Code Security CI/CD Integrations
To integrate Code Security with your CI/CD, download the Code Security engine and run a scan in your test or build scripts.
|
|
Notes:
|
Code Security for GitHub Actions
Get your DSN from the Code Security platform and set up your SPECTRAL_DSN in the CI environment variables as a secret. For more information, click here.
Example of the configuration:
.github/workflows/scan.yml
name: Main
on:
push:
branches: [ main ]
env:
SPECTRAL_DSN: ${{ secrets.SPECTRAL_DSN }}
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install and run Spectral CI
uses: spectralops/spectral-github-action@v2
with:
spectral-dsn: ${{ env.SPECTRAL_DSN }}
spectral-args: scan --okExample of a build integrated with Code Security:
Code Security for GitLab CI/CD
Get your DSN from the Code Security platform and set up your DSN in the GitLab variables store as SPECTRAL_DSN.
|
|
Note - Make sure to select the Protected variable option. |
Example of configuration in the US region:
For Dome9 users
.gitlab-ci.yml
build-job:
stage: build
script:
- curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --okFor Infinity users
.gitlab-ci.yml
build-job:
stage: build
script:
- curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --okExample of a build integrated with Code Security:
Code Security for Bitbucket Pipeline
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in variables and secrets.
Example of configuration in the US region:
For Dome9 users
bitbucket-pipelines.yml
image: atlassian/default-image:2
pipelines:
default:
- parallel:
- step:
name: 'Install & run Spectral'
script:
- curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --okFor Infinity users
bitbucket-pipelines.yml
image: atlassian/default-image:2
pipelines:
default:
- parallel:
- step:
name: 'Install & run Spectral'
script:
- curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --okExample of a build integrated with Code Security:
Code Security for Jenkins CI
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in Jenkins Credentials store.
Example of configuration in the US region:
For Dome9 users
Jenkinsfile
pipeline {
agent any
environment {
SPECTRAL_DSN = credentials('spectral-dsn')
}
stages {
stage('install Spectral') {
steps {
sh "curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh"
}
}
stage('scan for issues') {
steps {
sh "$HOME/.spectral/spectral scan --ok"
}
}
}
}For Infinity users
Jenkinsfile
pipeline {
agent any
environment {
SPECTRAL_DSN = credentials('spectral-dsn')
}
stages {
stage('install Spectral') {
steps {
sh "curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh"
}
}
stage('scan for issues') {
steps {
sh "$HOME/.spectral/spectral scan --ok"
}
}
}
}Example of a build integrated with Code Security:
Code Security for CircleCI
Get your DSN from the Code Security platform and set up your DSN in CircleCI Secrets Store as SPECTRAL_DSN.
Example of configuration in the US region:
For Dome9 users
.circleci/config.yml
version: 2.1
workflows:
test-env-vars:
jobs:
- build:
context:
- SPECTRAL_DSN
jobs:
build:
docker:
- image: circleci/node:latest
steps:
- checkout
- run: curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- run: $HOME/.spectral/spectral scan --okFor Infinity users
.circleci/config.yml
version: 2.1
workflows:
test-env-vars:
jobs:
- build:
context:
- SPECTRAL_DSN
jobs:
build:
docker:
- image: circleci/node:latest
steps:
- checkout
- run: curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- run: $HOME/.spectral/spectral scan --okExample of a build integrated with Code Security:
Code Security for Travis CI
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in the Travis Env Store.
Example of configuration in the US region:
For Dome9 users
.travis.yml
language: ruby
install:
- curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral --version
script:
- $HOME/.spectral/spectral scan --okFor Infinity users
.travis.yml
language: ruby
install:
- curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral --version
script:
- $HOME/.spectral/spectral scan --okExample of a build integrated with Code Security:
Code Security for AWS CodeBuild
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in Secrets Manager.
Example of configuration in the US region:
For Dome9 users
buildspec.yml
version: 0.2
env:
secrets-manager:
SPECTRAL_DSN: your-secrets-arn:SPECTRAL_DSN
phases:
build:
commands:
- ...
post_build:
commands:
- curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --okFor Infinity users
buildspec.yml
version: 0.2
env:
secrets-manager:
SPECTRAL_DSN: your-secrets-arn:SPECTRAL_DSN
phases:
build:
commands:
- ...
post_build:
commands:
- curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --okExample of a build integrated with Code Security:
Code Security for Azure DevOps Pipeline
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in your secret variables.
