Jenkins Integration Examples
This section provides the Jenkins integration examples for different use cases.
Example 1. Scan from the cloud using the Bright CLI (NPM installation)
To apply this option, you only need to install the Bright CLI globally on your Jenkins machine using the relative NPM command.
Prerequisites
- You have a valid organization API key or personal API key (
BRIGHT_TOKEN) with the following scopes:bot,scans : run,scan : read, andscans : stop. - You have downloaded the Node.js plug-in to your Jenkins machine.
- You have created the
BRIGHT_TOKENenvironmental variable on your Jenkins machine. - You have copied the Bright
PROJECT_IDon the Projects page. If you do not specify thePROJECT_ID, the scan will be run under Default project.
Step-by-step guide
STEP 1 - Install the CLI
sh 'npm install @brightsec/cli -g || true'
STEP 2 - Run (retest) a scan
- If you need to run a new scan with a Crawler, use the following script:
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --name "Jenkins Scan" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
- If you need to re-test a previous scan with its ID
OLD_SCAN_ID, use the following script:
echo "Retest a scan"
NEW_SCAN_ID=$(bright-cli scan:retest --token=$BRIGHT_TOKEN $OLD_SCAN_ID)
echo "Scan was started with ID https://app.brightsec.com/scans/$NEW_SCAN_ID\n"
STEP 3 - Poll the results
Note
When polling the scan results, it is recommended to follow the fail-fast principle by using the
breakpointcommand. See Bright CLI Command List for a full list of commands you can use in your Jenkins flow.
Poll the scan until it returns some issue, or its time runs out:
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint medium_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
STEP 4 - View the results
To view the scan results, go to the Bright app. For the instructions, see here.
Complete example
The following example is made up of the steps above and shows how to run a new scan using the Crawler discovery type:
pipeline {
agent any
environment {
BRIGHT_TOKEN = "$BRIGHT_TOKEN"
}
tools {nodejs "node"}
stages {
stage("Install Dep"){
steps{
sh 'npm install @brightsec/cli -g || true'
}
}
stage('Start Scan') {
steps {
sh '''#!/bin/bash
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --name "Jenkins Scan" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
sleep 10
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint medium_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
fi
'''
}
}
}
}
Example 2. Scan in the repeater mode using the Bright CLI (NPM installation)
To apply this option, you need to install the Bright CLI on your Jenkins machine and activate the Repeater using the Repeater ID and Bright API key.
Prerequisites
- You have the Repeater with a valid ID ‘REPEATER’. See Managing Repeaters for information about handling the Repeaters.
- You have a valid organization API key or personal API key (
BRIGHT_TOKEN) with the following scopes:bot,scans : run,scan : read, andscans : stop. - You have downloaded the Node.js plug-in to your Jenkins machine.
- You have created the
BRIGHT_TOKENenvironmental variable on your Jenkins machine. - You have copied the Bright
PROJECT_IDon the Projects page. If you do not specify thePROJECT_ID, the scan will be run under Default project.
Step-by-step guide
STEP 1 - Install the CLI
sh 'npm install @brightsec/cli -g || true'
STEP 2 - Activate the repeater
PID_REPEATER=$(bright-cli repeater --token=${BRIGHT_TOKEN} --id=${REPEATER_ID} &> /dev/null & echo $!)
Note
If a valid API token
BRIGHT_TOKENand Repeater IDREPEATERwere not added, then the Unauthorized access error appears. Please check your credentials.
STEP 2 - Run (retest) a scan
- If you need to run a new scan with a Crawler, use the following script:
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --name "Jenkins Scan with Repeater" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
- If you need to re-test a previous scan with its ID
OLD_SCAN_IDand API keyBRIGHT_TOKEN, use the following script:
echo "Retest a scan"
NEW_SCAN_ID=$(bright-cli scan:retest --token=$BRIGHT_TOKEN $OLD_SCAN_ID;
echo "Scan started $NEW_SCAN_ID";
STEP 4 - Poll the results
Note
When polling the scan results, it is recommended to follow the fail-fast principle by using the
breakpointcommand. See Bright CLI Command List for a full list of commands you can use in your Jenkins flow.
