Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents
  2. Integrating iCR Into Your CI/CD Workflows
  3. GitLab CI/CD Workflow
  4. Configuring the GitLab Script variables

User Supplied Variables

PreviousEnvironment VariablesNextCreating a Personal Access Token

Last updated 2 months ago

These variables are provided by the DevOps engineer who is developing the workflow. They are needed in order to identify the iCR server to be used for analysis and its accompanying configuration parameters. They are:

  1. OR_ICR_URL Provide the URL to the location of the iCR server to be used for the analysis and review. Using examples from earlier, the url would look like: https://qa2.openrefactory.com:3001

  2. OR_ICR_USER_NAME The Navigator requires the workflow to login into iCR using a specific iCR user name. This field is a string that specifies the User Name.

  3. OR_ICR_CI_CD_ACCESS_TOKEN In concert with the OR_ICR_USER_NAME, that User needs to be authenticated before it can access iCR functionality. So that passwords are not exchanged between the yml script and iCR, an encrypted token is used. The OR_ICR_CI_CD_ACCESS_TOKEN is created by the User within the iCR Navigator. You can see how that is done in the User Guide section titled .

  4. OR_PERSONAL_ACCESS_TOKEN To authorize the workflow to operate upon the project on behalf of a specific user, that workflow needs to supply a (PAT) that authorizes access to their repositories.

  5. OR_LANGUAGE iCR supports analyses across multiple languages. This variable specifies the target language for this repository.

  6. OR_LANGUAGE_VERSION With some languages that are analyzed by iCR, such as Python, the specific version of the language or related libraries needs to be specified in order for iCR to work correctly for the target source. For example, if you are using Python 3.7, then the string 3.7 is assigned.

  7. OR_MAIL_ADDRESS When the analysis triggered by this workflow completes, the User, upon whose behalf this analysis was performed, will receive an email notification letting them know it is complete. That User’s email will be entered here. An email address MUST be provided to allow a way for iCR to notify the User in the event of either success of some kind of failure. If no address is provided the workflow will not proceed.

The Navigator top banner
Personal Access Token