1. Documentation
  2. Continuous Fuzzing

CI Daemon /CI Server options

The CI Daemon supports quite a few options. Some of them are used often, others are hardly used. This article provides a complete list of all options. For most use cases there exists a step-by-step article that explains necessary options. Normally  for most of the options the defaults don't need to be modified.

The options can be passed to CI Daemon in three ways, listed by descending priority:
  1. command-line argument
  2. config file
  3. environment variable

Settings by command-line argument will overwrite config file settings and environment variables. The config file overwrites environment variables.


## Sets up the authentication method
auth:
## Required
## The server cookies store secret
## Change me!
server_secret: ieGah7kaairiiv6Enahm9OhvTheich7g#Change me!
jwt_signing_key: ooW4Zee9Eijaet7aSoodui9peeF6nij4#no default value

## one of the following methods would be required.
##Otherwise, the user has no way to login
#github:
#enable: true #default value: true
#id: <app ID> #no default value
#secret: <app Secret> #no default value
#gitlab:
#enable: true #default value: true
#id: <app ID> #no default value
#secret: <app Secret> #no default value
## For on premise gitlabs
#domain: <gitlab custom installation domain> #no default value
#ca_path: <gitlab custom installation ca file> #no default value
#bitbucket:
#enable: true #default value: true
#id: <app ID> #no default value
#secret: <app Secret> #no default value

ci:
## If set true, the daemon would run in server mode,
## enabling authentication services
server: false #default value: false

## The URL/Public IP on which the http gatway receives requests on (public IP/domain)
## The server would be reachable with the https protocol if TLS is set. Otherwise, with http
## the ports are default to 80/443 for http/https and 6773 for GRPC.
origin: 127.0.0.1#default value: 127.0.0.1
##Cert file to use for serving with TLS
cert_file: #no default value
##Cert key to use for serving with TLS
cert_key: #no default value
##Http port to listen on
http_port: 80#default value: 80
##Https port to listen on
https_port: 443#default value: 443
##Grpc port to listen on
grpc_port: 6773#default value: 6773

users:
allowed:
## A list of allowed users either by email or ID used at the upstream VCS
## See backend: on_premise to allow everyone
- 12345678@github #developer1
- 23456789@github #developer2

backend:
## Set to true only if the installation is on premise and secure.
## Anyone with access to the webinterface will be able to log in.
## The above list of allowed users is ignored.
on_premise: false#default value: false
# The backend used by the running daemon #TODO: WHAT?
#ci_backend: k8s #default value: k8s
## Optional for email notifications

#notification:
#smtp:
#server: smtp.mydomain.com
#port: 587
#sender_identity: smtp_identity
#sender_username: smtp_username
#sender_password: smtp_password
#email_notifier_sender_address: test@mydomain.com
#email_notifier_sender_name: CI/CD notifier
##Directory where the email templates are located
#email_templates_dir: /templates #default value: /templates

#data_directory:
#root_link: true #default value: true

## During project build multiple copies of the project need to be created.
## Instead of actual copies symlinks can be used to save storage.
## auto will select the best working copy policy depending on the build system
## of the project
## allowed values: copy, symlink, auto
#copy:
#policy: auto #default value: auto

#mongodb_persister:
#host: #no default value
#port: #default value: 27017
#username: #no default value
#password: #no default value
#db_name: #default value: code_intelligence

#persister:
#backend: mongodb #default value: mongodb

#fuzzers:
#networking: private #default value: private
#builders:
## The network mode on which the fuzzers would run.
## private: The builder will connect on a private edge network, on which only builders are connected
## public (default): The builder will be on the default docker edge network, which has internet access
## host: The builder uses the host network, which might conflict with other builders and services
#networking: public
#port_range: <min_port>:<max_port>

#ci_controller:
#wait_for_daemon: no #default value: no

#mongodb_container:
#create: yes #default value: yes
#host_ip: 127.0.0.1 #default value: 127.0.0.1
#secure: yes #default value: yes
#keep_alive: no #default value: no

#debug:
## Causes the container which would build the project / fuzz targets to not actually build anything,
## but just sleep forever, so that you can connect to it and debug things
#debug_builder_sleep_forever: false #default value: false

 

