DuckDefender
Deployment Options
Other CI tools
Jenkins

Jenkins

To run SAST on your code, you need to configure runners. However, if you are using Jenkins for automated integration and deployments, you can leverage this feature to set up the agent and perform SAST scans.

PREREQUISITES
Ensure Docker is installed on the Jenkins server before adding Jenkins jobs.
For detailed instructions on setup, please refer to the Docker documentation (opens in a new tab)

Steps to Create a Jenkins Credential

FlyingDuck API Key
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select Secret text.

Jenkins API Key

  • Enter your FD_API_KEY value in the Secret field.
  • Under ID, give a ID name fd-api-key-id.
  • Under Description, give a value "FlyingDuck API key".
  • Click Create.
GitHub Credential
HTTPS
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select Username with password.
  • Enter your GitHub username in the Username field.
  • Enter your GitHub password (or personal access token) in the Password field.

Jenkins GitHub HTTPS

  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "GitHub credentials for HTTPS checkout".
  • Click Create.
SSH
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select SSH Username with private key.
  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "GitHub credentials for SSH checkout".

Jenkins GitHub SSH

  • Enter your GitHub username in the Username field.
  • In the private key field, select Enter directly, then click Add and paste your private key.
  • If you have a passphrase, enter it in the Passphrase field; otherwise, leave it blank.
  • Click Create.
Bitbucket Credential
HTTPS
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select Username with password.
  • Enter your Bitbucket username in the Username field.
  • Enter your Bitbucket password (or personal access token) in the Password field.

Jenkins Bitbucket HTTPS

  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "Bitbucket credentials for HTTPS checkout".
  • Click Create.
SSH
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select SSH Username with private key.
  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "Bitbucket credentials for SSH checkout".

Jenkins Bitbucket SSH

  • Enter your Bitbucket username in the Username field.
  • In the private key field, select Enter directly, then click Add and paste your private key.
  • If you have a passphrase, enter it in the Passphrase field; otherwise, leave it blank.
  • Click Create.
GitLab Credential
HTTPS
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select Username with password.
  • Enter your GitLab username in the Username field.
  • Enter your GitLab password (or personal access token) in the Password field.

Jenkins GitLab HTTPS

  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "GitLab credentials for HTTPS checkout".
  • Click Create.
SSH
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select SSH Username with private key.
  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "GitLab credentials for SSH checkout".

Jenkins GitLab SSH

  • Enter your GitLab username in the Username field.
  • In the private key field, select Enter directly, then click Add and paste your private key.
  • If you have a passphrase, enter it in the Passphrase field; otherwise, leave it blank.
  • Click Create.
Azure DevOps Credential
HTTPS
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select Username with password.
  • Enter your Azure DevOps username in the Username field.
  • Enter your Azure DevOps password (or personal access token) in the Password field.

Jenkins Azure DevOps HTTPS

  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "Azure DevOps credentials for HTTPS checkout".
  • Click Create.
SSH
  • Navigate to Jenkins -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted).
  • Click on Add Credentials.
  • In the Kind dropdown, select SSH Username with private key.
  • Under ID, give a ID name git-credentials-id.
  • Under Description, give a value "Azure DevOps credentials for SSH checkout".

Jenkins Azure DevOps SSH

  • Enter your Azure DevOps username in the Username field.
  • In the private key field, select Enter directly, then click Add and paste your private key.
  • If you have a passphrase, enter it in the Passphrase field; otherwise, leave it blank.
  • Click Create.

Configuring DuckDefender through Jenkins

  • Navigate to the Jenkins dashboard and click on New Item.
Create a New Job:
  • Input the desired job name, choose Freestyle Project, and then click OK.
Add Description:
  • In the Description field, you can provide a description, such as "Duckdefender agent for code scanning and analysis".
Source Code Management:
  • Under Source Code Management, choose Git.
  • Enter the Repository URL.
  • Add your Credentials.
  • In the Branches to build section, specify the branches to build, e.g., main.
Build Environment:
  • Select Use secret text(s) or file(s).
  • Under Bindings, click Add and select Secret text
  • Under Secret test, in the Variable field, add: FD_API_KEY.
  • Under Credentials, choose Specific credentials and select your API key from the dropdown list.
Build Steps:
  • Under Add build step, select Execute Shell and enter the below Duckdefender agent command.
docker run --rm --pull=always -e FD_API_KEY=${FD_API_KEY} -v ${WORKSPACE}:/src --entrypoint /bin/bash flyingduckio/duckdefender:latest -c "duckdefender code --all"
  • After configuring the build steps, click Save and Build Now.

Optional Steps:

Post-Build Actions:
  • To delete the workspace after the build, under Post-build Actions, select Delete workspace when build is done, and click Save.
Automating Code Scanning & Analysis:
  • To automate scans, add Build Triggers.
  • Under Build Triggers, choose GitHub hook trigger for GITScm polling.

For detailed instructions on setup, please refer to the GitHub plugin documentation (opens in a new tab).

Additionally, If you need to run code scan with flexible options you can refer to the CLI examples..

On-premiseUser Management