Travis
This article shows you how you can integrate ShiftLeft CORE's NG SAST into your Travis workflow to provide automated code analysis.
Prerequisites
This tutorial assumes that you have:
- Set up Travis to build your apps
- Set up NG SAST onto your Bamboo server
Integration Options
There are two ways you can integrate ShiftLeft into your Travis builds:
- Configuring the YAML file
- Customizing the container
Option 1: Configuring the YAML File
With both the hosted and the on-prem versions of Travis, you can configure the travis.yaml file to run ShiftLeft. The following YAML sample shows how you can modify the config file to obtain ShiftLeft, authenticate with ShiftLeft account, and run the code analysis process:
Authentication
You can set an environment variable with your Ci config token instead of explicitly providing it in your config script.
| Variable | Value |
|---|---|
SHIFTLEFT_ACCESS_TOKEN | Your Access Token |
When running in a production environment, we recommend that you use a CI token as the access token. You can create your CI token in the ShiftLeft Dashboard.
Please note that the presence of any set environment variables will override those in a configuration file.
Option 2: Customizing the Container
With the on-prem versions of Travis, you can customize the container to run ShiftLeft.
Each Travis build uses a Docker container. As such, you can modify the build containers to install and run ShiftLeft by editing the Dockerfile.