 --alsologtostderr log to standard error as well as files
--fuzzing_network_mode string The network mode on which the fuzzers would run. If an invalid configuration is passed, the default will be used. Available options are:
- private (default): The fuzzers will connect on a private edge network that allows them to communicate with each other, but not the host nor the outside world
- public: The fuzzers will connect on a private edge network which also allows them to communicate with the host as well as the outside world
- host: The fuzzers will run on the local host network. They will have the same network access as the underlying host, and share the same port space among themselves and the host
--gateway_listen_address string The address the REST HTTP daemon should listen on (default "127.0.0.1:6775")
--insecure_disable_auth Accept unauthenticated requests. WARNING: This will also allow websites to send requests to the daemon.
--listen_address string The address the gRPC API daemon should listen on (default "127.0.0.1:6773")
--listen_http Listen on HTTP (via the gRPC REST gateway) (default true)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory
--logging_interceptor_max_string_size int The maximum size for request and response strings in the logging interceptor. <= 0 for unlimited size (default 1000)
--logtostderr log to standard error instead of files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--testify.m string regular expression to select tests of the testify suite to run
-v, --v Level log level for V logs
--version Print version
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging

Additional CI-Daemon Flags:
--ci_data_dir (String) (Env: CI_DATA_DIR) The directory used for storing artifacts (default value: ~/.local/share/code-intelligence)
--ci_projects_dir (String) (Env: CI_PROJECTS_DIR) The directory for checking out code of remote location projects (e.g git address) (default value: ~/.local/share/ci-checkouts)
--ci_cache_dir (String) (Env: CI_CACHE_DIR) The directory used for caching build action results (default value: ~/.cache/code-intelligence)
backend:
--backend_ci_backend (String) (Env: CI_BACKEND) The backend used by the running daemon (default value: k8s)
--backend_on_premise (Bool) (Env: CI_ON_PREMISE) When enabled, on premise features are enabled such as disabling the allow list for the users service. (default value: false)
data_directory:
--data_directory_root_link (Bool) Configuration file section: data_directory, key: root_link. Environment variable: CI_DATA_DIR_ROOT_LINK (default value: true)
copy:
--copy_policy (String) (Env: CI_COPY_POLICY) defines which policy to use when creating copies of the project to build (default value: auto)
mongodb_persister:
--mongodb_persister_host (String) Configuration file section: mongodb_persister, key: host. Environment variable: CI_MONGODB_ADDRESS (no default value)
--mongodb_persister_port (Int) Configuration file section: mongodb_persister, key: port. Environment variable: CI_MONGODB_PORT (default value: 27017)
--mongodb_persister_username (String) Configuration file section: mongodb_persister, key: username. Environment variable: CI_MONGODB_USER (no default value)
--mongodb_persister_password (String) Configuration file section: mongodb_persister, key: password. Environment variable: CI_MONGODB_PASSWORD (no default value)
--mongodb_persister_db_name (String) Configuration file section: mongodb_persister, key: db_name. Environment variable: CI_MONGODB_NAME (default value: code_intelligence)
notification:
smtp:
--smtp_sender_identity (String) (Env: SMTP_IDENTITY) The identity used by the SMTP sender. E.g notifications@code-intelligence.com (default value: notifications@code-intelligence.com)
--smtp_sender_username (String) (Env: SMTP_USERNAME) The username to authenticate with at the SMTP server (default value: AKIAV4BPS7JMAF3LHC47)
--smtp_sender_password (String) (Env: SMTP_PASSWORD) The password to authenticate with at the SMTP server (no default value)
--smtp_server (String) (Env: SMTP_SERVER) The server to authenticate against for sending SMTP (default value: email-smtp.eu-central-1.amazonaws.com)
--smtp_port (Int) (Env: SMTP_PORT) The port of the SMTP server (default value: 587)
--notification_email_notifier_sender_address (String) (Env: CI_EMAIL_NOTIFIER_SENDER_ADDRESS) Email address used to send notifications (default value: notifications-noreply@code-intelligence.com)
--notification_email_notifier_sender_name (String) (Env: CI_EMAIL_NOTIFIER_SENDER_NAME) Friendly name used by the email that sends notifications (default value: Code-Intelligence Notifications)
--notification_email_templates_dir (String) (Env: CI_EMAIL_TEMPLATES_DIR) Directory where the email templates are located (default value: /templates)
persister:
