Jenkins CI Integration
Discover Scantist's capabilities with Jenkins integration
Jenkins CI
Jenkins is a popular choice of continuous integration and continuous delivery solution for developers to integrate with a variety of development, testing, and deployment tools. Jenkins is highly extensible and customizable, which makes it suitable for a wide range of projects - from small single-developer projects to large enterprise-level applications.
Integrating Scantist into the development lifecycle of Jenkins CI can help enforce security and licensing compliance in the CI/CD pipeline. There are two ways to integrate Scantist with Jenkins CI:
Build Script on Jenkins CI
Using Jenkinsfile
Follow these steps to integrate Scantist with Jenkins CI using Jenkinsfile
This approach allows Jenkins users to scan their code for security vulnerabilities and licensing issues during the build process.
- Create access token
- Have your build script ready
- Configure script for Jenkins
- Build your project
You will need to create an access token on Scantist to authenticate and authorize the integration.
Navigate to your project settings page on Jenkins and click on Configure.
Under the Build section, make sure you have a build script prepared for your project. This script will aid Scantist SCA in collecting both direct and transitive dependencies. If you don't have a build script, you can skill the steps.
If you are using Windows, add a new Execute Windows Batch Command step and include the below script
(For APP environment)
export DEVSECOPS_IMPORT_URL=https://api-app.scantist.io/v2/scans/ci-scan/
export DEVSECOPS_TOKEN=$your_copied_access_token
curl -s https://download.scantist.io/sca-bom-detect.jar --output sca-bom-detect.jar
java -jar sca-bom-detect.jar(For GCC environment)
export DEVSECOPS_IMPORT_URL=https://gcc.scantist.io/v2/scans/ci-scan/
export DEVSECOPS_TOKEN=$your_copied_access_token
curl -s https://download.scantist.io/sca-bom-detect.jar --output sca-bom-detect.jar
java -jar sca-bom-detect.jarIf you are using Linux, add a new Execute Shell and include the below script
(For APP environment)
set DEVSECOPS_IMPORT_URL=https://api-app.scantist.io/v2/scans/ci-scan/
set DEVSECOPS_TOKEN=$your_copied_access_token
curl -s https://download.scantist.io/sca-bom-detect.jar --output sca-bom-detect.jar
java -jar sca-bom-detect.jar(For GCC environment)
set DEVSECOPS_IMPORT_URL=https://gcc.scantist.io/v2/scans/ci-scan/
set DEVSECOPS_TOKEN=$your_copied_access_token
curl -s https://download.scantist.io/sca-bom-detect.jar --output sca-bom-detect.jar
java -jar sca-bom-detect.jarClick Save and Build Now to start building results from Jenkins. This will call the Scantist Jenkins script to receive your successful build result from Jenkins CI.
Follow these steps to integrate Scantist with Jenkins CI using Jenkins File
This approach involves running the Jenkinsfile as part of your Jenkins build process - can be more flexible than using the Jenkinsfile, but it required more configuration and setup.
- Create access token
- Setup Environmental Variables on Jenkins
- Add Scantist Agent to Jenkinsfile Navigate to your source code repository to open Jenkinsfile and add a new stage below your stage. You can name the new stage `Scantist` and the below command.
- Download the Scantist Agent if your source code is on-premise hosted
- Build your Project
You will need to create an access token on Scantist to authenticate and authorize the integration.
Navigate to Configure System in the Jenkins menu, scroll down to find Global Properties and click on it.
Click on the Environment Variables tab and add the below two variables.
| Variable | Value | Options |
|---|---|---|
| SCANTISTTOKEN | token_you_copied | Mandatory |
| SCANTIST_IMPORT_URL | https://api-v4staging.scantist.io/v2/scans/ci-scan/ (For V4 staging environment) or https://gcc.scantist.io/v2/scans/ci-scan/ (For GCC environment) | Mandatory |
stage ('{{companyConfig.APP_NAME}}') {
steps {
sh '''
curl -s https://download.scantist.io/sca-bom-detect.jar --output sca-bom-detect.jar
java -jar sca-bom-detect.jar
'''
}
}On an internet-connected device, download the SCANTIST AGENT package suitable for your environment.
Transfer the downloaded agent package to your on-premises Jenkins environment by adding a new stage specifically for Scantist with the below command.
Navigate back to Jenkins and select Build Now for your project. This will call the Scantist Jenkins script to receive your successful build result from Jenkins CI.
Here is how a successful integration will look like
What's next?
You are now ready to perform scanning activities and set compliance policies for your CI/CD scans.
Schedule scan
Create compliance policies