CI/CD integration with CLI Now you can start online scans with the new CLI command:
Method 1: Scan repo using our cluster
cdefense online
Options:
cdefense online --api-key={} --repository-url={} --branch-name= {optional} --tag={optional} (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)
Example:
cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url= --branch-name= example --tag=example (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)
Command will return exit status 1 if build policy was failed.
Scan private repo
We also support private repositories. To do this you need to provide API key related to account where integration is configured or provide an access token into repository URL:
GitHub:
https://{private-access-token}@github.com/username/repo.git
GitLab:
https://oauth2:{personal-access-token}@gitlab.com/username/repo.git
https://{username}:{password}@gitlab.com/username/repo.git
Azure Repo:
https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo
Bitbucket:
https://{username}:{access_token}@bitbucket.org/username/repo.git
Example output
Without verbose:
Copy // cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado
2022/07/15 16:59:52 [INFO] Connecting to server...
2022/07/15 16:59:53 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization
2022/07/15 16:59:53 [INFO] Running full online scan...
2022/07/15 17:01:19 [INFO] Scan was finished
2022/07/15 17:01:19 [INFO] Build policy status: FAILURE
Failed build policy results:
/app/pom.xml : java_maven:
- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1
- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1
[INFO] Scan started at 16:59:52 finished at 17:01:19
[INFO] Total scan time: 1m27s
With verbose:
Copy // cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose
2022/07/15 17:00:16 [INFO] Connecting to server...
2022/07/15 17:00:16 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization
2022/07/15 17:00:17 [INFO] Running full online scan...
2022/07/15 17:01:43 [INFO] Scan was finished
2022/07/15 17:01:43 [INFO] Build policy status: FAILURE
{
"/app/pom.xml : java_maven": {
"failureBuildPolicyResults": [
{
"message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",
"rule": {
"operand": "CWE",
"operator": "PART_OF_OWASP",
"value": "Injection"
},
"count": 1
},
{
"message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",
"rule": {
"operand": "TITLE",
"operator": "CONTAINS",
"value": "inje"
},
"count": 1
}
],
"passedBuildPolicyResults": [
{
"message": "Success",
"rule": {
"operand": "CRITICAL_SEVERITY_COUNT",
"operator": "GREATER_THAN",
"value": "1"
},
"count": 1
},
{
"message": "Success",
"rule": {
"operand": "CWE",
"operator": "PART_OF_OWASP",
"value": "Broken Authentication"
},
"count": 0
},
{
"message": "Success",
"rule": {
"operand": "CWE_ID",
"operator": "CONTAINS",
"value": "264"
},
"count": 0
}
]
}
}
[INFO] Scan started at 17:00:16 finished at 17:01:43
[INFO] Total scan time: 1m27s
Method 2: Scan repo on your system, but download repo from external (any git)
Example:
Copy cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={optional} --tag={optional} Method 3: Scan repo on your system, but copy project from your PC
Example:
Copy cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --
repo-url=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}
Command will push data to console.clouddefenseai.com
