Jenkins Integration Examples
This section provides the Jenkins integration examples for different use cases.
Example 1. Scan from the cloud using the Bright CLI (NPM installation)
To apply this option, you only need to install the Bright CLI globally on your Jenkins machine using the relative NPM command.
Prerequisites
- You have a valid organization API key or personal API key (
BRIGHT_TOKEN
) with the following scopes:bot
,scans : run
,scan : read
, andscans : stop
. - You have downloaded the Node.js plug-in to your Jenkins machine.
- You have created the
BRIGHT_TOKEN
environmental variable on your Jenkins machine. - You have copied the Bright
PROJECT_ID
on the Projects page. If you do not specify thePROJECT_ID
, the scan will be run under Default project.
Step-by-step guide
STEP 1 - Install the CLI
sh 'npm install @brightsec/cli -g || true'
STEP 2 - Run (retest) a scan
- If you need to run a new scan with a Crawler, use the following script:
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --name "Jenkins Scan" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
- If you need to re-test a previous scan with its ID
OLD_SCAN_ID
, use the following script:
echo "Retest a scan"
NEW_SCAN_ID=$(bright-cli scan:retest --token=$BRIGHT_TOKEN $OLD_SCAN_ID)
echo "Scan was started with ID https://app.brightsec.com/scans/$NEW_SCAN_ID\n"
STEP 3 - Poll the results
Note
When polling the scan results, it is recommended to follow the fail-fast principle by using the
breakpoint
command. See Bright CLI Command List for a full list of commands you can use in your Jenkins flow.
Poll the scan until it returns some issue, or its time runs out:
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint medium_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
STEP 4 - View the results
To view the scan results, go to the Bright app. For the instructions, see here.
Complete example
The following example is made up of the steps above and shows how to run a new scan using the Crawler discovery type:
pipeline {
agent any
environment {
BRIGHT_TOKEN = "$BRIGHT_TOKEN"
}
tools {nodejs "node"}
stages {
stage("Install Dep"){
steps{
sh 'npm install @brightsec/cli -g || true'
}
}
stage('Start Scan') {
steps {
sh '''#!/bin/bash
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --name "Jenkins Scan" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
sleep 10
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint medium_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
fi
'''
}
}
}
}
Example 2. Scan in the repeater mode using the Bright CLI (NPM installation)
To apply this option, you need to install the Bright CLI on your Jenkins machine and activate the Repeater using the Repeater ID and Bright API key.
Prerequisites
- You have the Repeater with a valid ID ‘REPEATER’. See Managing Repeaters for information about handling the Repeaters.
- You have a valid organization API key or personal API key (
BRIGHT_TOKEN
) with the following scopes:bot
,scans : run
,scan : read
, andscans : stop
. - You have downloaded the Node.js plug-in to your Jenkins machine.
- You have created the
BRIGHT_TOKEN
environmental variable on your Jenkins machine. - You have copied the Bright
PROJECT_ID
on the Projects page. If you do not specify thePROJECT_ID
, the scan will be run under Default project.
Step-by-step guide
STEP 1 - Install the CLI
sh 'npm install @brightsec/cli -g || true'
STEP 2 - Activate the repeater
PID_REPEATER=$(bright-cli repeater --token=${BRIGHT_TOKEN} --id=${REPEATER_ID} &> /dev/null & echo $!)
Note
If a valid API token
BRIGHT_TOKEN
and Repeater IDREPEATER
were not added, then the Unauthorized access error appears. Please check your credentials.
Important
Make sure that the Repeater has an outbound connection to the Bright host depending on its deployment. The Repeater should be connected either to the default amq.app.brightsec.com via the AMQ protocol (over TLS) using port 5672 or to your private cloud using the relative port.
STEP 2 - Run (retest) a scan
- If you need to run a new scan with a Crawler, use the following script:
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --name "Jenkins Scan with Repeater" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
- If you need to re-test a previous scan with its ID
OLD_SCAN_ID
and API keyBRIGHT_TOKEN
, use the following script:
echo "Retest a scan"
NEW_SCAN_ID=$(bright-cli scan:retest --token=$BRIGHT_TOKEN $OLD_SCAN_ID;
echo "Scan started $NEW_SCAN_ID";
STEP 4 - Poll the results
Note
When polling the scan results, it is recommended to follow the fail-fast principle by using the
breakpoint
command. See Bright CLI Command List for a full list of commands you can use in your Jenkins flow.
Poll the scan until it returns some issue, or its time runs out:
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
After that - stop the scan:
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
STEP 5 - View the results
To view the scan results, go to the Bright app. For the instructions, see here.
