CircleCI Integration with CloudDefense CLI

Scanning Repositories Using Our Cluster

To scan your repository using our cluster, execute the following command:

cdefense online

Options:

You can provide additional options to customize the scan:

cdefense online --api-key={} --repository-url={} --branch-name={} --tag={}

Replace the placeholders ({}) with the appropriate values:

• api-key: Your CloudDefense API key.

• repository-url: The URL of the repository to scan.

• branch-name: The branch to be scanned.

• tag: Optional tag for identification.

Integrating CloudDefense CLI into CircleCI Pipeline

CircleCI pipelines automate the process of building, testing, and deploying code. The process is defined in your .circleci/config.yml file and consists of workflows, jobs, and steps.

Key Concepts:

• Pipeline: The overall automated process triggered when code is pushed, a pull request is created, or a workflow is manually started.

• Workflow: A collection of jobs that define how the pipeline is executed.

• Job: A unit of work in the pipeline, such as building the application or running tests.

• Steps: Individual commands or processes within a job.

Example .circleci/config.yml Configuration

Below is an example configuration for integrating CloudDefense CLI into a CircleCI pipeline:

# Use the latest 2.1 version of CircleCI pipeline process engine.

version: 2.1

# Define a job called "cloud-defense-scan".

jobs:

  cloud-defense-scan:

    # Specify the Docker image to use for this job.

    docker:

      - image: cimg/base:current

    steps:

      # Step to checkout the repository.

      - checkout

      # Step to install the CloudDefense CLI (default base system is Linux in CircleCI).

      - run:

          name: "Install Cloud Defense CLI"

          command: |

            sudo curl -L https://raw.githubusercontent.com/CloudDefenseAI/cd/master/latest/cd-latest-linux-x64.tar.gz -o /tmp/cd-latest-linux-x64.tar.gz

            sudo tar -C /usr/local/bin -xzf /tmp/cd-latest-linux-x64.tar.gz

            sudo chmod +x /usr/local/bin/cdefense

      # Step to run the Cloud Defense scan.

      - run:

          name: "Run Cloud Defense Scan"

          command: |

            cdefense online --api-key=$CDEFENSE_API_KEY --repository-url=https://github.com/char-an/oath2-demo.git

# Define a workflow named "scan-workflow".

workflows:

  scan-workflow:

    # Specify the jobs to run in this workflow.

    jobs:

      - cloud-defense-scan

Setting Up Environment Variables

To use environment variables in your CircleCI pipeline, follow these steps:

1. Navigate to your CircleCI project settings.

2. Select Environment Variables under Project Settings.

3. Click Add Environment Variable.

4. Add the variable name and its corresponding value.

Example:

In the above configuration, $CDEFENSE_API_KEY is used as an environment variable. Ensure it is added to the project settings. These variables will automatically be picked up when the pipeline is triggered and will fill any placeholders in your configuration.

By following this guide, you can seamlessly integrate CloudDefense CLI into your CircleCI pipeline to scan repositories efficiently.