This article shows you how to integrate ShiftLeft CORE's NG SAST into your CircleCI workflow to provide automated code analysis.
This tutorial assumes that you have:
- Successfully set up CircleCI to build your application
- Set up NG SAST onto the host where CircleCI installed.
Step 1: Create your environment variables
On the host where you've installed NG SAST, create the following environment variables containing authentication information for ShiftLeft:
|Your Access Token|
When running in a production environment, we recommend using a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.
Please note that the presence of any set environment variables will override those in a configuration file.
Integrate NG SAST into the CircleCI workflow
There are two ways you can run NG SAST as part of your CircleCI workflow:
- Modifying your config script
- Using ShiftLeft's CircleCI orb
Method 1: Modify the config script to run NG SAST
Method 2: Use ShiftLeft's CircleCI Orb to run NG SAST
You can integrate NG SAST into your CircleCI workflow using the ShiftLeft Orb. Your config file should look something like the following: