Integrate with DevOps pipeline tools

  • How to integrate to Github

    After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Github.

     

    Integration guide

    1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

    api key.jpg

    2. Follow this video to add Repository Secrets in your GitHub repository.

    Go to your GitHub repository. Click on "Settings" in the top navigation. Navigate to "Secrets" in the left sidebar. Click on "New repository secret", add a secret named AZ_TOKEN with your ArmourZero API key.

    github_add_variable-ezgif.com-video-to-gif-converter.gif

    3. Create GitHub Actions Configuration File

    Create a new file in your repository under the path .github/workflows/az-security-scan.yml and paste the provided configuration.

    1
    2 # .github/workflows/az-security-scan.yml
    3
    4  name: AZ-Security-Scan
    5
    6  on:
    7    push:
    8      branches:
    9        - '*'
    10    workflow_dispatch:
    11
    12  jobs:
    13    armourzero_security_test_pre:
    14      runs-on: ubuntu-latest
    15    
    16      env:
    17        AZ_API_KEY: "${{ secrets.AZ_TOKEN }}"
    18        PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
    19        BRANCH_NAME: "${{ github.ref_name }}"
    20        DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}"
    21        DOCKER_TOKEN: "${{ secrets.DOCKER_TOKEN }}"
    22      steps:
    23        - name: Checkout Repository
    24          uses: actions/checkout@v2
    25
    26        - name: ArmourZero Security Test (Pre)
    27          run: |
    28            docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
    29            docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest —apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$GITHUB_REPOSITORY" --runEnv="demo"
    30          continue-on-error: true
    31

    4. Save and Trigger a Push

    Save the changes to the .github/workflows/az-security-scan.yml file. Commit and push the changes to your GitHub repository.

    5. Monitor Actions

    Go to the "Actions" tab on your GitHub repository. You'll see the status of your workflow. Click on it to view details.

     

    Notes:

    You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

    See more
  • How to integrate to Gitlab

    After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Gitlab.

     

    Integration guide

    1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

    api key.jpg

    2. Follow this video to add CI/CD Variables in your Gitlab repository.

    In your GitLab repository, go to "Settings" > "CI / CD" > "Variables." Add a variable named AZ_TOKEN with your ArmourZero API key.

    gitlab_add_variable-ezgif.com-video-to-gif-converter.gif

    3. Create GitLab CI/CD Configuration File

    Create a new file in your repository named .gitlab-ci.yml and paste the provided configuration.

    1
    2 # This is a GitLab CI/CD pipeline configuration file (.gitlab-ci.yml)
    3
    4 stages:
    5  - test
    6
    7 variables:
    8  AZ_API_KEY: "$AZ_TOKEN"
    9  PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
    10  BRANCH_NAME: "$CI_COMMIT_REF_NAME"
    11  DOCKER_USERNAME: "$DOCKER_USERNAME"
    12  DOCKER_TOKEN: "$DOCKER_TOKEN"
    13 armourzero_security_test_pre:
    14  stage: test
    15  image: docker:19.03
    16  services:
    17    - docker:19.03-dind
    18  script:
    19    - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
    20    - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$CI_PROJECT_PATH" --runEnv="demo"
    21  allow_failure: true
    22

    4. Commit and Push

    Save the changes to the .gitlab-ci.yml file. Commit and push the changes to your GitLab repository.

    5. Monitor Pipelines

    Go to your GitLab repository. Click on "CI / CD" > "Pipelines." You'll see the status of your pipeline. Click on it to view details.

     

    Notes:

    You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

    See more
  • How to integrate to Bitbucket

    After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Bitbucket.

     

    Integration guide

    1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

    api key.jpg

    2. Follow this video to Enable Pipeline in your Bitbucket repository.

    Navigate to your Bitbucket repository and go to "Settings" > "Pipeline" and enable pipelines for your repository.

    Bitbucket_enable_pipeline-ezgif.com-video-to-gif-converter.gif

    3. Add Repository Variables

    Go to DevOps Tab > Go to Configuration > Copy your API Key by clicking Copy
    In your Bitbucket repository, go to "Settings" > "Repository Settings" > "Pipelines" and add the required environment variables like `AZ_TOKEN`.

    Add_Az_token-ezgif.com-video-to-gif-converter.gif

    4. Create a Bitbucket Pipeline Configuration

    In the root directory of your project, create a file named `bitbucket-pipelines.yml`. This file will define your pipeline configuration.