Example of configuration in the US region:
For CloudGuard Standalone (Dome9) users
build.yml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: CmdLine@2
displayName: Checkout $(Build.SourceBranchName)
inputs:
- script: 'git checkout $(Build.SourceBranchName)'
- script: curl -L 'https://spectral-us.dome9.com/latest/x/sh?dsn=$(SPECTRAL_DSN)' | sh
displayName: 'Install Spectral'
- script: $HOME/.spectral/spectral scan --ok --dsn $(SPECTRAL_DSN)
displayName: 'Spectral Scan'For CloudGuard Infinity users
build.yml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: CmdLine@2
displayName: Checkout $(Build.SourceBranchName)
inputs:
- script: 'git checkout $(Build.SourceBranchName)'
- script: curl -L 'https://spectral-us.checkpoint.com/latest/x/sh?dsn=$(SPECTRAL_DSN)' | sh
displayName: 'Install Spectral'
- script: $HOME/.spectral/spectral scan --ok --dsn $(SPECTRAL_DSN)
displayName: 'Spectral Scan'Example of a build integrated with Code Security:
Code Security for Google Cloud Build
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in Secret Manager.
Example of configuration in the US region:
For Dome9 users
cloudbuild.yaml
steps:
- name: gcr.io/cloud-builders/gcloud
id: Spectral
entrypoint: bash
args:
- -c
- |
curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$$SPECTRAL_DSN" | sh
$$HOME/.spectral/spectral scan --ok
secretEnv:
- SPECTRAL_DSN
availableSecrets:
secretManager:
- versionName: projects/PROJECT_ID/secrets/SPECTRAL_DSN/versions/latest
env: SPECTRAL_DSN
For Infinity users
cloudbuild.yaml
steps:
- name: gcr.io/cloud-builders/gcloud
id: Spectral
entrypoint: bash
args:
- -c
- |
curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$$SPECTRAL_DSN" | sh
$$HOME/.spectral/spectral scan --ok
secretEnv:
- SPECTRAL_DSN
availableSecrets:
secretManager:
- versionName: projects/PROJECT_ID/secrets/SPECTRAL_DSN/versions/latest
env: SPECTRAL_DSN
Example of a build integrated with Code Security:
Code Security for JFrog Pipelines
Get your DSN from the Code Security platform and store it as SPECTRAL_DSN in the pipelines secrets.
Example of configuration in the US region:
For Dome9 users
build.yaml
resources:
- name: myScannedRepo
type: GitRepo
configuration:
# Your JFrog integration with Github
gitProvider: "integration_name"
# Github repository
path: "org-name/repository-name"
branches:
include: main
pipelines:
- name: Spectral
steps:
- name: SpectralScan
type: Bash
configuration:
integrations:
- name: spectraldsn
inputResources:
- name: myScannedRepo
execution:
onExecute:
- cd dependencyState/resources/myScannedRepo
- curl -L "https://spectral-us.dome9.com/latest/x/sh?dsn=$int_spectraldsn_SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --ok --dsn $int_spectraldsn_SPECTRAL_DSN For Infinity users
build.yaml
resources:
- name: myScannedRepo
type: GitRepo
configuration:
# Your JFrog integration with Github
gitProvider: "integration_name"
# Github repository
path: "org-name/repository-name"
branches:
include: main
pipelines:
- name: Spectral
steps:
- name: SpectralScan
type: Bash
configuration:
integrations:
- name: spectraldsn
inputResources:
- name: myScannedRepo
execution:
onExecute:
- cd dependencyState/resources/myScannedRepo
- curl -L "https://spectral-us.checkpoint.com/latest/x/sh?dsn=$int_spectraldsn_SPECTRAL_DSN" | sh
- $HOME/.spectral/spectral scan --ok --dsn $int_spectraldsn_SPECTRAL_DSN Example of a build integrated with Code Security:
