CI/CD
Edgescan has identified the need to shift left and identify vulnerabilities earlier in the software development lifecycle.
For this reason, a fully supported plugin was developed for CI/CD pipelines. This integration allows DevOps teams to initiate VM scanning from their chosen platform. Once initiated, a scan will take place, and a pass/fail will be returned depending on configured criteria. The build will fail if the results do not match the configured criteria. Otherwise, the build will proceed to the next step if applicable.
This docker image can be deployed to any appropriate environment.
Edgescan CI/CD integration
This image allows to kick off an assessment and fails/succeeds according to its result.
It succeeds if the assessment completes with no vulnerabilities found (a tolerance for the risk level can be provided), it fails otherwise.
When it’s not waiting for the scan to finish it succeeds once the assessment is started.
The program will exit with value 0 on success and -1 otherwise.
Getting started
Pull the Docker image
docker pull edgescan/cicd-integrationExecute the Docker image and append --help for details about its usage
docker run --tty edgescan/cicd-integration --help
Configuration can be provided in 3 ways (in order of priority)
1. CLI flags
2. YAML configuration file
3. Environment variables| Parameter | Command line flag | Field name in configuration file | Environment variable name | Default value | Required |
|---|---|---|---|---|---|
| Asset ID | –asset-id | asset_id | ES_ASSET_ID | None | True |
| API Token | –api-token | api_token | ES_API_TOKEN | None | True |
| Base URL | –base-url | base_url | ES_BASE_URL | “https://live.edgescan.com” | False |
| Max Risk Threshold | –max-risk-threshold | max_risk_threshold | MAX_RISK_THRESHOLD | 3 | False |
| Wait | –wait / –no-wait | wait | WAIT | True | False |
| Color | –color / –no-color | color | COLOR | True | False |
| Proxy | –proxy | proxy | PROXY | None | False |
Execute the Docker image
Executing with the command line interface
docker run --tty edgescan/cicd-integration --asset-id 1234 --api-token th34p1t0ken
Executing with a YAML config file
docker run --tty -v /local/path/to/file.yml:/cicd-config.yml edgescan/cicd-integration
Executing with environment variables
docker run --tty -e ES_API_TOKEN="th34p1t0ken" -e ES_ASSET=1234 edgescan/cicd-integration
Executing with a dotenv file
docker run --tty --env-file .env edgescan/cicd-integration
Executing with 3 methods
docker run --tty -v /path/to/file.yml:/cicd-config.yml --env-file .env edgescan/cicd-integration --asset-id 1234