Travis CI is a hosted continuous integration service used to build and test software projects hosted at GitHub. You can integrate your Travis project with ShiftLeft Inspect for automated code analysis. To do so, configure each Travis project to execute the ShiftLeft Inspect shell command
The prerequisites for integrating Travis application builds are:
Familiarity with ShiftLeft Inspect.
ShiftLeft account credentials: Organization ID and Access Token. When you first log into ShiftLeft, these credentials are provided. Once you have established your account, you can obtain your Organization ID and Access Token from the Account Settings page of the ShiftLeft Dashboard.
You can integrate Travis builds with ShiftLeft by either configuring the yaml file or by customizing the container.
This method can be used with both the hosted and on-prem Travis versions.
The typical approach is to configure the CLI installation and
sl analyze using the
travis.yml file, which means you can use either the hosted or on-prem edition of Travis.
An example of the
travis.yml file that demonstrates how to integrate ShiftLeft with Travis is
language: javadist: trustyinstall:- <INSTALL CLI TOOL>- <any other dependency install steps>after_install:- <RUN CLI & AUTHENTICATE (if not using environment variables, see note below)>script:- run your tests here- or any other tasksafter_script:- <RUN CLI & EXECUTE COMMAND sl analyze>
See the Travis documentation.
This method can only be used with Travis Enterprise (on-prem) version.
Each Travis build uses an ephemeral Linux container (Docker). If desired you could modify the build containers to do the
install (CLI installation) and
analyze) steps. This involves editing the Dockerfile as described in the Travis documentation.
Note: Modifying the build container is a Travis Enterprise (on-prem) feature only; you cannot modify the build container using hosted Travis.