    5. Define the Pipeline Configuration

    Edit the `bitbucket-pipelines.yml` file to define your pipeline configuration. You can use the provided sample configuration and customize it according to your needs.

    1 image: atlassian/default-image:3
    2 pipelines:
    3  default:
    4  - parallel:
    5    - step:
    6        name: ArmourZero Security Test
    7        services:
    8          - docker
    9        script:
    10          - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
    11   - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_TOKEN" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"  --branch="$BITBUCKET_BRANCH" --repo="$BITBUCKET_REPO_FULL_NAME" --runEnv="demo"
    12 definitions:
    13  services:
    14    docker:
    15      memory: 3072
    16

    6. Commit and Push

    Commit the `bitbucket-pipelines.yml` file and push it to your Bitbucket repository. This will trigger the pipeline.

    7. Monitor the Pipeline

    In your Bitbucket repository, go to "Pipelines" to monitor the pipeline's progress, view logs, and access build artifacts.

     

    Notes:

    You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

     

    See more
  • How to integrate to CircleCI

    After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your CircleCI.

     

    Integration guide

    1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

    api key.jpg

    2. Create CircleCI Configuration File

    Create a new file in your repository named .circleci/config.yml and paste the provided configuration.

    1 version: 2.1
    2 jobs:
    3  build_and_test:
    4    docker:
    5      - image: cimg/base:2021.11
    6    steps:
    7      - checkout
    8      - setup_remote_docker
    9      - run:
    10          name: Run Security Test
    11          command: |
    12            docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
    13            docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_TOKEN" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$CIRCLE_BRANCH" --repo="$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME" --runEnv="demo"
    14
    15 workflows:
    16  version: 2
    17  az_security_test:
    18    jobs:
    19      - build_and_test
    20
    21

    3. Commit and Push

    Save the changes to the .circleci/config.yml file. Commit and push the changes to your repository.

    4. Follow this video to Add Environment Variables in your CircleCI repository. 

    In your CircleCI project settings, go to "Environment Variables." Add a variable named AZ_TOKEN with your ArmorZero API key.

    circle_ci_add_variable-ezgif.com-video-to-gif-converter.gif

    5: Monitor Builds

    Go to your CircleCI dashboard. You'll see your project listed with the status of your builds. Click on a build to view details.

     

    Notes:

    You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

     

    See more
  • How to integrate to Azure Pipeline

    After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Azure Pipeline.

     

    Integration guide

    1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.

    api key.jpg

    2. Create Azure pipeline configuration file

    Save your pipeline configuration file into your repo at root folder with filename azure-pipelines.yml.

    1 pool:
    2  vmImage: 'ubuntu-latest'
    3
    4 jobs:
    5- job: build_and_test
    6  displayName: 'AZ Security Scanning'
    7  steps:
    8  - checkout: self
    9  - script: |
    10      docker login -u $(DOCKER_USERNAME) -p $(DOCKER_TOKEN)
    11      docker pull armourzero/pipe-scan-dev:latest || true
    12      docker run -v "$(System.DefaultWorkingDirectory):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$(AZ_TOKEN)" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$(Build.SourceBranch)" --repo="$BUILD_REPOSITORY_NAME" --runEnv="demo"
    13    displayName: 'Run Security Test'
    14
    15

    Step 3: Follow this video to Create & configure Pipeline in your Azure Pipeline repository.  

    Azure DevOps may automatically detect your project and suggest a pipeline configuration. If not, you can choose a pipeline template or configure it manually.

    Choose the repository where your project is hosted (GitHub, Bitbucket, GitLab, etc.).

    azure_create_pipe-ezgif.com-video-to-gif-converter.gif

    4. Follow this video to Add Pipeline Variables.

    In the pipeline settings, go to the "Variables" section. Add two variables named AZ_TOKEN with your ArmorZero API key.

    azure_add_variable-ezgif.com-video-to-gif-converter.gif

    5. Monitor Builds

    Navigate to the "Pipelines" section in Azure DevOps. You'll see your pipeline runs with detailed logs and statuses.

     

    Notes:

    You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon 3 dots.jpgon the project, select "View Project". Then select Integrate menu.

     

    See more

Get in touch

image

Email us

Reach out to our team on any matters

image

Request demo

Request a demo from our consultant

image

Start for free

Sign up for free

Can't find what you're looking for?

Have you any question which is not answered?