Jenkins

Learn how to integrate Debricked with Jenkins.

Last updated 2 months ago

Was this helpful?

Jenkins

Learn how to integrate Debricked with Jenkins.

You can integrate your Jenkins pipeline with Debricked, so that a vulnerability scan is performed every time the pipeline is triggered.

Configure Debricked token

Start by . Copy the token to use it in the next step.
Create the DEBRICKED_TOKEN, which the pipeline will use. Inside Jenkins, go to your pipeline, click Add Credentials, and select the correct folder.
Create a new credential with "Kind" set to secret text.
In the secret field, insert the access token you created in the previous step. As ID, enter DEBRICKED_TOKEN and click Create. See the image below:

Configure Jenkins CI workflow or pipeline

Debricked assumes you already have a Jenkinsfile in your repository, describing a declarative pipeline. You now need to add a new stage to this pipeline.

Add the following template to the file:

Commit your changes to Jenkinsfile and watch the CI run.

Last updated 2 months ago

Was this helpful?

pipeline { agent any environment { DEBRICKED_TOKEN = credentials('DEBRICKED_TOKEN') } stages { stage('Debricked Scan') { steps { script { // Inspiration taken from https://github.com/trustin/os-maven-plugin/blob/master/src/main/java/kr/motd/maven/os/Detector.java def osName = System.getProperty("os.name").toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "") if (osName.startsWith("linux")) { osName = "linux" } else if (osName.startsWith("mac") || osName.startsWith("osx")) { osName = "macOS" } else if (osName.startsWith("windows")) { osName = "windows" } else { osName = "linux" } // Default to linux def osArch = System.getProperty("os.arch").toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "") if (osArch.matches("(x8664|amd64|ia32e|em64t|x64)")) { osArch = "x86_64" } else if (osArch.matches("(x8632|x86|i[3-6]86|ia32|x32)")) { osArch = "i386" } else if (osArch.matches("(aarch_64)")) { osArch = "arm64" } else { osArch = "x86_64" } // Default to x86 64-bit println("OS detected: " + osName + " and architecture " + osArch) sh 'curl -LsS https://github.com/debricked/cli/releases/download/release-v2/cli_' + osName + '_' + osArch + '.tar.gz | tar -xz debricked' sh './debricked scan' } } } } }