Jenkins pipelines
Configuring DuckDefender through Jenkins pipelines
To run SAST on your code, you need to configure runners. However, if you are using Jenkins pipelines for automated integration and deployments, you can leverage this feature to set up the agent and perform SAST scans. DuckDefender can be configured in Jenkins pipelines in two ways.
- In a new pipeline
- In an existing pipeline
Ensure Docker is installed on the Jenkins server before adding pipelines.
In a new pipeline
If you don't have an existing pipeline or want to configure a new pipeline specifically for running code scans, use the snippet below.
pipeline {
agent any
environment {
GIT_URL = "https://github.com/user/example.git"
}
stages {
stage("checkout code") {
steps {
git branch: 'main', credentialsId: 'github-credentials', url: "${GIT_URL}"
}
}
stage("duckdefender code scan") {
steps {
script {
withCredentials([string(credentialsId: 'fd-api-key-id', variable: 'FD_API_KEY')]) {
sh 'docker run -e FD_API_KEY="${FD_API_KEY}" -v "${WORKSPACE}:/src" --entrypoint /bin/sh flyingduckio/duckdefender:latest -c "duckdefender code --all"'
}
}
}
}
}
}
In an existing pipeline
If you already have a pipeline and want to integrate DuckDefender, add the following snippet as a new stage.
stage("duckdefender code scan") {
steps {
script {
withCredentials([string(credentialsId: 'fd-api-key-id', variable: 'FD_API_KEY')]) {
sh 'docker run -e FD_API_KEY="${FD_API_KEY}" -v "${WORKSPACE}:/src" --entrypoint /bin/sh flyingduckio/duckdefender:latest -c "duckdefender code --all"'
}
}
}
}Steps to Create a FlyingDuck API Key Secret Text Credential
- Navigate to
Jenkins->Manage Jenkins->Manage Credentials. - Select the appropriate domain (e.g., Global).
- Click on
Add Credentials. - In the
Kinddropdown, selectSecret text.
- Enter your FD_API_KEY value in the
Secretfield. - Under
IDgive your id name (e.g., fd-api-key-id). - Under
Descriptiongive value (e.g., FlyingDuck API key).
Additionally, If you need to run code scan with flexible options you can refer to the CLI examples..