Continuous integrating rust repositories with Jenkins
Continuous integration with Jenkins and Firo Vulnerability Managemena for Rust repositories
Summary
This guide uses our open-source tool cifiro
together with our API to search
for vulnerabilities in the imported programming libraries.
With the help of Jenkins we can easily integrate the power of our open(free) API
in to the development work flow with the help of Jenkins
Jenkins
- Step one
Head on over to watchers.firosolutions.com sign up and go to profile and grab your API key.
- Step two
Head on over to your instance of Jenkins and in to the Jenkins web interface.
Once logged in install the plugin Free text Search
that will make it easy to
ask Jenkins to stop once a nasty decency is found lets create a new project
Manage Jenkins > Manage plugins > Available > Text Finder plugin
- Step three
Now when that is done lets add a new project so New project > Freestyle project
Specify which repository you want to use.
- Step four
For the configuration part we want to add:
Build > execute shell
export PATH="$HOME/.cargo/bin:$PATH"
wget https://raw.githubusercontent.com/firosolutions/cifiro/master/cifiro.py
python3.6 cifiro.py apikey=myapikeyhere &> out.meh
cat out.meh
cargo +nightly build --release
Note: in this example we build a test script with the unstable (+nightly) feature, remove this(+nightly) unless you build a nightly build
First we activate so we can call cargo from the regular shell.
Then we want get the cifiro script
We execute the cifiro.py with python3.6 and our API key then we output the result
in a text file and then we cat it to view it.
And then a regular cargo
- Step five
Lets tell the Text Free search plugin to search throw the result
Add a Post-build Actions and select Jenkins Text Finder
Files: out.meh
[X] Also search the console output
Regular expression: "description":\s"
[ ] Succeed if found
[X] Unstable if found
[X] Not build if found
- final step
Done!
Give your self a pet on the shoulder!
If it finds a security vulnerability in one of your
libraries it will fail the build.
And if it does find anything the build succeeds:
Extra notes:
This can also been done with Node JS libraries.
Some people claims that it does not work without outputting to a file but if you
have the latest version of Jenkins, it should be enough just
to check in the box for “Also search the console output”.
For more ideas head over to our API documentation