Complete example
The following example is made up of the steps above and shows how to run a new scan via the Repeater using the Crawler discovery type:
pipeline {
agent any
environment {
BRIGHT_TOKEN = "$BRIGHT_TOKEN"
REPEATER_ID = "$REPEATER"
}
tools {nodejs "node"}
stages {
stage("Install Dep"){
steps{
sh 'npm install @brightsec/cli -g || true'
}
}
stage('Start Scan') {
steps {
sh '''#!/bin/bash
echo "Start Repeater 🏁"
PID_REPEATER=$(bright-cli repeater --token=${BRIGHT_TOKEN} --id=${REPEATER_ID} &> /dev/null & echo $!)
echo "Repeater started PID: $PID_REPEATER\n"
sleep 10
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --repeater ${REPEATER_ID} --name "Jenkins Scan with Repeater" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
sleep 10
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
fi
'''
}
}
}
Example 3. Scan in the repeater mode using the Bright CLI (docker installation)
To apply this option, you need to configure a Docker image inside your pipeline (for example, by creating a docker-compose file). Once the Docker is configured, you can run the Bright CLI and activate the Repeater using the Repeater ID and Bright API key.
Prerequisites
- You have the Repeater with a valid ID ‘REPEATER’. See Managing Repeaters for the information about handling the Repeaters.
- You have a valid organization API key or personal API key (
BRIGHT_TOKEN
) with the following scopes:bot
,scans : run
,scan : read
, andscans : stop
. - You have downloaded the Node.js plug-in to your Jenkins machine.
- You have created the
BRIGHT_TOKEN
environmental variable on your Jenkins machine. - You have copied the Bright
PROJECT_ID
on the Projects page. If you do not specify thePROJECT_ID
, the scan will be run under Default project.
Step-by-step guide
STEP 1 - Run the docker container with the repeater
sh 'npm install @brightsec/cli -g || true'
sh 'docker rm $(docker ps --filter status=exited -q)'
sh 'docker run -d --name "NLRepeater1" bright/repeater:latest repeater --id ${REPEATER} --token ${BRIGHT_TOKEN}'
Note
If a valid API token
BRIGHT-TOKEN
and Repeater IDREPEATER
were not added, then the Unauthorized access error appears. Please check your credentials.
Important
Make sure that the Repeater has an outbound connection to the Bright host depending on its deployment. The Repeater should be connected either to the default amq.app.brightsec.com via the AMQ protocol (over TLS) using port 5672 or to your private cloud using the relative port.
STEP 2 - Start a Scan
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --repeater ${REPEATER} --name "Jenkins Scan with Docker" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
STEP 3 - Poll the results
Note
When polling the scan results, it is recommended to follow the fail-fast principle by using the
breakpoint
command. See Bright CLI Command List for a full list of commands you can use in your Travis flow.
echo "Poll for scan results";
# Poll the scan until it returns some issue, or its time runs out
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
# After that - stop the scan
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
STEP 4 - Stop the docker container
sh 'docker kill "NLRepeater1"'
sh 'docker rm $(docker ps --filter status=exited -q)'
STEP 5 - View the results
To view the scan results, go to the Bright app. For the instructions, see here.
Complete example
The following example is made up of the steps above and shows how to run a new scan via the Repeater using the Crawler discovery type:
pipeline {
agent any
environment {
BRIGHT_TOKEN = "$BRIGHT_TOKEN"
}
tools {nodejs "node"}
stages {
stage("Install Dep"){
steps{
sh 'npm install @brightsec/cli -g || true'
sh 'docker rm $(docker ps --filter status=exited -q)'
sh 'docker run -d --name "NLRepeater1" bright/repeater:latest repeater --id ${REPEATER} --token ${BRIGHT_TOKEN}'
sleep 5
}
}
stage('Start Scan') {
steps {
sh '''#!/bin/bash
echo "Start Bright Scan 🏁"
SCAN_ID=$(bright-cli scan:run --token ${BRIGHT_TOKEN} --repeater ${REPEATER} --name "Jenkins Scan with Docker" --crawler https://brokencrystals.com/ --smart)
echo "Scan was started with ID https://app.brightsec.com/scans/$SCAN_ID\n"
sleep 10
echo "Wait for issues ⏳\n"
RESULT=$(bright-cli scan:polling --interval 30s --timeout 20m --token $BRIGHT_TOKEN --breakpoint high_issue $SCAN_ID)
if [ -z "$RESULT" ]
then
echo "Failed to stop scan"
else
echo "Stop Scan 🛑"
bright-cli scan:stop --token $BRIGHT_TOKEN $SCAN_ID
fi
'''
}
}
stage('Stop Docker container') {
steps {
sh 'docker kill "NLRepeater1"'
sh 'docker rm $(docker ps --filter status=exited -q)'
}
}
}
}
Updated over 1 year ago