Methods for CI/CD integration with CLI

CI/CD integration with CLI Now you can start online scans with the new CLI command:

Method 1: Scan repo using our cluster

`cdefense online`

Options:

cdefense online --api-key={} --repository-url={} --branch-name= {optional} --tag={optional} (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)

`Example:`

cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://github.com/mono/mono --branch-name= example --tag=example (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)

Command will return exit status 1 if build policy was failed.

`Scan private repo`

We also support private repositories. To do this you need to provide API key related to account where integration is configured or provide an access token into repository URL:

GitHub:

https://{private-access-token}@github.com/username/repo.git

`GitLab:`

https://oauth2:{personal-access-token}@gitlab.com/username/repo.git

https://{username}:{password}@gitlab.com/username/repo.git

`Azure Repo:`

https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo

`Bitbucket:`

https://{username}:{access_token}@bitbucket.org/username/repo.git

`Example output`

`Without verbose:`

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado 
2022/07/15 16:59:52 [INFO] Connecting to server... 
2022/07/15 16:59:53 [INFO] Welcome [[email protected]]. You have been successfully connected to [Cloud Defense] organization 
2022/07/15 16:59:53 [INFO] Running full online scan... 
2022/07/15 17:01:19 [INFO] Scan was finished 
2022/07/15 17:01:19 [INFO] Build policy status: FAILURE
Failed build policy results:
 /app/pom.xml : java_maven: 
- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1 
- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1
[INFO] Scan started at 16:59:52 finished at 17:01:19 
[INFO] Total scan time: 1m27s

With verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose
2022/07/15 17:00:16 [INFO] Connecting to server...
2022/07/15 17:00:16 [INFO] Welcome [[email protected]]. You have been successfully connected to [Cloud Defense] organization
2022/07/15 17:00:17 [INFO] Running full online scan...
2022/07/15 17:01:43 [INFO] Scan was finished
2022/07/15 17:01:43 [INFO] Build policy status: FAILURE
{
  "/app/pom.xml : java_maven": {
    "failureBuildPolicyResults": [
      {
        "message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",
        "rule": {
          "operand": "CWE",
          "operator": "PART_OF_OWASP",
          "value": "Injection"
        },
        "count": 1
      },
      {
        "message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",
        "rule": {
          "operand": "TITLE",
          "operator": "CONTAINS",
          "value": "inje"
        },
        "count": 1
      }
    ],
    "passedBuildPolicyResults": [
      {
        "message": "Success",
        "rule": {
          "operand": "CRITICAL_SEVERITY_COUNT",
          "operator": "GREATER_THAN",
          "value": "1"
        },
        "count": 1
      },
      {
        "message": "Success",
        "rule": {
          "operand": "CWE",
          "operator": "PART_OF_OWASP",
          "value": "Broken Authentication"
        },
        "count": 0
      },
      {
        "message": "Success",
        "rule": {
          "operand": "CWE_ID",
          "operator": "CONTAINS",
          "value": "264"
        },
        "count": 0
      }
    ]
  }
} 
[INFO] Scan started at 17:00:16 finished at 17:01:43
[INFO] Total scan time: 1m27s

Method 2: Scan repo on your system, but download repo from external (any git)

Example:

cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

Method 3: Scan repo on your system, but copy project from your PC

Example:

cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --
repo-url=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

Command will push data to console.clouddefenseai.com

PreviousGitHub Enterprise Actions NextCI/CD Policies

Last updated 2 years ago

hashtagMethod 1: Scan repo using our cluster

hashtag cdefense online

hashtagOptions:

hashtagExample:

hashtagScan private repo

hashtagGitLab:

hashtagAzure Repo:

hashtagBitbucket:

hashtagExample output

hashtagWithout verbose:

hashtagWith verbose:

hashtagMethod 2: Scan repo on your system, but download repo from external (any git)

hashtagMethod 3: Scan repo on your system, but copy project from your PC