Skip to main content

CI/CD Integration

note

To integrate CodeShield into your CI/CD pipeline you need to create an API access token.

Ready to Use Bash Script

cs-ci-integration.sh
#! /bin/bash

scan_id=$(curl -X POST \
-H "api-key: $API_KEY" \
$BACKEND_URL/repository/$REPO_ID/scan -s | jq -r '.id');

printf "\nSent trigger to CodeShield; got ID $scan_id\n"

if [[ -z "$scan_id" ]]; then
printf "\nReceived invalid scanId. Check your environment variables."
exit -1
fi

if [[ "$scan_id" == "null" ]]; then
printf "\nReceived invalid scanId. Check your environment variables."
exit -1
fi

build_status_url="$BACKEND_URL/scan/$scan_id/status"
build_result_url="$BACKEND_URL/scan/$scan_id"
dashboard_url="https://dashboard.codeshield.io/scan/$scan_id"
interval_in_seconds=10

printf "\nPolling '${build_status_url%\?*}' every $interval_in_seconds seconds, until 'complete'\n"

while true;
do
status=$(curl $build_status_url -H "api-key: $API_KEY" -s | jq '.status');
printf "\r$(date +%H:%M:%S): $status";
if [[ "$status" == "\"ANALYSIS_COMPLETED\"" ]]; then
result=$(curl $build_result_url -H "api-key: $API_KEY" -s);
printf "\nScan complete! Results: $result";
break;
elif [[ "$status" == "\"ANALYSIS_FAILED\"" || "$status" == "\"CHECKOUT_FAILED\"" ]]; then
printf "\n Scan failed! View logs at $dashboard_url"
break;
fi;
sleep $interval_in_seconds;
done

Trigger a Scan after Deployment

To trigger a scan for a repository (AWS Stack, Region, or combination of regions) you must have executed at least one scan in the dashboard. Get the id of a the repository by copying the repoId on the dashboard's overview page.

NEW_SCANID=$(curl -X POST \
'<BACKEND_URL>/repository/<REPOID>/scan' \
-H 'api-key: <MY-API-KEY>' | jq -r '.id')

Get the Results

A scan make take several minutes to complete, you can query the results using.

curl -X GET \
"<BACKEND_URL>/scan/$NEW_SCANID/status" \
-H 'api-key: <MY-API-KEY>'

Once a scan is finished, you can get the results by invoking.

curl -X GET \
'<BACKEND_URL>/scan/$NEW_SCANID' \
-H 'api-key: <MY-API-KEY>'