How can we help you?

Find help articles, troubleshooting guides, and tutorials

Search

Embedding security into application guide

Start here

See all articles
How to enable AI features

AmourZero's AI-Powered ScoutTwo allows you to tap into the power of AI to swiftly mitigate cybersecurity risks and vulnerabilities with remediation suggestions based on AI's analysis. At this moment, ArmourZero trained AI-model on top of OpenAI's technology.

 

Enabling or disabling AI features

1. Go to left menu and select Accounts Setting under SETTINGS section or click on your profile icon at the top right corner, select Account Settings.

2. Click on the Preferences menu and Enable the AI Assistance.

3. A consent confirmation will pop up, accept the terms and conditions based on OpenAI's privacy policy and Click "Agreed and turn on the feature"

 

There are 2 AI features in AmourZero's ScoutTwo:

1. AI False Positive Detector. (link)

2. AI Recommended Remediation. (link)

 

 

See more
How to subscribe to paid plan

You can anytime upgrade your free plan to paid plan if you needs to add more projects and monthly scans into DevSecOps.

 

Available pricing plans

Depending on you and your team's request, the pricing plans have been designed for different needs.

Plans Free Basic Premium Enterprise
Contributing developers Unlimited Unlimited Unlimited Unlimited
Maximum number of projects 1 10 30 Customisable
         

DevSecOps scanning

*number of scan reset each month

       
Application Security Testing (DAST)* 1 5 15 Customisable
Code Security Check (SAST)* 15 500 3,000 Customisable
Dependency Security Check (SCA)* 15 500 3,000 Customisable
Infrastructure Code Security Check (IAC)* 15 500 3,000 Customisable
Secret Scanning* 15 500 3,000 Customisable
         
Features        
AI Assistant

OWASP Compliance

CWE Listing

CVW Listing
Integration Platforms
Basic Report
User Support Portal

 

Step 1: Choose the plan

1. Go to left menu and select Pricing under SETTINGS section.

2. Decide whether to bill monthly or annually.

3. Choose the relevant plan that you intend like to subscribe. For Enterprise Plan, you may reach out to our sales team as the plan is a custom plan tailored towards your specific needs. 

 

Step 2: Make payment

1. If you select Basic Plan or Premium Plan, a Make Payment page will pop up to confirm your credit card and billing information.

2. If you have a promo code, you may insert the promo code and click "Apply Promo Code".

3. Click "Subscribe now!" when you confirmed.

 

Notes:

If you want to pay with online banking or bank transfer, please inform your Account Manager or Customer Success Manager. We will assist on this request.

 

See more
How to add credit card

Payment for AmourZero's AI-Powered ScoutTwo by default is via credit card method. However if you want to pay with online banking or bank transfer, please inform your Account Manager or Customer Success Manager. We will assist on this request.

 

Add credit card

This guide is ONLY for ScoutTwo.

 

1. Go to left menu and select Credit Card under SETTINGS section.

2. Click "Add New" card and provide your credit card's details. Click "Save as new credit card" once you confirmed.

 

See more

Enable web security assessment

See all articles
Introducing ArmourZero Vulnerability Scanner (AVS)

AmourZero's Vulnerability Scanner is an AI-powered penetration assessment tool that helps developers and security professionals to detect and find weaknesses and vulnerabilities in web application.

This scanner is categorised under Dynamic Application Security Testing (DAST), allowing you to assess and test the web application from an external perspective can help you to identify vulnerabilities that an attacker may find.

 

The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. 

 

There are 5 categories of CWE and CVE vulnerabilities' severity levels.

  1. Critical
  2. High
  3. Medium
  4. Low
  5. Information.

Add a domain to start with AmourZero's Vulnerability Scanner (AVS) immediately, find all possible vulnerabilities faster than attackers.

 

See more
How to add and verify domain

To start with AmourZero's Vulnerability Scanner, simply add a domain that you intend to find any possible weaknesses and vulnerabilities in that web application.

 

Step 1: Add a domain

1. Go to left menu and select Domains under MANAGE section.

Notes: Depending on your plan, you can add more than 1 domain.

2. Click "Add Domain" and add the domain with https:// or http:// that you intend to scan for vulnerability. You have to read the procedure carefully as this scan is a simulation of attacks in order to identify possible vulnerabilities in your domain.

3. Click on the acknowledgement box and "Add Domain" once you confirmed. 

 

Step 2: Verify domain

After you add a domain, you need to verify that you are the owner or authorised domain admin before the scan is allowed to execute.

