Bamboo

This article shows you how you can integrate ShiftLeft CORE's NG SAST into your Bamboo workflow to provide automated code analysis.

Prerequisites

This tutorial assumes that you have:

Step 1: Create Your Environment Variables

Log into your Bamboo server using an account that has administrator privileges.

Create the following environment variables containing authentication information for ShiftLeft:

VariableValue
SHIFTLEFT_ACCESS_TOKENYour Access Token

When running in a production environment, we recommend that you use a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.

Please note that the presence of any set environment variables will override those in a configuration file.

Step 2: Create a Script to Run NG SAST

Provide Bamboo instructions on running NG SAST by creating a shell script that contains task running information.

You will be asked to provide values for the following parameters when creating the script:

ParameterValue
Task descriptionSL Analyze (or similar)
Script body/usr/local/bin/sl analyze or /usr/local/bin/sl analyze - -cpg
Working sub directory<path to where your build project packages>

Make sure that the script called to run NG SAST is the last build task listed since it should run after all of your other Bamboo tasks.