This article shows you how to integrate ShiftLeft CORE's NG SAST into your Bamboo workflow to provide automated code analysis.


This tutorial assumes that you have:

Step 1: Create your environment variables

Log into your Bamboo server using an account that has administrator privileges.

Create the following environment variables containing authentication information for ShiftLeft:


When running in a production environment, we recommend using a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.

Please note that the presence of any set environment variables will override those in a configuration file.

Step 2: Create a script to run NG SAST

Provide Bamboo instructions on running NG SAST by creating a shell script containing task running information.

You will be asked to provide values for the following parameters when creating the script:

Task descriptionSL Analyze (or similar)
Script body/usr/local/bin/sl analyze or /usr/local/bin/sl analyze - -cpg
Working sub directory<path to where your build project packages>

Ensure that the script called to run NG SAST is the last build task listed since it should run after all of your other Bamboo tasks.