Overview

In this article we will make the necessary modifications to a simple Jenkins project using Jenkinsfile to scan a GitHub repository with SOOS.

 

Integration Steps

Open the SOOS App, browse to Integrate > CI/CD/Repo > CI/CD > Jenkins

  • Click the Download link and get the latest release of the Jenkinsfile and copy the file into your project and push it to your GitHub repository

    • Alternatively copy and paste the code inside a new Jenkinsfile file in your project

  • Note the API Key (SOOS_API_KEY), Client ID (SOOS_CLIENT_ID) and Script (Script Integration) values, you will need these to configure the Environment Variables.

Technical details for the script can be found here: https://github.com/soos-io/soos-sca-jenkins-plugin

Environment Setup

Navigate to Jenkins -> Manage Jenkins -> Configure System

system configuration box

Setup Environment Variables

Under “Global Properties”, add environment variables for your SOOS_API_KEY and SOOS_CLIENT_ID, obtained from the SOOS app in the Environment variables text fields. These will be used by the SOOS CLI. 

api key and client id

Save your configuration.

Install Docker and add the Plugins

  1. Visit https://www.docker.com/ and download Docker.
  2. Navigate to Jenkins -> Manage Jenkins -> Manage Plugins
  3. Select the Available tab, and search for Docker plugins.
  4. Install the Docker and Docker Pipeline plugins in order to get the Docker agent available to run the Jenkinsfile.

Build Setup

Add “New Item” in the Jenkins main menu.

jenkins main menu

Enter a name for the item and select Pipeline.

On the next screen:

  1. Type in a description for your item.
  2. Select the Pipeline Tab.
  3. Choose 'Pipeline script from SCM' in the Definition field.
  4. In the SCM field select 'Git'.
  5. Enter the link to your GitHub repo in the Repository URL field and enter the corresponding credentials when prompted.
  6. Write the Jenkinsfile path in the Script Path field and select Apply and Save.

 

Run It

To run the SOOS CLI against your repository’s code, just execute a build or commit a change. The build will use the environment variables that you created for the API Key and Client ID.