For CoCD you need to create a script file as part of the build project. With GoCD, all builds occur on agents: either containers or instances.
To integrate GoCD builds with ShiftLeft, please adhere to the following prerequisites:
GoCD installation (server and agent)
Supported application and build tool (see code analysis requirements)
Familiarity with ShiftLeft Inspect and Protect
ShiftLeft account credentials: Organization ID and Upload Token
Initially these credentials will be provided to you by ShiftLeft. Once you have established your account you can copy them from the My Profile page at the ShiftLeft Dashboard.
To integrate ShiftLeft with GoCD builds, install the ShiftLeft CLI on the host where the GoCD server is installed and authenticate with ShiftLeft:
Install the ShiftLeft CLI on the host where GoCD server is installed.
Log in to GoCD server as an administrator.
Create the following Environment variables:
SHIFTLEFT_ORG_ID| Value: Organization ID
SHIFTLEFT_UPLOAD_TOKEN| Value: Upload Token
See SL Auth for more information.
Go into a particular GoCD agent image and add the
sl binary to the agent path at
Use a terminal editor to add a shell script that consists of these two lines:
Or, to use CPG-mode for analysis:
#!/bin/sh/usr/local/bin/sl analyze --cpg
Check this shell file into the project's repository.
Once you have checked in the shell script:
Go to the project itself.
Click the gear icon or Settings.
Go to Stages tab.
Add a new Stage.
Stage Name: SL Analyze
Trigger Type: On Success
Job Name: SL Analyze
Task Type: More