Pages

Saturday, March 16, 2019

Jenkins - Integrating Source Clear with Jenkins


As we already know that the Source clear is Saas based application. We scan the source code in our local machine and the results are sent to the source clear website. The results can be viewed with the account that we have taken.

Integrating the Software composition analysis tools with the Continuous integration tools is very important. We will integrate the source clear tool with the Jenkins tool and perform a source code scan as a part of the build system. We can then view the results in the source clear website.

1. Create a Secret text credential using the source clear token obtained when taking the account.


I have created the credentials with the ID and description so that i can be accessed in the build jobs.

2. Inside a Maven job, We will first create a secret text binding with a variable. In the Build environment Click on the “use Secret text(s) or file(s)”. Click on the Add button with the secret text binding. Provide the variable name and choose the credential id that we have created in the first step. This looks like as below,

3. Once the binding is done, In the Post steps of the job select the “execute shell” and enter the following command, curl -sSL https://download.sourceclear.com/ci.sh | sh

4. Run the job and we can see the results in the source clear website.

More to Come, Happy learning :-)

No comments :

Post a Comment