CI/CD Integration
note
To integrate CodeShield into your CI/CD pipeline you need to create an API access token.
Ready to Use Bash Script
cs-ci-integration.sh
#! /bin/bash
scan_id=$(curl -X POST \
-H "api-key: $API_KEY" \
$BACKEND_URL/repository/$REPO_ID/scan -s | jq -r '.id');
printf "\nSent trigger to CodeShield; got ID $scan_id\n"
if [[ -z "$scan_id" ]]; then
printf "\nReceived invalid scanId. Check your environment variables."
exit -1
fi
if [[ "$scan_id" == "null" ]]; then
printf "\nReceived invalid scanId. Check your environment variables."
exit -1
fi
build_status_url="$BACKEND_URL/scan/$scan_id/status"
build_result_url="$BACKEND_URL/scan/$scan_id"
dashboard_url="https://dashboard.codeshield.io/scan/$scan_id"
interval_in_seconds=10
printf "\nPolling '${build_status_url%\?*}' every $interval_in_seconds seconds, until 'complete'\n"
while true;
do
status=$(curl $build_status_url -H "api-key: $API_KEY" -s | jq '.status');
printf "\r$(date +%H:%M:%S): $status";
if [[ "$status" == "\"ANALYSIS_COMPLETED\"" ]]; then
result=$(curl $build_result_url -H "api-key: $API_KEY" -s);
printf "\nScan complete! Results: $result";
break;
elif [[ "$status" == "\"ANALYSIS_FAILED\"" || "$status" == "\"CHECKOUT_FAILED\"" ]]; then
printf "\n Scan failed! View logs at $dashboard_url"
break;
fi;
sleep $interval_in_seconds;
done
Trigger a Scan after Deployment
To trigger a scan for a repository (AWS Stack, Region, or combination of regions) you must have executed at least one scan in the dashboard. Get the id of a the repository by copying the repoId on the dashboard's overview page.
NEW_SCANID=$(curl -X POST \
'<BACKEND_URL>/repository/<REPOID>/scan' \
-H 'api-key: <MY-API-KEY>' | jq -r '.id')
Get the Results
A scan make take several minutes to complete, you can query the results using.
curl -X GET \
"<BACKEND_URL>/scan/$NEW_SCANID/status" \
-H 'api-key: <MY-API-KEY>'
Once a scan is finished, you can get the results by invoking.
curl -X GET \
'<BACKEND_URL>/scan/$NEW_SCANID' \
-H 'api-key: <MY-API-KEY>'