Sec1 Security plugin help developers/teams to scan their SCM for open source vulnerabilities against Sec1 Security DB
To use the plugin up you will need to take the following steps in order:
By default, Sec1 uses the https://api.sec1.io endpoint.
It is possible to configure Sec1 to use a different endpoint by changing the SEC1_INSTANCE_URL
environment variable:
SEC1_INSTANCE_URL
and the value to the custom endpoint<YOUR_SEC1_API_KEY_ID>
as ID and Configure the Credentials.To get Sec1 Api Key
navigate to Scopy > "Login with GitHub" > "Settings"
This step will depend on if you're using Freestyle Projects or Pipeline Projects.
Use the sec1Security
step as part of your pipeline script. You can use the "Snippet Generator" to generate the code
from a web form and copy it into your pipeline.
pipeline {
agent any
stages {
stage('Build') {
steps {
echo 'Building...'
}
}
stage('Sec1 Security') {
steps {
script {
sec1Security (
scanFileLocation: "${WORKSPACE}", // this is the location of you scm checkout directory. if not configured don't change it.
apiCredentialsId: "<Your Sec1 Api Key ID>",
//optional
applyThreshold: true,
actionOnThresholdBreached: "unstable",
threshold: [criticalThreshold: '0', highThreshold: '0']
)
}
}
}
stage('Deploy') {
steps {
echo 'Deploying...'
}
}
}
}
scanFileLocation
(required, default: ${WORKSPACE}
)Location where scm checkout is done. Default is ${WORKSPACE}
of build job.
Scan will fill if you dont provide this value.
apiCredentialsId
(optional, default: none)Sec1 Api Key Credential ID. As configured in "2. Configure a Sec1 API Token Credential".
applyThreshold
(optional, default: false
)Whether vulnerability threshold needs to be applied on the build.
threshold
(optional, default: false
)Threshold values for each type of vulerability. e.g. configuration: [criticalThreshold: '0', highThreshold: '10', mediumThreshold: '0', lowThreshold: '0']
If scan reports gives more vulnerabilities than configured threshold for the respective type of vulnerability then error will be shown in console and build status will be modified based on actionOnThresholdBreached value.
actionOnThresholdBreached
(optional, default: fail
)The action which needs to be taken on build if vulnerability threshold is breached. Possible values: fail
, unstable
, continue
To see more information on your steps:
-- Sec1 team