Date: Thu, 28 Mar 2024 22:10:16 +0100 (CET) Message-ID: <156247996.1292.1711660216755@localhost> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1291_794381831.1711660216754" ------=_Part_1291_794381831.1711660216754 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This guide will show you how to integrate Kiuwan with Atlassian Bamboo.&= nbsp;
Contents:
= Kiuwan analyses can be integrated into the continuous integration process w= ith Atlassian Bamboo. The analyses can run completely automated to enable c= ontinuous code security. It is even possible to automatically enforce your = security policies.
In = continuous integration and continuous delivery (CI/CD) environments, it is = very common (and recommended) to ensure the security and quality of the sof= tware under development with an automated solution.
Kiu= wan allows you to do baseline or delivery analysis as a step in the build p= lan defined in Bamboo.
&nb= sp;A Kiuwan analysis will be e= xecuted by a Bamboo agent. This could be a remote agent or the default agen= t running on the Bamboo server.
Befo= re you start:
For example, if you install yo=
ur KLA in C:\KiuwanLocalAnalyzer, you can configure a new agent-sp=
ecific capability as follows:<=
br>
Go to the Bamboo agents= admin page and select the agent you want to configure
<= /li>Click Add capability
Select Executable from the Capability type dropdown
Select Command= from the Type dropdown
Give the new capability a
Specify the complete absolute p= ath to the KLA command (C:\KiuwanLocalAnalyzer\bin\agent.cmd for e= xample)
&nb= sp;
Rep= eat this operation for all agents that will run Kiuwan analyses.
Once you have all your agents configured, you can create (or modify) build =
plans to run Kiuwan analyses.
Bui= ld plans in Bamboo are created for a specific project. Create one, or selec= t an existing one to configure it.
Fir= st, configure the Kiuwan credentials variables.
Go =
to the Variables tab and create two variables called
Alt= ernatively, you could create a global variable for your credentials. In tha= t case, the same credentials will be used across your build plans.= p>
Create a stage to add a Kiuwan analysis j= ob to it or add a job in an existing stage (as we have done here in the def= ault stage).
In Job definition, = search for the KLA capability and specify that it must =E2=80=98exist=E2=80= =99. This configuration ensures that the job is sent to an agent that has t= he KLA installed.
The= n go to the Tasks tab to configure the Kiuwan analysis tas= k. Kiuwan needs the source code to analyze it, so make sure that there is a= =E2=80=98Source Code Checkout=E2=80=99 task before anything else.= p>
Fin= ally, add a Script task to run the Kiuwan analysis. Configure more tasks (l= ike build) in this stage or just use it only for the analysis.
This is a PowerShell example, using some PowerShell commandlets. You can c= reate a similar script for Linux shells mimicking the functionality.=
$project_name =3D "${bamboo.planName}".Split("-")[0].Trim() agent -n "$project_name" -s ${bamboo.build.working.directory}\src -l "Bambo= o build ${bamboo.buildNumber}" -c --user ${bamboo.KiuwanUser} --pass ${bamb= oo.KiuwanPassword} -wr exit $lastexitcode
Kiuwan can run two different types of= analysis: baseline and delivery. In the previous example, the script runs = a baseline analysis. If you want to run a delivery analysis your script wil= l look something like the following:
$project_name =3D "${bamboo.planName}".Split("-")[0].Trim() $change_request =3D "New CR" agent -n $project_name -s ${bamboo.build.working.directory}\src -l "${bambo= o.shortPlanKey}${bamboo.shortJobKey}-${bamboo.buildNumber}" -as completeDel= ivery -crs resolved -cr ${bamboo.planRepository.branch} -bn ${bamboo.planR= epository.branch} --user ${bamboo.KiuwanUser} --pass ${bamboo.KiuwanPasswor= d} -wr exit $lastexitcode
A good use case could be to run a Del= ivery analysis for every pull request, so the policy is applied before the = merge. The merge can be blocked if the pull request doesn=E2=80=99t pass th= e Kiuwan audit.
You can run the build plan manually o= r define different triggers and strategies to run them automatically.
What you do will depend on your devel= opment process.
You can follow the Kiuwan task execut= ion on-line or check the logs after execution: