Jenkins

img

note

First time using Jenkins? Please refer to the following documentation.

Introduction#

This integration uses the CLI as a docker image for all the execution and communication with Flow.
By the end of this tutorial you will know how to:

  • Run a SAST scan
  • Run a SCA scan
  • Send diff code to Flow's security Codereview module.

Requirements#

In order to integrate with Jenkins, your environment should fullfills the followings requirements:

  1. Jenkins version 2.222.3 or higher;
  2. Docker installed;
  3. Jenkins user must have access to the Docker daemon;
  4. External access (can be restricted to specific Conviso addresses);

If you need help about docker installation you can read all the process in the links below:

Install Docker Post-Install Linux Steps

Usage#

The steps below will show what does your Jenkinsfile should have to perform our actions. These stages also can be inserted inside your current Jenkinsfile.

SAST#

The following code snippet will trigger a SAST scan and send the results to Flow.

pipeline {
agent {
docker {
image 'convisoappsec/flowcli:latest'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
environment {
FLOW_API_KEY = credentials('FLOW_API_KEY')
FLOW_PROJECT_CODE = "Please, insert your project code here"
}
stages {
stage('Conviso_SAST') {
steps {
sh 'flow sast run'
}
}
}
}

SCA#

The following code snippet will trigger a SCA scan and send the results to Flow.

pipeline {
agent {
docker {
image 'convisoappsec/flowcli:latest'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
environment {
FLOW_API_KEY = credentials('FLOW_API_KEY')
FLOW_PROJECT_CODE = "Please, insert your project code here"
}
stages {
stage('Conviso_SAST') {
steps {
sh 'flow sca run'
}
}
}
}

Continuous Codereview#

The following code snippet will send diff code to Flow's security Codereview module so you can perform a continuous codereview assessment. There are three approaches depending on how you work with your project. In a nutshell:

  • Using Tags, ordered by time
  • Using Tags, ordered by versioning style (semantic version)
  • Without using Tags, ordered by Git tree
pipeline {
agent {
docker {
image 'convisoappsec/flowcli:latest'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
environment {
FLOW_API_KEY = credentials('FLOW_API_KEY')
FLOW_PROJECT_CODE = "Please, insert your project code here"
}
stages {
stage('Conviso_CodeReview') {
steps {
//Please use only one of the following approaches in the same job
//Using Tags, ordered by time
// sh 'flow deploy create with tag-tracker sort-by time'
//Using Tags, ordered by versioning style (semantic version)
// sh 'flow deploy create with tag-tracker sort-by versioning-style'
//Without using Tags, ordered by Git tree
sh 'flow deploy create with values'
}
}
}
}