This guide walks you through setting up a Jenkins Freestyle project to perform a full vulnerability scan using the CloudDefense CLI . The workflow downloads the CLI, adds it to your repository, and configures Jenkins to poll the repository, inject environment variables, and execute the scan command. Follow these steps to automate scans for your GitHub repository when code changes are pushed.

Prerequisites

- Jenkins: Installed and running on `localhost:8080` (or your Jenkins URL).

- GitHub Repository: Public or private, with a branch to scan (e.g., `master`).

- CloudDefense API Key: Obtain from `https://console.clouddefenseai.com`.

- Plugins: Install the Environment Injector Plugin and Credentials Binding Plugin in Jenkins.

Step-by-Step Integration

Step 1: Download the CloudDefense CLI

1. Navigate to the Release Page:

   - Open your browser and go to `https://github.com/CloudDefenseAI/cd/releases/tag/1.38.6`.

   - Locate the CLI zip file as per your operating system, for example: `cd-latest-windows.exe.tar.gz`.

2. Download the Zip:

- Click the link for `cd-latest-windows.exe.tar.gz` to download it to your local machine (e.g., `Downloads` folder).

 Step 2: Extracts CLI files and push to repo

- After extraction of `cd-latest-windows.exe.tar.gz` we get 2 files: `cd-latest-windows` and `._cd-latest-windows`

- Push these 2 files to the repo you need to scan.

Step 3: Install Required Jenkins Plugins

1. Access Plugin Manager:

   - Log in to Jenkins (`http://localhost:8080`).

   - Click Manage Jenkins -> Plugins.

2. Install Environment Injector Plugin:

- Go to the Available tab.

- Search for Environment Injector.

- Check Environment Injector Plugin.

- Click Install without restart.

 Step 4: Create a Freestyle project

- From the Jenkins dashboard, click New Item.

- Enter a name (e.g., CDefense-Workflow).

- Select Freestyle project.

- Click OK.

Step 5: Configure Source Code Management

1. Select Git:

   - Under Source Code Management, select Git.

   - Set Repository URL to your GitHub repository (e.g., `https://github.com/your-username/your-repo.git`).

2. Specify Branch:

   - Set Branch Specifier to `*/master` (or your branch, e.g., `*/feature-branch`).

3. Add Credentials (if private):

   - In Credentials, authenticate Github using Personal Access Token

   - If public, leave as None.

Step 6: Enable SCM Polling

1. Set Polling Schedule:

   - Under Build Triggers, check Poll SCM.

   - Enter the schedule: `H/5 * * * *` (polls every 5 minutes).

Step 7: Inject Environment Variables

   - Under Build Environment, check Inject environment variables to the build process.

2. Set Properties Content:

   - In the Properties Content field, enter:

      ```properties

      SCAN_URL=https://console.clouddefenseai.com

      REPO_URL=$GIT_URL

      BRANCH_NAME=$GIT_BRANCH

      CDEFENSE_API_KEY=*************

     TAG=latest

     TYPE=GITHUB

     ```

Step 8: Add Build Step

1. Add Batch Command:

   - Under Build, click Add build step -> Execute Windows batch command.

   - Enter:

     ```batch

     set BRANCH_NAME_CLEAN=%BRANCH_NAME:origin/=%

      cd-latest-windows online --api-key=%CDEFENSE_API_KEY% --repository-url=%REPO_URL% --branch-name=%BRANCH_NAME_CLEAN% --tag=%TAG% --type=%TYPE%

     ```

   - Explanation:

     - `set BRANCH_NAME_CLEAN` removes `origin/` from `BRANCH_NAME` (e.g., `origin/master` to `master`).

     - `cd-latest-windows online` runs the scan with required parameters.

Step 9: Save and Test

1. Save Configuration:

   - Click Apply and Save.

2. Test the Workflow:

- Push a change to your repository:

- Wait for the polling cycle (up to 5 minutes) or click Build Now.

Troubleshooting

- CLI Not Found:

  Check if target repository has cli files

- Team Access Error:

  If you see `We didn't find a default team in the organization`, log in to `https://console.clouddefenseai.com`, ensure a default team is set in the `clouddefense` organization, or try `--default=false` in the command.

- Wrong Branch Name:

   Verify branch name in SCM branch settings.

- Command Errors

  - Run `cd-latest-windows --help` in the workspace to confirm syntax.

  - Check CloudDefense documentation for additional flags.

- Github authentication: Check if Github credentials are correct.