This is a guide on how to setup Data Theorem SAST scanning in your Jenkins builds.

Requirements

• The Jenkins node must have internet access

• The Jenkins node must be able to execute docker commands

• The Jenkins node must have access to the source code you wish to scan

Set Data Theorem SAST API Key as a Jenkins Credential

Retrieve or create a Data Theorem SAST API key following the instructions here.

...

You may need to be a Jenkins admin to perform this operation.

...

Create a Jenkins pipeline

Go to Jenkins -> New Item -> Pipeline

...

The example below uses a Bitbucket Access Token

...

Add a Jenkinsfile

The example below relies on the Pipeline: Declarative Jenkins plugin that allows using a Jenkinsfile directly committed into your source code.

...

• DT_SAST_REPOSITORY_NAME: Usually formatted like <YOUR_ORG_NAME>/<YOUR_REPO_NAME>

• DT_SAST_REPOSITORY_ID: The identifier for the repository set by the platform, in Bitbucket, you can go to your Repository → Settings -> Repository Details -> Advanced -> UUID

• DT_SAST_REPOSITORY_HTML_URL: the HTML url to your repository, this will help the Data Theorem Portal to provide links to the code locations in your SCM platform, for example https://bitbucket.org/<YOUR_ORG_NAME>/<YOUR_REPO_NAME>

• DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME: the default branch of your repository (for example main, release, …)

Trigger a Scan

You can trigger a scan immediately using the Jenkins UI.

...

• Bitbucket Jenkins Plugin

• Github Jenkins Plugin

• Gitlab Jenkins Plugin

View Scan Results

In your build logs, you can see the scan results like in the sample below:

...