1. Click on the three dots action icon 3 dots.jpgon the domain that you intend to scan, select "Verify Domain".

2. There are 2 methods to verify the domain.

Verify Over HTTP/HTTPS

a. An unique verification token will be automatically create for you.

b. Use a Text Editor or Notepad to create a file named based on the unique verification token provided.

c. Upload the file to your web server.

 

Verify Over DNS Record

a. An unique verification token will be automatically create for you.

b. Create a new DNS Record with the unique verification token provided.

 

3. Accept the terms and conditions and click "Verify Domain" once you confirmed.

 

Step 3: Check domain verification status

1. If step 2 is successfully completed and done, the status will be automatically changed to Verified as ArmourZero's ScoutTwo will automatically reach out to the domain to verify the permission and authorisation before perform the automated penetration assessment to the web application.

 

You can trigger the automated penetration assessment scan once the domain verified. However the time to complete the scan depending on the size of web application

 

Notes: If the status remain Pending Verification, please check again the Step 2 especially on the unique verification token. 

 

See more
How to trigger AVS scan

 Once the domain was successfully verified, you can trigger AmourZero's Vulnerability Scanner to scan and find weaknesses and vulnerabilities on the web application. Depending on your subscribed plan, you can trigger multiple scans at the same time. However the time to complete the scan depending on the size of web application.

 

Add new scan domain

1. Go to left menu and select AVS under Vulnerability Scanner section.

2. Click on the "Scan New Domain". This step is needed even you have added the same domain earlier as each scan have to trigger manually.

3. Select the verified domain that you intend to scan. Please read in details of the recommendation provided. If your domain have yet to verify, please visit how to add and verify domain.

4. Once you confirmed to scan the selected domain, accept the terms and conditions and click "Scan Domain".

 

Notes:

Depending on your plan, you can add more than 1 domain to scan at the same time.

AmourZero's Vulnerability Scanner will immediately scan and find weaknesses and vulnerabilities on the web application once you have triggered the scan. However the time to complete the scan depending on the size of web application. You can view the scanned results once the scan is completed.

As this scan is a penetration assessment tool, simulating real-time attack to find weaknesses and vulnerabilities, each scan have to trigger manually.

 

 

See more
How to view and mitigate vulnerabilities

You can easily view scanned results on all domains after you have triggered the scan. Reminder that as this scan is a penetration assessment tool, simulating real-time attack to find weaknesses and vulnerabilities, each scan have to trigger manually.

 

Step 1: Select the scanned domain

1. Go to left menu and select AVS under Vulnerability Scanner section. You will see a list of scanned domain that have triggered earlier.

Each scanned domain comes with information:

a. Scanned date

b. Status of the scan

c. Scan results based on severities

2. Click on the domain that you want to view the scanned results in details.

3. The AVS scan report will be summarised into 5 categories of CWE and CVE vulnerabilities' severity levels; Critical, High, Medium, Low and Information.

 

Step 2: View details of vulnerabilities detected

There are 2 ways to view details of vulnerabilities detected.

1. Click on "Vulnerabilities Detected" (default selection).

All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.

Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.

You can easily view your latest web application's compliances based on this each scanned results.

 

Step 3: Mitigate vulnerabilities

1. Click on "Mitigation & Task Assignment". Here you can sort the list based on severity that you intend to focus on.

2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.

 

There are 2 main parts of mitigation:

Part 1

  • AI False Positive Detector - to check with AI's analysis in real-time to ensure the detected vulnerability won't mistakenly identifies as a threat or risk.
  • Task management - to assign the task across team members to fix and track the mitigation progress and status.

Part 2

  • Vulnerability's type and information - to list in details information the found vulnerability.
  • Generated By AI - to check with AI's analysis and it's recommended remediation in real-time.

Notes:

Each vulnerability detected or found have it own characteristic, type, severity and risk to you and company. That's why each vulnerability have it's own remediation to work on. That sometime to learn on about ArmourZero's AI-powered false positive detector and recommended remediation in the links provided above.

 

See more

Enable code security analysis

See all articles
Introducing ArmourZero Code Security Analysis

AmourZero's AI-powered Code Security Analysis combined multiple security code scanners to seamlessly detect and analyse source code or compiled versions of code to help find security flaws within your software development lifecycle (SDLC) and in your DevOps (Development Operations) methodology and practice.

 

These scanners are categorised as:

1. Static Application Security Testing (SAST) - to looks at the source code to check for coding and design flaws that could allow for malicious code injection.

2. Infrastructure as Code (IaC) - to find code vulnerability which automates the provisioning of infrastructure, enabling your organisation to develop, deploy, and scale cloud applications with greater speed, less risk, and reduced cost.

