Utilizing CLI for CI/CD Integration: TeamCity

Now, commence online scans effortlessly with the new CLI command:

Method 1: Scanning Repositories via Our Cluster

cdefense online

Options:

cdefense online --api-key={} --repository-url={} --branch-name={} --tag={}

(Ensure that the SCAN_URL environment variable is set to https://console.clouddefenseai.com)

Example:

cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url= --branch-name=example --tag=example

(Make sure the SCAN_URL environment variable is set to https://console.clouddefenseai.com)

This command will return an exit status of 1 if the build policy fails.

Scanning Private Repositories:

We also extend support for private repositories. For this, you are required to provide either the API key associated with the account where the integration is configured or an access token in the repository URL. Here are the formats:

• GitHub: https://{private-access-token}@github.com/username/repo.git

• GitLab:

  • Using OAuth2: https://oauth2:{personal-access-token}@gitlab.com/username/repo.git

  • Using Username and Password: https://{username}:{password}@gitlab.com/username/repo.git

• Azure Repo: https://{private-access-token}@dev.azure.com/orgname/projectname/_git/repo

• Bitbucket: https://{username}:{access_token}@bitbucket.org/username/repo.git

Example Output:

Without Verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado

2022/07/15 16:59:52 [INFO] Connecting to server...

2022/07/15 16:59:53 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization

2022/07/15 16:59:53 [INFO] Running full online scan...

2022/07/15 17:01:19 [INFO] Scan was finished

2022/07/15 17:01:19 [INFO] Build policy status: FAILURE

Failed build policy results:

 /app/pom.xml : java_maven:

- Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1

- Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1

[INFO] Scan started at 16:59:52 finished at 17:01:19

[INFO] Total scan time: 1m27s

With Verbose:

// cdefense online --api-key=76858509-fe91-4969-b57a-decc36d0726a --repository-url=https://bitbucket.org/kilaruoleh/vulnado --verbose

2022/07/15 17:00:16 [INFO] Connecting to server...

2022/07/15 17:00:16 [INFO] Welcome [developer@clouddefense.ai]. You have been successfully connected to [Cloud Defense] organization

2022/07/15 17:00:17 [INFO] Running full online scan...

2022/07/15 17:01:43 [INFO] Scan was finished

2022/07/15 17:01:43 [INFO] Build policy status: FAILURE

{

  "/app/pom.xml : java_maven": {

    "failureBuildPolicyResults": [

      {

        "message": "Rule [CWE PART_OF_OWASP Injection] failed. Number of occurrences: 1",

        "rule": {

          "operand": "CWE",

          "operator": "PART_OF_OWASP",

          "value": "Injection"

        },

        "count": 1

      },

      {

        "message": "Rule [TITLE CONTAINS inje] failed. Number of occurrences: 1",

        "rule": {

          "operand": "TITLE",

          "operator": "CONTAINS",

          "value": "inje"

        },

        "count": 1

      }

    ],

    "passedBuildPolicyResults": [

      {

        "message": "Success",

        "rule": {

          "operand": "CRITICAL_SEVERITY_COUNT",

          "operator": "GREATER_THAN",

          "value": "1"

        },

        "count": 1

      },

      {

        "message": "Success",

        "rule": {

          "operand": "CWE",

          "operator": "PART_OF_OWASP",

          "value": "Broken Authentication"

        },

        "count": 0

      },

      {

        "message": "Success",

        "rule": {

          "operand": "CWE_ID",

          "operator": "CONTAINS",

          "value": "264"

        },

        "count": 0

      }

    ]

  }

}

[INFO] Scan started at 17:00:16 finished at 17:01:43

[INFO] Total scan time: 1m27s

Method 2: Scanning Repositories on Your System, Downloading Repo from External (Any Git)

Example:

cdefense clidocker --api-key={} --scan-url=https://console.clouddefenseai.com --project-name={} --git=true --repourl=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

Method 3: Scanning Repositories on Your System, Copying Project from Your PC

Example:

cdefense clidocker --api-key={} --scan-url=https://console.clouddefenseai.com --project-name={} --path={path-to-folder-with-app} --repo-url=https://github.com/scalesec/vulnado --branch={optional} --tag={optional}

(This command will push data to console.clouddefenseai.com)