Poll the scan until it returns some issue, or its time runs out:
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
After that - stop the scan:
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
STEP 5 - View the results
To view the scan results, go to the Bright app. For the instructions, see here.
Complete example
The following example is made up of the steps above and shows how to run a new scan via the Repeater using the Crawler discovery type:
pipeline {
agent any
environment {
BRIGHT_TOKEN = "$BRIGHT_TOKEN"
REPEATER_ID = "$REPEATER"
}
tools {nodejs "node"}
stages {
stage("Install Dep"){
steps{
sh 'npm install @brightsec/cli -g || true'
}
}
stage('Start Scan') {
steps {
sh '''#!/bin/bash
echo "Start Repeater 🏁"
PID_REPEATER=$(bright-cli repeater --token=${BRIGHT_TOKEN} --id=${REPEATER_ID} &> /dev/null & echo $!)
echo "Repeater started PID: $PID_REPEATER\n"
sleep 10
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --repeater ${REPEATER_ID} --name "Jenkins Scan with Repeater" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
sleep 10
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
fi
'''
}
}
}
Example 3. Scan in the repeater mode using the Bright CLI (docker installation)
To apply this option, you need to configure a Docker image inside your pipeline (for example, by creating a docker-compose file). Once the Docker is configured, you can run the Bright CLI and activate the Repeater using the Repeater ID and Bright API key.
Prerequisites
- You have the Repeater with a valid ID ‘REPEATER’. See Managing Repeaters for the information about handling the Repeaters.
- You have a valid organization API key or personal API key (
BRIGHT_TOKEN) with the following scopes:bot,scans : run,scan : read, andscans : stop. - You have downloaded the Node.js plug-in to your Jenkins machine.
- You have created the
BRIGHT_TOKENenvironmental variable on your Jenkins machine. - You have copied the Bright
PROJECT_IDon the Projects page. If you do not specify thePROJECT_ID, the scan will be run under Default project.
Step-by-step guide
STEP 1 - Run the docker container with the repeater
sh 'npm install @brightsec/cli -g || true'
sh 'docker rm $(docker ps --filter status=exited -q)'
sh 'docker run -d --name "NLRepeater1" bright/repeater:latest repeater --id ${REPEATER} --token ${BRIGHT_TOKEN}'
Note
If a valid API token
BRIGHT-TOKENand Repeater IDREPEATERwere not added, then the Unauthorized access error appears. Please check your credentials.
STEP 2 - Start a Scan
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --repeater ${REPEATER} --name "Jenkins Scan with Docker" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
STEP 3 - Poll the results
Note
When polling the scan results, it is recommended to follow the fail-fast principle by using the
breakpointcommand. See Bright CLI Command List for a full list of commands you can use in your Travis flow.
echo "Poll for scan results";
# Poll the scan until it returns some issue, or its time runs out
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
# After that - stop the scan
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
STEP 4 - Stop the docker container
sh 'docker kill "NLRepeater1"'
sh 'docker rm $(docker ps --filter status=exited -q)'
STEP 5 - View the results
To view the scan results, go to the Bright app. For the instructions, see here.
Complete example
The following example is made up of the steps above and shows how to run a new scan via the Repeater using the Crawler discovery type:
pipeline {
agent any
environment {
BRIGHT_TOKEN = "$BRIGHT_TOKEN"
}
tools {nodejs "node"}
stages {
stage("Install Dep"){
steps{
sh 'npm install @brightsec/cli -g || true'
sh 'docker rm $(docker ps --filter status=exited -q)'
sh 'docker run -d --name "NLRepeater1" bright/repeater:latest repeater --id ${REPEATER} --token ${BRIGHT_TOKEN}'
sleep 5
}
}
stage('Start Scan') {
steps {
sh '''#!/bin/bash
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --repeater ${REPEATER} --name "Jenkins Scan with Docker" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
sleep 10
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
fi
'''
}
}
stage('Stop Docker container') {
steps {
sh 'docker kill "NLRepeater1"'
sh 'docker rm $(docker ps --filter status=exited -q)'
}
}
}
}
Updated 4 months ago