This section describes how to integrate Travis builds with ShiftLeft.
To integrate Travis builds with ShiftLeft, please adhere to the following prerequisites:
Travis instance (hosted or on-prem)
Supported application and build tool (see code analysis requirements)
Familiarity with ShiftLeft Workflow
ShiftLeft account credentials: Organization ID and Upload Token
Initially these credentials will be provided to you by ShiftLeft. Once you have established your account you can copy them from the My Profile page at the ShiftLeft Dashboard.
You have a couple of options for integrating Travis builds with ShiftLeft. The first option is applicable to both editions of Travis: hosted and on-prem. The second option can only be used with Travis Enterprise (on-prem).
The typical approach is to configure the CLI installation and
sl analyze using the
travis.yml file, which means you can use either the hosted or on-prem edition of Travis.
Here is an example
travis.yml file that demonstrates how to integrate ShiftLeft with Travis:
language: javadist: trustyinstall:- <INSTALL CLI TOOL>- <any other dependency install steps>after_install:- <RUN CLI & AUTHENTICATE (if not using environment variables, see note below)>script:- run your tests here- or any other tasksafter_script:- <RUN CLI & EXECUTE COMMAND sl analyze>
Each Travis build uses an ephemeral Linux container (Docker). If desired you could modify the build containers to do the
install (CLI installation) and
analyze) steps. This involves editing the Dockerfile as described in the Travis documentation.
Modifying the build container is a Travis Enterprise (on-prem) feature only; you cannot modify the build container using hosted Travis.