This article shows you how to integrate ShiftLeft CORE's NG SAST into your Docker workflow to provide automated code analysis.
This tutorial assumes that you have:
You must provide authentication information for ShiftLeft to your container via your Dockerfile. When running in a production environment, we recommend using a CI token as your access token; you can create a CI token in the ShiftLeft Dashboard and provide it using the
SHIFTLEFT_ACCESS_TOKEN environment variable.
Integrating NG SAST with Docker
|The CI token that grants access to ShiftLeft resources; you can create a CI token|
|The directory where ShiftLeft should be invoked; for Java apps, provide the path to the JAR/WAR (e.g., |
|The present directory mounted inside the Docker container as |
Running the code analysis
A sample invocation of
sl analyze looks something like the following:
For Java apps:
For Python apps: