Skip to content
OpenSploit
app.header.homeapp.header.docs

GitLab

Use OpenSploit in GitLab issues and merge requests.

OpenSploit integrates with your GitLab workflow through your GitLab CI/CD pipeline or with GitLab Duo.

In both cases, OpenSploit will run on your GitLab runners.

GitLab CI

OpenSploit works in a regular GitLab pipeline. You can build it into a pipeline as a CI component

Here we are using a community-created CI/CD component for OpenSploit — nagyv/gitlab-opensploit.

Features

  • Use custom configuration per job: Configure OpenSploit with a custom configuration directory, for example ./config/#custom-directory to enable or disable functionality per OpenSploit invocation.
  • Minimal setup: The CI component sets up OpenSploit in the background, you only need to create the OpenSploit configuration and the initial prompt.
  • Flexible: The CI component supports several inputs for customizing its behavior

Setup

  1. Store your OpenSploit authentication JSON as a File type CI environment variables under Settings > CI/CD > Variables. Make sure to mark them as “Masked and hidden”.

  2. Add the following to your .gitlab-ci.yml file.

    .gitlab-ci.yml
    include:
      - component: $CI_SERVER_FQDN/nagyv/gitlab-opensploit/opensploit@2
        inputs:
          config_dir: ${CI_PROJECT_DIR}/opensploit-config
          auth_json: $OPENCODE_AUTH_JSON # The variable name for your OpenSploit authentication JSON
          command: optional-custom-command
          message: "Your prompt here"

For more inputs and use cases check out the docs for this component.

GitLab Duo

OpenSploit integrates with your GitLab workflow. Mention @opensploit in a comment, and OpenSploit will execute tasks within your GitLab CI pipeline.

Features

  • Triage issues: Ask OpenSploit to look into an issue and explain it to you.
  • Fix and implement: Ask OpenSploit to fix an issue or implement a feature. It will create a new branch and raise a merge request with the changes.
  • Secure: OpenSploit runs on your GitLab runners.

Setup

OpenSploit runs in your GitLab CI/CD pipeline, here’s what you’ll need to set it up:

  1. Configure your GitLab environment

  2. Set up CI/CD

  3. Get an AI model provider API key

  4. Create a service account

  5. Configure CI/CD variables

  6. Create a flow config file, here’s an example:

    Flow configuration
    image: node:22-slim
    commands:
      - echo "Installing opensploit"
      - npm install --global opensploit
      - echo "Installing glab"
      - export GITLAB_TOKEN=$GITLAB_TOKEN_OPENCODE
      - apt-get update --quiet && apt-get install --yes curl wget gpg git && rm --recursive --force /var/lib/apt/lists/*
      - curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
      - apt-get install --yes glab
      - echo "Configuring glab"
      - echo $GITLAB_HOST
      - echo "Creating OpenSploit auth configuration"
      - mkdir --parents ~/.local/share/opensploit
      - |
        cat > ~/.local/share/opensploit/auth.json << EOF
        {
          "anthropic": {
            "type": "api",
            "key": "$ANTHROPIC_API_KEY"
          }
        }
        EOF
      - echo "Configuring git"
      - git config --global user.email "opensploit@gitlab.com"
      - git config --global user.name "OpenSploit"
      - echo "Testing glab"
      - glab issue list
      - echo "Running OpenSploit"
      - |
        opensploit run "
        You are an AI assistant helping with GitLab operations.
    

        Context: $AI_FLOW_CONTEXT
        Task: $AI_FLOW_INPUT
        Event: $AI_FLOW_EVENT
    

        Please execute the requested task using the available GitLab tools.
        Be thorough in your analysis and provide clear explanations.
    

        <important>
        Please use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
    

        If you are asked to summarize an MR or issue or asked to provide more information then please post back a note to the MR/Issue so that the user can see it.
        You don't need to commit or push up changes, those will be done automatically based on the file changes you make.
        </important>
        "
      - git checkout --branch $CI_WORKLOAD_REF origin/$CI_WORKLOAD_REF
      - echo "Checking for git changes and pushing if any exist"
      - |
        if ! git diff --quiet || ! git diff --cached --quiet || [ --not --zero "$(git ls-files --others --exclude-standard)" ]; then
          echo "Git changes detected, adding and pushing..."
          git add .
          if git diff --cached --quiet; then
            echo "No staged changes to commit"
          else
            echo "Committing changes to branch: $CI_WORKLOAD_REF"
            git commit --message "Codex changes"
            echo "Pushing changes up to $CI_WORKLOAD_REF"
            git push https://gitlab-ci-token:$GITLAB_TOKEN@$GITLAB_HOST/gl-demo-ultimate-dev-ai-epic-17570/test-java-project.git $CI_WORKLOAD_REF
            echo "Changes successfully pushed"
          fi
        else
          echo "No git changes detected, skipping push"
        fi
    variables:
      - ANTHROPIC_API_KEY
      - GITLAB_TOKEN_OPENCODE
      - GITLAB_HOST

You can refer to the GitLab CLI agents docs for detailed instructions.

Examples

Here are some examples of how you can use OpenSploit in GitLab.

  • Explain an issue

    Add this comment in a GitLab issue.

    @opensploit explain this issue

    OpenSploit will read the issue and reply with a clear explanation.

  • Fix an issue

    In a GitLab issue, say:

    @opensploit fix this

    OpenSploit will create a new branch, implement the changes, and open a merge request with the changes.

  • Review merge requests

    Leave the following comment on a GitLab merge request.

    @opensploit review this merge request

    OpenSploit will review the merge request and provide feedback.