← H3x Kitty Inc.

Setup H3x Kitty in GitLab

1. Enable SAST in GitLab

First, you need to have an Ultimate subscription for GitLab to review results of H3x Kitty SAST in their interface. Otherwise, GitLab only allows you to download a report after scanning your code with H3x Kitty SAST. Here is the comparison of GitLab tiers for SAST.

2. Configure .gitlab-ci.yml

Add the H3x Kitty job to your .gitlab-ci.yml file stored in the root directory of the repository:

sast:
    stage: test
    image:
        name: h3xkitty/h3x_kitty:latest
    variables:
        LICENSE_KEY: H3X_KITTY_FREE_LICENSE
        ENABLE_METRICS: true
    script:
    - echo "Starting to scan Flutter code with H3x Kitty..."
    allow_failure: true
    artifacts:
        reports:
            sast: gl-sast-report.json

Security hint: If you run with a PRO key, it's recommended to save it in your project's secure storage (Vault, GitLab CI/CD variables, etc.)