3. Software Composition Analysis (SCA) - to find open-source libraries and components that are being used by your code by analyzing information from multiple sources such as file hashes, binaries and more.

4. Secret Scanning - to find any sensitive information such as private keys, API secrets and tokens, etc. It does so by looking at file names, extensions, and content, attempting to match them against a list of signatures.

 

AmourZero's AI-powered Code Security Analysis seamlessly integrate (link) code security analysis into your cloud software development platforms, without the need to copy or retrieve any of your confidential source codes. Everything done within your DevOps pipeline tools.

Supported DevOps pipeline tools:

1. Github

2. Gitlab

3. Bitbucket

4. CircleCI

5. Azure Pipeline

 

The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. 

 

There are 5 categories of CWE and CVE vulnerabilities' severity levels.

  1. Critical
  2. High
  3. Medium
  4. Low
  5. Information.

Integrates your cloud software development platforms to start with AmourZero's AI-powered Code Security Analysis immediately, find all possible vulnerabilities faster than attackers.

 

See more
How to integrate into DevOps pipeline tools

AmourZero's AI-powered Code Security Analysis seamlessly integrates code security analysis into your cloud software development platforms, without the need to copy or retrieve any of your confidential source codes. Everything done within your DevOps pipeline tools.

Supported DevOps pipeline tools:

1. Github

2. Gitlab

3. Bitbucket

4. CircleCI

5. Azure Pipeline

 

Step 1: Obtain unique API integration key

1. Go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for next step.

 

Step 2: Create project and branch

Depending on your subscribed plan, you can create the number of project according to your needs.

1. Go to left menu and select "Projects" under DEVSECOPS section. Click on the "Add New Project".

2. Named your project and click "Create Project".

3. Click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project".

4. Create a branch by clicking "Create New Branch".

Notes:

It is very important to name your branch that match and identical with your working project branch name in your repository.

 

Step 3: Integrating to your DevOps

Integration to your DevOps pipeline tools just a one-time setup task! Yes it's that's easy. Depending on which DevOps pipeline tools that you currently using, each platform comes with different but simple configurations.

You can refer to below links for the DevOps pipeline tools' configurations.

1. Github integration

2. Gitlab integration

3. Bitbucket integration

4. CircleCI integration

5. Azure Pipeline integration

 

Congratulation! You have completed the seamless integration of security into your DevOps. The Code Security Analysis will be done automatically and at each time you and your team committed a code in the project and branch! Experience the DevSecOps evolution and view the scan results at your convenience.

 

See more
How to enable auto scan

After you successfully obtained Latest Overall Scan Reports, you can decide whether to have the scans automatically run whenever you committed your code or you would want to scan based on your needs.

 

Enable auto scan

1. Go to left menu and select "Projects" under DEVSECOPS section and click on the project you intend to configure.

2. You may turn on/off the Autorun option.

 

See more
How to view and mitigate vulnerabilities

You can easily view Code Security Analysis scanned results on all projects after scan triggered. All scan results will be listed in Latest Overall Scan Reports.

 

Step 1: Select the project

1. Go to left menu and select "Projects" under DEVSECOPS section. Click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project".

 

Step 2: View details of vulnerabilities detected

All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.

Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.

 

1. A Latest Overall Scan Report of Code Security Analysis will be auto generate for you. In a single glance of summary reports, you could see 4 scanners' result.

2. You can also see past scanned reports under "SCAN HISTORY" tab to compare the previous results and current results. This is very useful if you have make correction or remediation on your code; or simply to compare with the latest possible vulnerabilities found.

The scan report will be summarised into 5 categories of CWE and CVE vulnerabilities' severity levels; Critical, High, Medium, Low and Information.

 

There are 2 ways to view details of vulnerabilities detected.

By each scanner

1. You can view individual scanner's results. Each scanner have its own automated Report compiled. Simply click "View Report" if you want to looks at the details of scanned results.

2. Click on "Vulnerabilities Detected" (default selection). You will see each scanner details report.

All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.

Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.

You can easily view your latest source code's compliances based on this each scanned results.

 

By overall vulnerabilities

1. Go to left menu and select Vulnerabilities under MANAGE section. You can easily sort based the project/branches, severity level, compliance or type of scanner (of all scanners).

 

Step 3: Mitigate vulnerabilities

There are 2 ways to mitigate vulnerabilities detected.

By each scanner

1. Click on "Mitigation & Task Assignment". Here you can sort the list based on severity that you intend to focus on.

2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.

