Jenkins
Learn how to integrate OpenText Core SCA with Jenkins.
Last updated
Was this helpful?
Learn how to integrate OpenText Core SCA with Jenkins.
Last updated
Was this helpful?
You can integrate your Jenkins pipeline with OpenText Core SCA, so that a vulnerability scan is performed every time the pipeline is triggered.
Start by generating an access token. Copy the token to use it in the next step.
Create the DEBRICKED_TOKEN, which the pipeline will use. Inside Jenkins, go to your pipeline, click Add Credentials, and select the correct folder.
Create a new credential with "Kind" set to secret text.
In the secret field, insert the access token you created in the previous step. As ID, enter DEBRICKED_TOKEN and click Create. See the image below:
OpenText Core SCA assumes you already have a Jenkinsfile in your repository, describing a declarative pipeline. You now need to add a new stage to this pipeline.
Add the following template to the file:
Commit your changes to Jenkinsfile and watch the CI run.
pipeline {
agent any
environment {
DEBRICKED_TOKEN = credentials('DEBRICKED_TOKEN')
}
stages {
stage('Debricked Scan') {
steps {
script {
// Inspiration taken from https://github.com/trustin/os-maven-plugin/blob/master/src/main/java/kr/motd/maven/os/Detector.java
def osName = System.getProperty("os.name").toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "")
if (osName.startsWith("linux")) { osName = "linux" }
else if (osName.startsWith("mac") || osName.startsWith("osx")) { osName = "macOS" }
else if (osName.startsWith("windows")) { osName = "windows" }
else { osName = "linux" } // Default to linux
def osArch = System.getProperty("os.arch").toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "")
if (osArch.matches("(x8664|amd64|ia32e|em64t|x64)")) { osArch = "x86_64" }
else if (osArch.matches("(x8632|x86|i[3-6]86|ia32|x32)")) { osArch = "i386" }
else if (osArch.matches("(aarch_64)")) { osArch = "arm64" }
else { osArch = "x86_64" } // Default to x86 64-bit
println("OS detected: " + osName + " and architecture " + osArch)
sh 'curl -LsS https://github.com/debricked/cli/releases/download/release-v2/cli_' + osName + '_' + osArch + '.tar.gz | tar -xz debricked'
sh './debricked scan'
}
}
}
}
}