Jenkins

Learn how to integrate OpenText Core SCA with Jenkins.

You can integrate your Jenkins pipeline with OpenText Core SCA, so that a vulnerability scan is performed every time the pipeline is triggered.

Configure OpenText Core SCA token

Start by generating an access token. Copy the token to use it in the next step.
Create the DEBRICKED_TOKEN, which the pipeline will use. Inside Jenkins, go to your pipeline, click Add Credentials, and select the correct folder.
Create a new credential with "Kind" set to secret text.
In the secret field, insert the access token you created in the previous step. As ID, enter DEBRICKED_TOKEN and click Create. See the image below:

Image show setting up Jenkins credentials for Debricked Scan

Configure Jenkins CI workflow or pipeline

OpenText Core SCA assumes you already have a Jenkinsfile in your repository, describing a declarative pipeline. You now need to add a new stage to this pipeline.

Add the following template to the file:

https://github.com/debricked/cli/blob/main/examples/templates/Jenkins/Jenkinsfile

pipeline {
    agent any
    
   environment {
        DEBRICKED_TOKEN = credentials('DEBRICKED_TOKEN')
    }

    stages {
        stage('Debricked Scan') {
            steps {
                script {
                    // Inspiration taken from https://github.com/trustin/os-maven-plugin/blob/master/src/main/java/kr/motd/maven/os/Detector.java
                    def osName = System.getProperty("os.name").toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "")
                    if (osName.startsWith("linux")) { osName = "linux" }
                    else if (osName.startsWith("mac") || osName.startsWith("osx")) { osName = "macOS" }
                    else if (osName.startsWith("windows")) { osName = "windows" }
                    else { osName = "linux" } // Default to linux

                    def osArch = System.getProperty("os.arch").toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "")
                    if (osArch.matches("(x8664|amd64|ia32e|em64t|x64)")) { osArch = "x86_64" }
                    else if (osArch.matches("(x8632|x86|i[3-6]86|ia32|x32)")) { osArch = "i386" }
                    else if (osArch.matches("(aarch_64)")) { osArch = "arm64" }
                    else { osArch = "x86_64" } // Default to x86 64-bit

                    println("OS detected: " + osName + " and architecture " + osArch)
                    sh 'curl -LsS https://github.com/debricked/cli/releases/download/release-v2/cli_' + osName + '_' + osArch + '.tar.gz | tar -xz debricked'
                    sh './debricked scan'
                }
            }
        }
    }
}

Commit your changes to Jenkinsfile and watch the CI run.

Last updated 7 months ago

Was this helpful?