Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
This guide will show you how to integrate Kiuwan with Atlassian Bamboo.
Contents:
Table of Contents |
---|
...
Introduction to the integration
...
with Atlassian Bamboo
Kiuwan analyses can be integrated into the continuous integration process with Atlassian Bamboo. The analyses can run completely automated to enable continuous code security. It is even possible to automatically enforce your security policies
...
.
In continuous integration and continuous delivery (CI/CD) environments, it is very common (and
...
recommended) to ensure the security and quality of the software under development with an automated solution.
Kiuwan
...
allows you to do baseline or delivery analysis
...
as a step in the build plan defined in Bamboo.
...
A Kiuwan analysis will be executed by a Bamboo
...
agent.
...
This could be a remote agent or the default agent running on the Bamboo server
...
.
Image Modified
...
Configure
...
the Bamboo agents
...
Before you start:
- Make sure that
...
- any agent
...
- which can potentially
...
- run a Kiuwan analysis as part of a build plan
...
- has the Kiuwan Local Analyzer (KLA) installed on the same machine
...
- .
- Configure a Kiuwan agent-specific capability in the agent.
For example, if you install your KLA in C:\KiuwanLocalAnalyzer, you can configure a new agent-specific capability as follows:
...
Go to the Bamboo agents admin page and select the agent you want to configure
Click
...
Add capability
...
Select Executable from the Capability type dropdown
Select Command from the Type dropdown
Give the new capability a unique label to identify it
...
(KLA for example)
Specify the complete absolute path to the KLA command
...
(C:\KiuwanLocalAnalyzer\bin\agent.cmd for example)
Image Modified
Image Modified
Info |
---|
Repeat this operation for all agents that will run Kiuwan analyses. |
...
The more agents you have with the KLA capability, the more analyses you can run in parallel. This will depend on the number of applications you have under continuous development and your build/analysis strategy. |
Once you have all your agents configured, you can create (or modify) build plans to run Kiuwan analyses.
Create Bamboo builds for projects to analyze
Build plans in Bamboo are created for a specific project. Create one, or select an existing one to configure it.
Configure Kiuwan credentials
First
...
, configure the Kiuwan credentials variables.
Go to the
...
Variables tab and create
...
two variables called KiuwanUser and
...
KiuwanPassword. For example:
Image Modified
Alternatively, you could create a global variable for your credentials. In that case, the same credentials will be used across your build plans
...
.
...
Create an analysis stage
...
Create a stage to add
...
a Kiuwan analysis job to it or add a job in an existing stage (
...
as we have done here in the default stage).
In
...
Job definition,
...
search for the KLA capability and specify
...
that it must ‘exist’. This configuration ensures that the job is sent to an agent that has the KLA installed.
Then go to the Tasks tab to configure the Kiuwan analysis task. Kiuwan needs the source code to analyze it, so make sure that there is a ‘Source Code Checkout’ task before anything else.
...
Finally, add a Script task to run the Kiuwan analysis.
...
Configure more tasks (like build) in this stage or just use it only for the analysis
...
.
- Select the new Script task
...
- and add a description (in our case Kiuwan baseline analysis, because that is what it is going to do)
...
- Select the Windows PowerShell, if your agents are Windows
...
- -based. For Linux-based agents, you have to specify a different agent capability and here select Shell
...
- .
- Next, select Inline in script location (you could have a file in your repository with the script to run).
- Finally, enter the following script code in the Script body text area:
This is a PowerShell example, using some PowerShell commandlets. You can
...
create a similar script for Linux shells mimicking the functionality.
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
$project_name = "${bamboo.planName}".Split("-")[0].Trim()
agent -n "$project_name" -s ${bamboo.build.working.directory}\src -l "Bamboo build ${bamboo.buildNumber}" -c --user ${bamboo.KiuwanUser} --pass ${bamboo.KiuwanPassword} -wr
exit $lastexitcode |
Image Modified
Alternative Kiuwan analysis
...
: Delivery
Kiuwan can run
...
two different types of analysis: baseline and delivery. In the previous example, the script
...
runs a baseline analysis
...
. If you want to run a delivery analysis
...
your script will look something like the following:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
$project_name = "${bamboo.planName}".Split("-")[0].Trim()
$change_request = "New CR"
agent -n $project_name -s ${bamboo.build.working.directory}\src -l "${bamboo.shortPlanKey}${bamboo.shortJobKey}-${bamboo.buildNumber}" -as completeDelivery -crs resolved -cr ${bamboo.planRepository.branch} -bn ${bamboo.planRepository.branch} --user ${bamboo.KiuwanUser} --pass ${bamboo.KiuwanPassword} -wr
exit $lastexitcode |
...
...
...
A good use case could be to run a Delivery analysis for every pull request, so the policy is applied before the merge. The merge can be blocked if the pull request doesn’t pass the Kiuwan audit.
Run
...
build plans
You can run the build plan manually or define different triggers and strategies to run them automatically.
What you do will depend on your development process.
You can follow the Kiuwan task execution on-line or check the logs after execution:
...
...
...
...