`FUZZAPI_OVERRIDES_FILE`	Path to a JSON file containing overrides.
`FUZZAPI_OVERRIDES_ENV`	JSON string containing headers to override.
`FUZZAPI_OVERRIDES_CMD`	Overrides command.
`FUZZAPI_OVERRIDES_CMD_VERBOSE`	When set to any value. It shows overrides command output as part of the job output. Introduced in GitLab 14.8.
`FUZZAPI_PRE_SCRIPT`	Run user command or script before scan session starts.
`FUZZAPI_POST_SCRIPT`	Run user command or script after scan session has finished.
`FUZZAPI_OVERRIDES_INTERVAL`	How often to run overrides command in seconds. Defaults to `0` (once).
`FUZZAPI_HTTP_USERNAME`	Username for HTTP authentication.
`FUZZAPI_HTTP_PASSWORD`	Password for HTTP authentication.
`FUZZAPI_HTTP_PASSWORD_BASE64`	Password for HTTP authentication, Base64-encoded. Introduced in GitLab 15.4.

Available CI/CD variables

Help & feedback

Docs

Product

Feature availability and product trials

Get Help