CloudDefense.AI
  • Connect Repositories
    • Scan a Github/Gitlab
    • Scan an Azure DevOps repository
    • Scan a Bitbucket repository
  • Scans
    • Written code Scan (SAST)
    • Open Source Libraries Scan (SCA)
    • Secrets Scan
    • DAST Scans
    • API Scan from CloudDefense UI
  • CI/CD
    • GitHub Enterprise Actions
    • Methods for CI/CD integration with CLI
    • CI/CD Policies
    • Jenkins integration with cdefence
  • Integration
    • IaC on GCR Scan
    • IaC on Amazon ECR Scan
    • IaC on Docker Hub Scan
    • Integration with ServiceNow
    • Integration with Jira
    • SSO Okta App Integration
    • Set up CloudDefense Single Sign-On (SSO)
    • SIEM
      • Azure Sentinel
      • IBM Qradar
      • Micro Focus ArcSight Logger
  • Features
    • Sharing Integration
    • How to Enable Multi-Factor Authentication
    • AUTO PR
    • Remediation using SAST Recommendations
    • Global Allowed List and Local allowed list - Documentation
    • File Exclude
  • CloudDefense CLI
    • Cloud Defense CLI
  • On-Prem Installation
    • Install CloudDefense Helm on a Kubernetes Cluster
    • Install CloudDefense suite on a Kubernetes cluster
  • Others
    • Team Management
    • User Management
    • App Management
    • LogIn/Signup process
Powered by GitBook
On this page
  • Method 1: Scan repo using our cluster
  • cdefense online
  • Options:
  • Example:
  • Scan private repo
  • Example output
  • Method 2: Scan repo on your system, but download repo from external (any git)
  • Method 3: Scan repo on your system, but copy project from your PC
  1. CI/CD

Methods for CI/CD integration with CLI

PreviousGitHub Enterprise ActionsNextCI/CD Policies

Last updated 2 years ago

CI/CD integration with CLI Now you can start online scans with the new CLI command:

Method 1: Scan repo using our cluster

cdefense online

Options:

cdefense online --api-key={} --repository-url={} --branch-name= {optional} --tag={optional} (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)

Example:

cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url= --branch-name= example --tag=example (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)

Command will return exit status 1 if build policy was failed.

Scan private repo

We also support private repositories. To do this you need to provide API key related to account where integration is configured or provide an access token into repository URL:

GitHub:

https://{private-access-token}@github.com/username/repo.git

GitLab:

https://oauth2:{personal-access-token}@gitlab.com/username/repo.git

https://{username}:{password}@gitlab.com/username/repo.git

Azure Repo:

https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo

Bitbucket:

https://{username}:{access_token}@bitbucket.org/username/repo.git

Example output

Without verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado 
2022/07/15 16:59:52 [INFO] Connecting to server... 
2022/07/15 16:59:53 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization 
2022/07/15 16:59:53 [INFO] Running full online scan... 
2022/07/15 17:01:19 [INFO] Scan was finished 
2022/07/15 17:01:19 [INFO] Build policy status: FAILURE
Failed build policy results:
 /app/pom.xml : java_maven: 
- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1 
- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1
[INFO] Scan started at 16:59:52 finished at 17:01:19 
[INFO] Total scan time: 1m27s

With verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose
2022/07/15 17:00:16 [INFO] Connecting to server...
2022/07/15 17:00:16 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization
2022/07/15 17:00:17 [INFO] Running full online scan...
2022/07/15 17:01:43 [INFO] Scan was finished
2022/07/15 17:01:43 [INFO] Build policy status: FAILURE
{
  "/app/pom.xml : java_maven": {
    "failureBuildPolicyResults": [
      {
        "message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",
        "rule": {
          "operand": "CWE",
          "operator": "PART_OF_OWASP",
          "value": "Injection"
        },
        "count": 1
      },
      {
        "message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",
        "rule": {
          "operand": "TITLE",
          "operator": "CONTAINS",
          "value": "inje"
        },
        "count": 1
      }
    ],
    "passedBuildPolicyResults": [
      {
        "message": "Success",
        "rule": {
          "operand": "CRITICAL_SEVERITY_COUNT",
          "operator": "GREATER_THAN",
          "value": "1"
        },
        "count": 1
      },
      {
        "message": "Success",
        "rule": {
          "operand": "CWE",
          "operator": "PART_OF_OWASP",
          "value": "Broken Authentication"
        },
        "count": 0
      },
      {
        "message": "Success",
        "rule": {
          "operand": "CWE_ID",
          "operator": "CONTAINS",
          "value": "264"
        },
        "count": 0
      }
    ]
  }
} 
[INFO] Scan started at 17:00:16 finished at 17:01:43
[INFO] Total scan time: 1m27s

Method 2: Scan repo on your system, but download repo from external (any git)

Example:

cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

Method 3: Scan repo on your system, but copy project from your PC

Example:

cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --
repo-url=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

Command will push data to console.clouddefenseai.com

https://github.com/mono/mono