Scan in CI/CD Pipelines¶
Scan is purpose built for integration into your workflow. Here are a few integration approaches for Scan with modern CI/CD systems:
Repository based platforms¶
- Integration with Bitbucket Pipelines
- Integration as Github Actions
- Integration as Github Code scanning
- Integration with GitLab CI
Public cloud platforms¶
- Integration with Azure DevOps Pipelines
- Integration with Google CloudBuild
- Integration with AWS CodeBuild
Dedicated CI/CD¶
- Integration with Circle CI
- Integration with Jenkins CI
- Integration with Travis CI
- Integration with TeamCity
Cloud-native CI/CD¶
Others¶
For CI/CD systems not listed here (TeamCity, GoCD etc), here are few things you can try:
- Create a container-based job or build step and use
shiftleft/scanas the image. Some CI systems might expect the full name to be provided:docker://shiftleft/sast-scan:latest - For the command use
scan. If this command doesn't succeed check if the source code is available and that the project is compiled. You may need to perform these steps before invoking scan.
This approach may not work reliably and should be used only as the last resort. Use the docker run command mentioned in the Getting started
docker run --rm -e "WORKSPACE=${PWD}" -v "$PWD:/app" shiftleft/sast-scan scan
In some CI systems, running docker command might be supported but might need some configuration to explicitly turn it on. For instance, Travis requires a service docker to enable docker support.
Once you manage to get it working please share the steps with us via GitHub issues so that we can update this documentation.
Last update: January 25, 2023