> ## Documentation Index > Fetch the complete documentation index at: https://docs.kosli.com/llms.txt > Use this file to discover all available pages before exploring further. ## Submitting Feedback If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback: POST https://docs.kosli.com/feedback ```json { "path": "/integrations/ci_cd", "feedback": "Description of the issue" } ``` Only submit feedback when you have something specific and actionable to report. # CI/CD > Use Kosli in CI Systems like GitHub Actions, GitLab CI, and more. This section provides how-to guides showing you how to use Kosli to report changes from different CI systems. Note that **all** CLI command flags can be set as environment variables by adding the the `KOSLI_` prefix and capitalizing them. ## Defaulted Kosli command flags from CI variables The following flags are **defaulted** (which means you don't need to provide the flags, they'll be automatically set to values listed below) as follows in the CI systems below: View defaulted Kosli command flags in Github Actions. | Flag | Default | | :-------------- | :--------------------------------------------------------------------- | | --build-url | `//actions/runs/` | | --commit-url | `//commit/` | | --commit | `` | | --git-commit | `` | | --repository | `` | | --repo-id | `` | | --repo-url | `/` | | --repo-provider | `github` | | --github-org | `` | Where `` are Github Actions predefined variables. See [here](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables) for more details. ## Use Kosli in Github Actions To use Kosli in [Github Actions](https://docs.github.com/en/actions) workflows, you can use the kosli [CLI setup action](https://github.com/marketplace/actions/setup-kosli-cli) to install the CLI on your Github Actions Runner. Then, you can use all the [CLI commands](/client_reference) in your workflows. ### GitHub Secrets Keep in mind that secrets in Github actions are not automatically exported as environment variables. You need to add required secrets to your GITHUB environment explicitly. E.g. to make kosli\_api\_token secret available for all cli commands as an environment variable use following: ```yaml theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}} env: KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }} ``` ### Example Here is an example Github Actions workflow snippet using `kosli-dev/setup-cli-action` running `kosli create flow` command: ```yaml theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}} jobs: example: runs-on: ubuntu-latest env: KOSLI_API_TOKEN: ${{ secrets.MY_KOSLI_API_TOKEN }} KOSLI_ORG: my-org steps: - name: setup kosli uses: kosli-dev/setup-cli-action@v2 - name: create flow run: kosli create flow my-flow --template pull-request,artifact,test ``` For a complete example of a Github workflow using Kosli, please check the Kosli CLI's [own workflow](https://github.com/kosli-dev/cli/blob/main/.github/workflows/docker.yml). | Flag | Default | | :-------------- | :------------------------------------------ | | --build-url | `` | | --commit-url | `/-/commit/` | | --commit | `` | | --git-commit | `` | | --repository | `` | | --repo-id | `` | | --repo-url | `` | | --repo-provider | `gitlab` | | --gitlab-org | `` | Where `` are GitLab predefined variables. See [here](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) for more details. ## Use Kosli in Gitlab pipelines For a complete example of a Gitlab pipeline using Kosli, please check [this cyber-dojo pipeline](https://gitlab.com/cyber-dojo/creator/-/blob/main/.gitlab/workflows/main.yml). ### CI runner image (Alpine) The Kosli CLI repository ships an Alpine-based [`Dockerfile.alpine`](https://github.com/kosli-dev/cli/blob/main/Dockerfile.alpine) intended for use as a CI runner image. Unlike the default `ghcr.io/kosli-dev/cli` image (which has the `kosli` binary as its entrypoint), the Alpine variant has no entrypoint and bundles `git`, `curl`, and `ca-certificates` alongside the CLI — so it can be used as a general-purpose job image where you also need to clone repos, hit HTTP APIs, or run other shell tooling next to `kosli`. Build and push it to your own registry, pinning the CLI version you want: ```bash theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}} # Clone or copy Dockerfile.alpine from https://github.com/kosli-dev/cli docker build \ --build-arg KOSLI_VERSION=2.13.2 \ -f Dockerfile.alpine \ -t registry.example.com/ci/kosli-runner:2.13.2 . docker push registry.example.com/ci/kosli-runner:2.13.2 ``` Then use it as the job image in `.gitlab-ci.yml`: ```yaml theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}} variables: KOSLI_ORG: my-org KOSLI_HOST: https://app.kosli.com attest: image: registry.example.com/ci/kosli-runner:2.13.2 script: - kosli version - kosli attest generic --flow my-flow --trail "$CI_COMMIT_SHA" --name build --compliant=true # KOSLI_API_TOKEN should be set as a masked GitLab CI/CD variable ``` The image runs as the non-root `kosli` user with `/workspace` as the working directory. `KOSLI_ORG` and `KOSLI_HOST` are exposed as environment variables so they can be overridden in your CI configuration; `KOSLI_API_TOKEN` should be supplied via a masked CI variable rather than baked into the image. View defaulted Kosli command flags in Azure DevOps. | Flag | Default | | :-------------- | :------------------------------------------------------------------------------------------------------ | | --build-url | `//_build/results?buildId=` | | --commit-url | `//_git//commit/` | | --commit | `` | | --git-commit | `` | | --repository | `` | | --repo-id | `` | | --repo-url | `` | | --repo-provider | `azure-devops` | | --project | `` | | --azure-org-url | `` | Where `` are Azure DevOps predefined variables. See [here](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops\&tabs=yaml) for more details. View defaulted Kosli command flags in Bitbucket Cloud. | Flag | Default | | :-------------------- | :-------------------------------------------------------------------------------------------------------------------------- | | --build-url | `https://bitbucket.org///addon/pipelines/home#!/results/` | | --commit-url | `https://bitbucket.org///commits/` | | --commit | `` | | --git-commit | `` | | --repository | `` | | --repo-id | `` | | --repo-url | `` | | --repo-provider | `bitbucket` | | --bitbucket-workspace | `` | Where `` are Bitbucket Cloud predefined variables. See [here](https://support.atlassian.com/bitbucket-cloud/docs/variables-in-pipelines/) for more details. View defaulted Kosli command flags in AWS CodeBuild. | Flag | Default | | :----------- | :-------------------------------------------------------------------------- | | --build-url | `` | | --commit-url | `/commit(s)/` | | --commit | `` | | --git-commit | `` | | --repo-url | `` | Where `` are AWS CodeBuild predefined variables. See [here](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html) for more details. View defaulted Kosli command flags in CircleCI. | Flag | Default | | :----------- | :------------------------------------------------------------------------ | | --build-url | `` | | --commit-url | `(converted to https url)/commit(s)/` | | --commit | `` | | --git-commit | `` | | --repository | `` | | --repo-url | `` | Where `` are CircleCI predefined variables. See [here](https://circleci.com/docs/env-vars/#built-in-environment-variables) for more details. View defaulted Kosli command flags in Teamcity. | Flag | Default | | :----------- | :------------------- | | --git-commit | `` | Where `` are Teamcity predefined variables. See [here](https://www.jetbrains.com/help/teamcity/predefined-build-parameters.html) for more details.