This article shows you how to integrate ShiftLeft CORE's NG SAST into your GoCD workflow to provide automated code analysis.


This tutorial assumes that you have:

Step 1: Create your environment variables

Log into your GoCD server using an account that has administrator privileges.

Create the following environment variables containing authentication information for ShiftLeft:


When running in a production environment, we recommend using a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.

Please note that the presence of any set environment variables will override those in a configuration file.

Step 2: Add ShiftLeft to the agent image

To provide instructions for running ShiftLeft to your GoCD agent image, navigate to the image you want to modify and use the editor to add the following shell script:

/usr/local/bin/sl analyze

Be sure to check this shell file in your project's repository.

Step 3: Configure your build

Once you've checked in the shell script you created in Step 2, you'll need to configure your build. To do so, pen up your project and go to the project's Settings.

Under the Stages tab, click Add New Stage and set the following parameters:

Stage NameSL Analyze
Trigger TypeOn Success
Job NameSL Analyze
Task TypeMore
Working Directory<directory-to-built-project-packages>.sh

Click Save.