Methods for CI/CD integration with CLI

Modified on Wed, 11 Oct, 2023 at 7:08 PM


CI/CD integration with CLI Now you can start online scans with the new CLI command: 


Method 1: Scan repo using our cluster

 cdefense online


Options:

cdefense online --api-key={} --repository-url={} --branch-name= {optional} --tag={optional} (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)

Example: 

cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://github.com/mono/mono --branch-name= example --tag=example (You should have ENV variable SCAN_URL=https://console.clouddefenseai. com)
Command will return exit status 1 if build policy was failed.

Scan private repo 

We also support private repositories. To do this you need to provide API key related to account where integration is configured or provide an access token into repository URL:
GitHub: 
https://{private-access-token}@github.com/username/repo.git 

GitLab: 

https://oauth2:{personal-access-token}@gitlab.com/username/repo.git 
https://{username}:{password}@gitlab.com/username/repo.git 

Azure Repo: 

https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo 

Bitbucket: 

https://{username}:{access_token}@bitbucket.org/username/repo.git 

Example output 

Without verbose: 

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado 
2022/07/15 16:59:52 [INFO] Connecting to server... 
2022/07/15 16:59:53 [INFO] Welcome [[email protected]]. You have been successfully connected to [Cloud Defense] organization 
2022/07/15 16:59:53 [INFO] Running full online scan... 
2022/07/15 17:01:19 [INFO] Scan was finished 
2022/07/15 17:01:19 [INFO] Build policy status: FAILURE
Failed build policy results:
 /app/pom.xml : java_maven: 
- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1 
- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1
[INFO] Scan started at 16:59:52 finished at 17:01:19 
[INFO] Total scan time: 1m27s

With verbose: 

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose
2022/07/15 17:00:16 [INFO] Connecting to server...
2022/07/15 17:00:16 [INFO] Welcome [[email protected]]. You have been successfully connected to [Cloud Defense] organization
2022/07/15 17:00:17 [INFO] Running full online scan...
2022/07/15 17:01:43 [INFO] Scan was finished
2022/07/15 17:01:43 [INFO] Build policy status: FAILURE
{
  "/app/pom.xml : java_maven": {
    "failureBuildPolicyResults": [
      {
        "message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",
        "rule": {
          "operand": "CWE",
          "operator": "PART_OF_OWASP",
          "value": "Injection"
        },
        "count": 1
      },
      {
        "message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",
        "rule": {
          "operand": "TITLE",
          "operator": "CONTAINS",
          "value": "inje"
        },
        "count": 1
      }
    ],
    "passedBuildPolicyResults": [
      {
        "message": "Success",
        "rule": {
          "operand": "CRITICAL_SEVERITY_COUNT",
          "operator": "GREATER_THAN",
          "value": "1"
        },
        "count": 1
      },
      {
        "message": "Success",
        "rule": {
          "operand": "CWE",
          "operator": "PART_OF_OWASP",
          "value": "Broken Authentication"
        },
        "count": 0
      },
      {
        "message": "Success",
        "rule": {
          "operand": "CWE_ID",
          "operator": "CONTAINS",
          "value": "264"
        },
        "count": 0
      }
    ]
  }
[INFO] Scan started at 17:00:16 finished at 17:01:43
[INFO] Total scan time: 1m27s

Method 2: Scan repo on your system, but download repo from external (any git)

Example:
cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

Method 3: Scan repo on your system, but copy project from your PC



Example:
cdefense clidocker --api-key={} --scan-url=https://console.
clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --
repo-url=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}
Command will push data to console.clouddefenseai.com

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article