Integration with TeamCity¶

Scan's AppImage format can be used with TeamCity cloud build service for performing security scans.

Create a Build configuration with the parameters shown below. The important configuration is the Artifact paths. Specify the value reports => scan-reports

Build configuration

Create a command line build step with the following custom script.

#!/usr/bin/env bash
sh <(curl https://slscan.sh/install)
$HOME/.local/bin/scan --build

The sh command is a one-liner command to download and install the latest scan AppImage from GitHub releases. You can also replace these steps with downloading from GitHub releases.

sudo wget https://github.com/ShiftLeftSecurity/sast-scan/releases/download/v1.9.27/scan -O $HOME/.local/bin/scan
sudo chmod +x $HOME/.local/bin/scan

Build steps

Optionally, customize the build triggers using the Triggers menu. Use the parameters menu and Environment Variables section to pass any variables such as:

GITHUB_TOKEN - Required for dependency and license scanning
WORKSPACE - To customize the URL for the filenames in the output

Scan summary can be viewed directly in the build logs. Scan Reports can be downloaded from the Artifacts tab -> scan-reports directory.

Build output

Last update: January 25, 2023