--persister_backend (String) Configuration file section: persister, key: backend. Environment variable: CI_PERSISTER_BACKEND (default value: mongodb)
fuzzers:
--fuzzers_networking (String) Configuration file section: fuzzers, key: networking. Environment variable: CI_FUZZERS_NETWORK (default value: private)
builders:
--builders_networking (String) (Env: CI_BUILDERS_NETWORK) The network mode on which the fuzzers would run. Available options are:
- private: The builder will connect on a private edge network, on which only builders are connected
- public (default): The builder will be on the default docker edge network, which has internet access
- host: The builder uses the host network, which might conflict with other builders and services (default value: public)
ci_controller:
--ci_controller_wait_for_daemon (String) Configuration file section: ci_controller, key: wait_for_daemon. Environment variable: CI_CONTROLLER_WAIT (default value: no)
mongodb_container:
--mongodb_container_create (String) Configuration file section: mongodb_container, key: create. Environment variable: CI_MDBCONTAINER_CREATE (default value: yes)
--mongodb_container_host_ip (String) Configuration file section: mongodb_container, key: host_ip. Environment variable: CI_MDBCONTAINER_ADDRESS (default value: 127.0.0.1)
--mongodb_container_secure (String) Configuration file section: mongodb_container, key: secure. Environment variable: CI_MDBCONTAINER_SECURE (default value: yes)
--mongodb_container_keep_alive (String) Configuration file section: mongodb_container, key: keep_alive. Environment variable: CI_MDBCONTAINER_KEEPALIVE (default value: no)
debug:
--debug_debug_builder_sleep_forever (Bool) Configuration file section: debug, key: debug_builder_sleep_forever. Environment variable: CI_DEBUG_BUILDER_SLEEP_FOREVER (default value: false)
ci:
--ci_server (Bool) (Env: CI_SERVER_MODE) If set true, the daemon would run in server mode, enabling authentication services (default value: false)
--ci_origin (String) (Env: CI_SERVER_ORIGIN) The URL/Public IP the daemon would be serving and receiving requests on (grpc and HTTP) (default value: 127.0.0.1)
--ci_cert_file (String) (Env: CI_CERT_FILE) server mode: Cert file to use for serving with TLS (no default value)
--ci_cert_key (String) (Env: CI_CERT_KEY) server mode: Cert key to use for serving with TLS (no default value)
--ci_http_port (Int) (Env: CI_HTTP_PORT) server mode: Http port to listen on (default value: 80)
--ci_https_port (Int) (Env: CI_HTTPS_PORT) server mode: Https port to listen on (default value: 443)
--ci_grpc_port (Int) (Env: CI_GRPC_PORT) server mode: Grpc port to listen on (default value: 6773)
auth:
--auth_jwt_signing_key (String) Configuration file section: auth, key: jwt_signing_key. Environment variable: CI_AUTH_JWT_SIGNING_KEY (no default value)
--auth_server_secret (String) Configuration file section: auth, key: server_secret. Environment variable: CI_AUTH_SERVER_SECRET (no default value)
github:
--github_enable (Bool) Configuration file section: github, key: enable. Environment variable: CI_AUTH_ENABLE_GITHUB (default value: true)
--github_id (String) Configuration file section: github, key: id. Environment variable: CI_AUTH_GITHUB_CLIENT_ID (no default value)
--github_secret (String) Configuration file section: github, key: secret. Environment variable: CI_AUTH_GITHUB_CLIENT_SECRET (no default value)
bitbucket:
--bitbucket_enable (Bool) Configuration file section: bitbucket, key: enable. Environment variable: CI_AUTH_ENABLE_ATLASSIAN (default value: true)
--bitbucket_id (String) Configuration file section: bitbucket, key: id. Environment variable: CI_AUTH_BITBUCKET_CLIENT_ID (no default value)
--bitbucket_secret (String) Configuration file section: bitbucket, key: secret. Environment variable: CI_AUTH_BITBUCKET_CLIENT_SECRET (no default value)
gitlab:
--gitlab_enable (Bool) Configuration file section: gitlab, key: enable. Environment variable: CI_AUTH_ENABLE_GITLAB (default value: true)
--gitlab_id (String) Configuration file section: gitlab, key: id. Environment variable: CI_AUTH_GITLAB_CLIENT_ID (no default value)
--gitlab_secret (String) Configuration file section: gitlab, key: secret. Environment variable: CI_AUTH_GITLAB_CLIENT_SECRET (no default value)
--gitlab_domain (String) (Env: CI_AUTH_GITLAB_CUSTOM_DOMAIN) The backend to communicate with for OAuth (no default value)
--gitlab_ca_path (String) (Env: CI_AUTH_GITLAB_ROOT_CAS) CA file path to use to communicate with the backend (no default value)
users:
--users_allowed ([]String) (Env: CI_ALLOWED_USERS) A list of allowed users to sign up. This is complimentary to the DB list and can contain either emails or user IDs (no default value)
--fuzzers_port_range=<min_port>:<max_port> Port range the (web application) fuzzers will use to connect to the java agent