This article shows you how you can integrate ShiftLeft CORE's NG SAST into your GoCD workflow to provide automated code analysis.
This tutorial assumes that you have:
Step 1: Create Your Environment Variables
Log into your GoCD server using an account that has administrator privileges.
Create the following environment variables containing authentication information for ShiftLeft:
|Your Access Token|
When running in a production environment, we recommend that you use a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.
Please note that the presence of any set environment variables will override those in a configuration file.
Step 2: Add ShiftLeft to the Agent Image
To provide instructions for running ShiftLeft to your GoCD agent image, navigate to the image you want to modify and use the editor to add the following shell script:
Alternatively, if you want to use CPG mode for code analysis, use:
Be sure to check this shell file in your project's repository.
Step 3: Configure your Build
Once you've checked in the shell script you created in Step 2, you'll need to configure your build. To do so, pen up your project and go to the project's Settings.
Under the Stages tab, click Add New Stage and set the following parameters:
|Trigger Type||On Success|