Bamboo
This article shows you how you can integrate ShiftLeft CORE's NG SAST into your Bamboo workflow to provide automated code analysis.
Prerequisites
This tutorial assumes that you have:
- Installed Bamboo
- Set up NG SAST onto your Bamboo server
Step 1: Create Your Environment Variables
Log into your Bamboo server using an account that has administrator privileges.
Create the following environment variables containing authentication information for ShiftLeft:
| Variable | Value |
|---|---|
SHIFTLEFT_ACCESS_TOKEN | Your Access Token |
When running in a production environment, we recommend that you use a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.
Please note that the presence of any set environment variables will override those in a configuration file.
Step 2: Create a Script to Run NG SAST
Provide Bamboo instructions on running NG SAST by creating a shell script that contains task running information.
You will be asked to provide values for the following parameters when creating the script:
| Parameter | Value |
|---|---|
| Task description | SL Analyze (or similar) |
| Script body | /usr/local/bin/sl analyze or /usr/local/bin/sl analyze - -cpg |
| Working sub directory | <path to where your build project packages> |
Make sure that the script called to run NG SAST is the last build task listed since it should run after all of your other Bamboo tasks.