Integrating CI/CD with CLI for Online Scans: GoCD

Modified on Thu, 5 Sep at 7:31 PM

You can now initiate online scans using the latest CLI command:

Method 1: Scanning Repositories Using Our Cluster

Copy code

cdefense online



Options:

cssCopy code

cdefense online --api-key={} --repository-url={} --branch-name={} --tag={}


(Ensure the SCAN_URL environment variable is set to https://console.clouddefenseai.com)

Example:

cssCopy code

cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url= --branch-name=example --tag=example


(Ensure the SCAN_URL environment variable is set to https://console.clouddefenseai.com)

This command returns an exit status of 1 if the build policy fails.

Scanning Private Repositories:

We also support scanning private repositories. Provide the API key associated with the account where the integration is configured or include an access token in the repository URL:

  • GitHub: https://{private-access-token}@github.com/username/repo.git

  • GitLab:

    • Using OAuth2: https://oauth2:{personal-access-token}@gitlab.com/username/repo.git

    • Using Username and Password: https://{username}:{password}@gitlab.com/username/repo.git

  • Azure Repo: https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo

  • Bitbucket: https://{username}:{access_token}@bitbucket.org/username/repo.git

Example Output:

Without Verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado

2022/07/15 16:59:52 [INFO] Connecting to server...

2022/07/15 16:59:53 [INFO] Welcome [[email protected]]. You have been successfully connected to [Cloud Defense] organization

2022/07/15 16:59:53 [INFO] Running full online scan...

2022/07/15 17:01:19 [INFO] Scan was finished

2022/07/15 17:01:19 [INFO] Build policy status: FAILURE

Failed build policy results:

 /app/pom.xml : java_maven:

- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1

- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1

[INFO] Scan started at 16:59:52 finished at 17:01:19

[INFO] Total scan time: 1m27s



With Verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose

2022/07/15 17:00:16 [INFO] Connecting to server...

2022/07/15 17:00:16 [INFO] Welcome [[email protected]]. You have been successfully connected to [Cloud Defense] organization

2022/07/15 17:00:17 [INFO] Running full online scan...

2022/07/15 17:01:43 [INFO] Scan was finished

2022/07/15 17:01:43 [INFO] Build policy status: FAILURE

{

  "/app/pom.xml : java_maven": {

    "failureBuildPolicyResults": [

      {

        "message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",

        "rule": {

          "operand": "CWE",

          "operator": "PART_OF_OWASP",

          "value": "Injection"

        },

        "count": 1

      },

      {

        "message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",

        "rule": {

          "operand": "TITLE",

          "operator": "CONTAINS",

          "value": "inje"

        },

        "count": 1

      }

    ],

    "passedBuildPolicyResults": [

      {

        "message": "Success",

        "rule": {

          "operand": "CRITICAL_SEVERITY_COUNT",

          "operator": "GREATER_THAN",

          "value": "1"

        },

        "count": 1

      },

      {

        "message": "Success",

        "rule": {

          "operand": "CWE",

          "operator": "PART_OF_OWASP",

          "value": "Broken Authentication"

        },

        "count": 0

      },

      {

        "message": "Success",

        "rule": {

          "operand": "CWE_ID",

          "operator": "CONTAINS",

          "value": "264"

        },

        "count": 0

      }

    ]

  }

[INFO] Scan started at 17:00:16 finished at 17:01:43

[INFO] Total scan time: 1m27s




Method 2: Scanning Repositories on Your System, Downloading Repo from External (Any Git)

Example:

cssCopy code

cdefense clidocker --api-key={} --scan-url=https://console.clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={} --tag={}



Method 3: Scanning Repositories on Your System, Copying Project from Your PC

Example:

cssCopy code


cdefense clidocker --api-key={} --scan-url=https://console.clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --repo-url=https://github.com/scalesec/vulnado --branch={} --tag={}



(This command will push data to console.clouddefenseai.com)

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article