Skip to main content

CircleCI

This article shows you how to integrate Qwiet preZero into your CircleCI workflow to provide automated code analysis.

Prerequisites

This tutorial assumes that you have:

Step 1: Create your environment variables

On the host where you've installed preZero, create an environment variable containing authentication information for Qwiet. Name this variable SHIFTLEFT_ACCESS_TOKEN, and set its value to the CI token you create using the Qwiet dashboard.

Step 2: Update your config file

To integrate preZero into your CircleCI workflow, you must edit the .circleci/config.yml file.

For example, you could add the following to the steps portion of your config file to build and analyze a Java application:

steps:
- run:
name: Build the application and analyze
command: |
# build the application
mvn clean package
# create a directory for Qwiet and move the JAR file in
mkdir -p /tmp/workspace/target
mv target/hello-shiftleft-0.0.1.jar /tmp/workspace/target/
# download Qwiet and move
curl https://cdn.shiftleft.io/download/sl > /usr/local/bin/sl && chmod a+rx /usr/local/bin/sl
# run code analysis
sl analyze --wait --tag branch=$CIRCLE_BRANCH --app <YOUR_APP> /tmp/workspace/target/<PATH_TO_JAR_OR_WAR>