 

By overall vulnerabilities

1. Go to left menu and select Vulnerabilities under MANAGE section. You can easily sort based the project/branches, severity level, compliance or type of scanner (of all scanners).

2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.

 

There are 2 main parts of mitigation:

Part 1

  • AI False Positive Detector - to check with AI's analysis in real-time to ensure the detected vulnerability won't mistakenly identifies as a threat or risk.
  • Task management - to assign the task across team members to fix and track the mitigation progress and status.

Part 2

  • Vulnerability's type and information - to list in details information the found vulnerability.
  • Generated By AI - to check with AI's analysis and it's recommended remediation in real-time.

Notes:

Each vulnerability detected or found have it own characteristic, type, severity and risk to you and company. That's why each vulnerability have it's own remediation to work on. That sometime to learn on about ArmourZero's AI-powered false positive detector and recommended remediation in the links provided above.

 

See more

Integrate with DevOps pipeline tools

See all articles
How to integrate to Github

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Github.

 

Integration guide

1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

api key.jpg

2. Follow this video to add Repository Secrets in your GitHub repository.

Go to your GitHub repository. Click on "Settings" in the top navigation. Navigate to "Secrets" in the left sidebar. Click on "New repository secret", add a secret named AZ_TOKEN with your ArmourZero API key.

github_add_variable-ezgif.com-video-to-gif-converter.gif

3. Create GitHub Actions Configuration File

Create a new file in your repository under the path .github/workflows/az-security-scan.yml and paste the provided configuration.

1
2 # .github/workflows/az-security-scan.yml
3
4  name: AZ-Security-Scan
5
6  on:
7    push:
8      branches:
9        - '*'
10    workflow_dispatch:
11
12  jobs:
13    armourzero_security_test_pre:
14      runs-on: ubuntu-latest
15    
16      env:
17        AZ_API_KEY: "${{ secrets.AZ_TOKEN }}"
18        PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
19        BRANCH_NAME: "${{ github.ref_name }}"
20        DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}"
21        DOCKER_TOKEN: "${{ secrets.DOCKER_TOKEN }}"
22      steps:
23        - name: Checkout Repository
24          uses: actions/checkout@v2
25
26        - name: ArmourZero Security Test (Pre)
27          run: |
28            docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
29            docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest —apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$GITHUB_REPOSITORY" --runEnv="demo"
30          continue-on-error: true
31

4. Save and Trigger a Push

Save the changes to the .github/workflows/az-security-scan.yml file. Commit and push the changes to your GitHub repository.

5. Monitor Actions

Go to the "Actions" tab on your GitHub repository. You'll see the status of your workflow. Click on it to view details.

 

Notes:

You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

See more
How to integrate to Gitlab

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Gitlab.

 

Integration guide

1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

api key.jpg

2. Follow this video to add CI/CD Variables in your Gitlab repository.

In your GitLab repository, go to "Settings" > "CI / CD" > "Variables." Add a variable named AZ_TOKEN with your ArmourZero API key.

gitlab_add_variable-ezgif.com-video-to-gif-converter.gif

3. Create GitLab CI/CD Configuration File

Create a new file in your repository named .gitlab-ci.yml and paste the provided configuration.

1
2 # This is a GitLab CI/CD pipeline configuration file (.gitlab-ci.yml)
3
4 stages:
5  - test
6
7 variables:
8  AZ_API_KEY: "$AZ_TOKEN"
9  PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
10  BRANCH_NAME: "$CI_COMMIT_REF_NAME"
11  DOCKER_USERNAME: "$DOCKER_USERNAME"
12  DOCKER_TOKEN: "$DOCKER_TOKEN"
13 armourzero_security_test_pre:
14  stage: test
15  image: docker:19.03
16  services:
17    - docker:19.03-dind
18  script:
19    - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
20    - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$CI_PROJECT_PATH" --runEnv="demo"
21  allow_failure: true
22

4. Commit and Push

Save the changes to the .gitlab-ci.yml file. Commit and push the changes to your GitLab repository.

5. Monitor Pipelines

Go to your GitLab repository. Click on "CI / CD" > "Pipelines." You'll see the status of your pipeline. Click on it to view details.

 

Notes:

You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

See more
How to integrate to Bitbucket

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Bitbucket.

 

Integration guide

1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

api key.jpg

2. Follow this video to Enable Pipeline in your Bitbucket repository.

Navigate to your Bitbucket repository and go to "Settings" > "Pipeline" and enable pipelines for your repository.

