Azure Pipelines Integration
Introduction
Integrate the Conviso Platform seamlessly into your Azure DevOps Pipelines to automate and streamline your security processes. This integration ensures thorough security assessments for your applications throughout the development lifecycle.
You can run the Conviso Platform AST (Application Security Testing), which offers Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Code Review directly on your Azure Pipelines.
This integration provides the CLI as a Docker image for executing tasks and establishing connections with the Conviso Platform.
Prerequisites
Before using Conviso Platform with Azure Pipelines, you must ensure that:
You have your Conviso API Key, a code that identifies you to Conviso Platform. Find yours using this tutorial.
A new pipeline is created to run the automation. Follow these steps:
- Click on "Pipelines" in the left-hand menu.
- Click "New Pipeline" and configure it based on your project type.
- You will arrive at your pipeline's
YAML document.
'Azure Pipelines page for “create a new pipeline')- Set two environment variables for the runner:
CONVISO_API_KEY. To set a variable for a build pipeline:
- Go to the Pipelines page, select the relevant pipeline, and click "Edit."
- Locate the Variables section for that pipeline.
- Add or update the variable, optionally marking it as secret.
- Save the pipeline changes.
'Azure Pipelines page for "review your yaml pipeline"')Usage
By the end of this tutorial, you will know how to:
Learn more about Conviso Platform integrations!
Perform a Conviso AST scan to analyze your application's security
Empower your security analysis with Application Security Testing (AST) by directly incorporating the Conviso AST scan into your pipeline. This versatile tool offers SAST, SCA, and Code Review capabilities, all integrated within your pipeline.
Follow the script below to integrate Security Code Review seamlessly into your pipeline, creating a comprehensive solution within your azure-pipelines.yml file:
trigger:
- master
jobs:
- job: Conviso_Appsec_AST
pool:
vmImage: ubuntu-latest
container:
image: 'convisoappsec/convisocli'
steps:
- checkout: self
persistCredentials: true
- bash: |
conviso ast run
displayName: 'Running Conviso AST'
env:
CONVISO_API_KEY: $(CONVISO_API_KEY)
The identified vulnerabilities will be automatically sent the new Asset created on Conviso Platform.
Troubleshooting
If you encounter authentication issues after loading the CONVISO_API_KEY variable, please ensure it has been properly loaded within the environment session of all tasks utilizing the CLI.
Support
If you have any questions or need help using our product, please don't hesitate to contact our support team.
Resources
By exploring our content, you'll find resources to help you to understand the benefits of the Conviso Platform integrations for Secure CI/CD Pipeline:
AppSec: Integrations with CI/CD tools through Conviso Platform: Follow this article to understand how we can integrate your main tools within a single platform.
