CircleCI

This article shows you how you can integrate ShiftLeft CORE's NG SAST into your CircleCI workflow to provide automated code analysis.

Prerequisites

This tutorial assumes that you have:

Step 1: Create Your Environment Variables

On the host where you've installed NG SAST, create the following environment variables containing authentication information for ShiftLeft:

VariableValue
SHIFTLEFT_ACCESS_TOKENYour Access Token

When running in a production environment, we recommend that you use a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.

Please note that the presence of any set environment variables will override those in a configuration file.

Integrate NG SAST into the CircleCI Workflow

There are two ways you can run NG SAST as part of your CircleCI workflow:

  1. Modifying your config script
  2. Using ShiftLeft's CircleCI orb

Method 1: Modify the Config Script to Run NG SAST

You can edit your .circleci/config.yml to run NG SAST. For example, you could add the following to the steps portion of your config file to build and analyze a Java application:

steps:
- run:
name: Build the application
command: |
mvn clean package #build the app
mkdir -p /tmp/workspace/target #create a directory for ShiftLeft
mv target/hello-shiftleft-0.0.1.jar /tmp/workspace/target/
curl https://www.shiftleft.io/download/sl-latest-linux-x64.tar.gz > /tmp/sl.tar.gz && sudo tar -C /usr/local/bin -xzf /tmp/sl.tar.gz #download ShiftLeft
PR_USER=$(echo $CIRCLE_PULL_REQUEST | cut -d '/' -f4)
PR_REPO=$(echo $CIRCLE_PULL_REQUEST | cut -d '/' -f5)
PR_NUMBER=$(echo $CIRCLE_PULL_REQUEST | cut -d '/' -f7)
sl analyze --wait --tag branch=$CIRCLE_BRANCH --app <YOUR_APP> /tmp/workspace/target/<PATH_TO_JAR_OR_WAR> #run code analysis

Method 2: Use ShiftLeft's CircleCI Orb to Run NG SAST

You can integrate NG SAST into your CircleCI workflow using the ShiftLeft Orb. Your config file should look something like the following:

version: 2.1
orbs:
shiftleft: shiftleft/shiftleft@1.0
jobs:
build:
machine: true
steps:
- checkout
- run: mvn package #if necessary, build app
- shiftleft/analyze:
app: YOUR_APP_NAME
target: target/<PATH_TO_JAR_OR_WAR>
language: java #app language
workflows:
workflow:
jobs:
- build