Bitbucket_enable_pipeline-ezgif.com-video-to-gif-converter.gif

3. Add Repository Variables

Go to DevOps Tab > Go to Configuration > Copy your API Key by clicking Copy
In your Bitbucket repository, go to "Settings" > "Repository Settings" > "Pipelines" and add the required environment variables like `AZ_TOKEN`.

Add_Az_token-ezgif.com-video-to-gif-converter.gif

4. Create a Bitbucket Pipeline Configuration

In the root directory of your project, create a file named `bitbucket-pipelines.yml`. This file will define your pipeline configuration.

5. Define the Pipeline Configuration

Edit the `bitbucket-pipelines.yml` file to define your pipeline configuration. You can use the provided sample configuration and customize it according to your needs.

1 image: atlassian/default-image:3
2 pipelines:
3  default:
4  - parallel:
5    - step:
6        name: ArmourZero Security Test
7        services:
8          - docker
9        script:
10          - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
11   - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_TOKEN" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"  --branch="$BITBUCKET_BRANCH" --repo="$BITBUCKET_REPO_FULL_NAME" --runEnv="demo"
12 definitions:
13  services:
14    docker:
15      memory: 3072
16

6. Commit and Push

Commit the `bitbucket-pipelines.yml` file and push it to your Bitbucket repository. This will trigger the pipeline.

7. Monitor the Pipeline

In your Bitbucket repository, go to "Pipelines" to monitor the pipeline's progress, view logs, and access build artifacts.

 

Notes:

You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

 

See more
How to integrate to CircleCI

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your CircleCI.

 

Integration guide

1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

api key.jpg

2. Create CircleCI Configuration File

Create a new file in your repository named .circleci/config.yml and paste the provided configuration.

1 version: 2.1
2 jobs:
3  build_and_test:
4    docker:
5      - image: cimg/base:2021.11
6    steps:
7      - checkout
8      - setup_remote_docker
9      - run:
10          name: Run Security Test
11          command: |
12            docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
13            docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_TOKEN" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$CIRCLE_BRANCH" --repo="$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME" --runEnv="demo"
14
15 workflows:
16  version: 2
17  az_security_test:
18    jobs:
19      - build_and_test
20
21

3. Commit and Push

Save the changes to the .circleci/config.yml file. Commit and push the changes to your repository.

4. Follow this video to Add Environment Variables in your CircleCI repository. 

In your CircleCI project settings, go to "Environment Variables." Add a variable named AZ_TOKEN with your ArmorZero API key.

circle_ci_add_variable-ezgif.com-video-to-gif-converter.gif

5: Monitor Builds

Go to your CircleCI dashboard. You'll see your project listed with the status of your builds. Click on a build to view details.

 

Notes:

You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

 

See more
How to integrate to Azure Pipeline

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Azure Pipeline.

 

Integration guide

1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

api key.jpg

2. Create Azure pipeline configuration file

Save your pipeline configuration file into your repo at root folder with filename azure-pipelines.yml.

1 pool:
2  vmImage: 'ubuntu-latest'
3
4 jobs:
5- job: build_and_test
6  displayName: 'AZ Security Scanning'
7  steps:
8  - checkout: self
9  - script: |
10      docker login -u $(DOCKER_USERNAME) -p $(DOCKER_TOKEN)
11      docker pull armourzero/pipe-scan-dev:latest || true
12      docker run -v "$(System.DefaultWorkingDirectory):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$(AZ_TOKEN)" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$(Build.SourceBranch)" --repo="$BUILD_REPOSITORY_NAME" --runEnv="demo"
13    displayName: 'Run Security Test'
14
15

Step 3: Follow this video to Create & configure Pipeline in your Azure Pipeline repository.  

Azure DevOps may automatically detect your project and suggest a pipeline configuration. If not, you can choose a pipeline template or configure it manually.

Choose the repository where your project is hosted (GitHub, Bitbucket, GitLab, etc.).

azure_create_pipe-ezgif.com-video-to-gif-converter.gif

4. Follow this video to Add Pipeline Variables.

In the pipeline settings, go to the "Variables" section. Add two variables named AZ_TOKEN with your ArmorZero API key.

azure_add_variable-ezgif.com-video-to-gif-converter.gif

5. Monitor Builds

Navigate to the "Pipelines" section in Azure DevOps. You'll see your pipeline runs with detailed logs and statuses.

 

Notes:

You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

 

See more

Get in touch

image

Email us

Reach out to our team on any matters

image

Request demo

Request a demo from our consultant

image

Start for free

Sign up for free

Can't find what you're looking for?

Have you any question which is not answered?