Versions Compared

Old Version 7

changes.mady.by.user Victor Wang

Saved on

compared with

New Version Current

changes.mady.by.user Victor Wang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
pipeline {
    agent any
    
    environment {
        DT_SAST_API_KEY = credentials('DT_SAST_API_KEY')
    }

    stages {
        stage('DT SAST') {
            steps {
                sh '''
                    docker run --pull=always \
                     -e DT_SAST_API_KEY=$DT_SAST_API_KEY \
                     -e DT_SAST_REPOSITORY_NAME="<YOUR_ORG_NAME>/<YOUR_REPO_NAME>" \
                     -e DT_SAST_REPOSITORY_PLATFORM=BITBUCKET \
                     -e DT_SAST_REPOSITORY_ID="<YOUR-BITBUCKET-REPOSITORY_ID>" \
                     -e DT_SAST_REPOSITORY_HTML_URL="https://bitbucket.org/<YOUR_ORG_NAME>/<YOUR_REPO_NAME>" \
                     -e DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME="main"<YOUR_DEFAULT_BRANCH_NAME> \
                     -e DT_SAST_SCANNED_BRANCH=$GIT_BRANCH \
                     -e DT_SAST_SCAN_HEAD_REF=$GIT_COMMIT \
                     --mount type=bind,source="$(pwd)"/,target=/target \
                     us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest \
                     data_theorem_sast_analyzer scan /target
                '''
            }
        }
    }
}

...

Use the host machine’s SSL certificates (optional)

if If your Jenkins runner is behind a proxy and you need to propagate the host machine’s SSL certificates with the process running the Data Theorem SAST Scanner so that it can make API calls to Data Theorem
You can use a Jenkinsfile like this:

Code Block
pipeline {
    agent any

    // Get the Data Theorme SAST API Key from Jenkins credentials
    environment {
        DT_SAST_API_KEY = credentials('DT_SAST_API_KEY')
    }

    stages {
        stage('DT SAST') {
            steps {
                sh '''
                    docker run --pull=always \
                       -e DT_SAST_API_KEY=$DT_SAST_API_KEY \
                     -e DT_SAST_REPOSITORY_NAME="<YOUR_ORG_NAME>/<YOUR_REPO_NAME>" \
                     -e DT_SAST_REPOSITORY_PLATFORM=BITBUCKET \
                     -e DT_SAST_REPOSITORY_ID="<YOUR-BITBUCKET-REPOSITORY_ID>" \
                     -e DT_SAST_REPOSITORY_HTML_URL="https://bitbucket.org/<YOUR_ORG_NAME>/<YOUR_REPO_NAME>" \
                     -e DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME=<YOUR_DEFAULT_BRANCH_NAME> \
                     -e DT_SAST_SCANNED_BRANCH=$GIT_BRANCH \
                     -e DT_SAST_SCAN_HEAD_REF=$GIT_COMMIT \
                     -e DT_SAST_PATH_TO_SSL_CERTS_FILE=/etc/ssl/certs/ca-certificates.crt \
                     --mount type=bind,source="/etc/ssl/certs/"/,target=/etc/ssl/certs \
                     --mount type=bind,source="$(pwd)"/,target=/target \
                     us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest \
                     data_theorem_sast_analyzer scan /target
                '''
            }
        }
    }
}
 

...

After a few minutes, scan results will also appear in the Data Theorem Portal at:
https://www.securetheorem.com/api/v2mobile-secure/security/sast