Integrate with DevOps pipeline tools
-
How to integrate to Github
See moreAfter you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Github.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Follow this video to add Repository Secrets in your GitHub repository.
Go to your GitHub repository. Click on "Settings" in the top navigation. Navigate to "Secrets" in the left sidebar. Click on "New repository secret", add a secret named AZ_TOKEN with your ArmourZero API key.
3. Create GitHub Actions Configuration File
Create a new file in your repository under the path .github/workflows/az-security-scan.yml and paste the provided configuration.
1
2 # .github/workflows/az-security-scan.yml
3
4 name: AZ-Security-Scan
5
6 on:
7 push:
8 branches:
9 - '*'
10 workflow_dispatch:
11
12 jobs:
13 armourzero_security_test_pre:
14 runs-on: ubuntu-latest
15
16 env:
17 AZ_API_KEY: "${{ secrets.AZ_TOKEN }}"
18 PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
19 BRANCH_NAME: "${{ github.ref_name }}"
20 DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}"
21 DOCKER_TOKEN: "${{ secrets.DOCKER_TOKEN }}"
22 steps:
23 - name: Checkout Repository
24 uses: actions/checkout@v2
25
26 - name: ArmourZero Security Test (Pre)
27 run: |
28 docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
29 docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest —apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$GITHUB_REPOSITORY" --runEnv="demo"
30 continue-on-error: true
314. Save and Trigger a Push
Save the changes to the .github/workflows/az-security-scan.yml file. Commit and push the changes to your GitHub repository.
5. Monitor Actions
Go to the "Actions" tab on your GitHub repository. You'll see the status of your workflow. Click on it to view details.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.
-
How to integrate to Gitlab
See moreAfter you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Gitlab.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Follow this video to add CI/CD Variables in your Gitlab repository.
In your GitLab repository, go to "Settings" > "CI / CD" > "Variables." Add a variable named AZ_TOKEN with your ArmourZero API key.
3. Create GitLab CI/CD Configuration File
Create a new file in your repository named .gitlab-ci.yml and paste the provided configuration.
1
2 # This is a GitLab CI/CD pipeline configuration file (.gitlab-ci.yml)
3
4 stages:
5 - test
6
7 variables:
8 AZ_API_KEY: "$AZ_TOKEN"
9 PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
10 BRANCH_NAME: "$CI_COMMIT_REF_NAME"
11 DOCKER_USERNAME: "$DOCKER_USERNAME"
12 DOCKER_TOKEN: "$DOCKER_TOKEN"
13 armourzero_security_test_pre:
14 stage: test
15 image: docker:19.03
16 services:
17 - docker:19.03-dind
18 script:
19 - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
20 - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$CI_PROJECT_PATH" --runEnv="demo"
21 allow_failure: true
224. Commit and Push
Save the changes to the .gitlab-ci.yml file. Commit and push the changes to your GitLab repository.
5. Monitor Pipelines
Go to your GitLab repository. Click on "CI / CD" > "Pipelines." You'll see the status of your pipeline. Click on it to view details.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.
-
How to integrate to Bitbucket
See moreAfter you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Bitbucket.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Follow this video to Enable Pipeline in your Bitbucket repository.
Navigate to your Bitbucket repository and go to "Settings" > "Pipeline" and enable pipelines for your repository.
3. Add Repository Variables
Go to DevOps Tab > Go to Configuration > Copy your API Key by clicking Copy
In your Bitbucket repository, go to "Settings" > "Repository Settings" > "Pipelines" and add the required environment variables like `AZ_TOKEN`.4. Create a Bitbucket Pipeline Configuration
In the root directory of your project, create a file named `bitbucket-pipelines.yml`. This file will define your pipeline configuration.
5. Define the Pipeline Configuration
Edit the `bitbucket-pipelines.yml` file to define your pipeline configuration. You can use the provided sample configuration and customize it according to your needs.
1 image: atlassian/default-image:3
2 pipelines:
3 default:
4 - parallel:
5 - step:
6 name: ArmourZero Security Test
7 services:
8 - docker
9 script:
10 - docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
11 - docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_TOKEN" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$BITBUCKET_BRANCH" --repo="$BITBUCKET_REPO_FULL_NAME" --runEnv="demo"
12 definitions:
13 services:
14 docker:
15 memory: 3072
166. Commit and Push
Commit the `bitbucket-pipelines.yml` file and push it to your Bitbucket repository. This will trigger the pipeline.
7. Monitor the Pipeline
In your Bitbucket repository, go to "Pipelines" to monitor the pipeline's progress, view logs, and access build artifacts.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.
-
How to integrate to CircleCI
See moreAfter you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your CircleCI.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Create CircleCI Configuration File
Create a new file in your repository named .circleci/config.yml and paste the provided configuration.
1 version: 2.1
2 jobs:
3 build_and_test:
4 docker:
5 - image: cimg/base:2021.11
6 steps:
7 - checkout
8 - setup_remote_docker
9 - run:
10 name: Run Security Test
11 command: |
12 docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
13 docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$AZ_TOKEN" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$CIRCLE_BRANCH" --repo="$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME" --runEnv="demo"
14
15 workflows:
16 version: 2
17 az_security_test:
18 jobs:
19 - build_and_test
20
213. Commit and Push
Save the changes to the .circleci/config.yml file. Commit and push the changes to your repository.
4. Follow this video to Add Environment Variables in your CircleCI repository.
In your CircleCI project settings, go to "Environment Variables." Add a variable named AZ_TOKEN with your ArmorZero API key.
5: Monitor Builds
Go to your CircleCI dashboard. You'll see your project listed with the status of your builds. Click on a build to view details.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.
-
How to integrate to Azure Pipeline
See moreAfter you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Azure Pipeline.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Create Azure pipeline configuration file
Save your pipeline configuration file into your repo at root folder with filename azure-pipelines.yml.
1 pool:
2 vmImage: 'ubuntu-latest'
3
4 jobs:
5- job: build_and_test
6 displayName: 'AZ Security Scanning'
7 steps:
8 - checkout: self
9 - script: |
10 docker login -u $(DOCKER_USERNAME) -p $(DOCKER_TOKEN)
11 docker pull armourzero/pipe-scan-dev:latest || true
12 docker run -v "$(System.DefaultWorkingDirectory):/app/wrk" --rm armourzero/pipe-scan-dev:latest --apikey="$(AZ_TOKEN)" --projectkey="TvIrAgIyArEtYzQhCQtixJRldHGqmMdF" --branch="$(Build.SourceBranch)" --repo="$BUILD_REPOSITORY_NAME" --runEnv="demo"
13 displayName: 'Run Security Test'
14
15Step 3: Follow this video to Create & configure Pipeline in your Azure Pipeline repository.
Azure DevOps may automatically detect your project and suggest a pipeline configuration. If not, you can choose a pipeline template or configure it manually.
Choose the repository where your project is hosted (GitHub, Bitbucket, GitLab, etc.).
4. Follow this video to Add Pipeline Variables.
In the pipeline settings, go to the "Variables" section. Add two variables named AZ_TOKEN with your ArmorZero API key.
5. Monitor Builds
Navigate to the "Pipelines" section in Azure DevOps. You'll see your pipeline runs with detailed logs and statuses.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.
Get in touch
Email us
Reach out to our team on any matters
Request demo
Request a demo from our consultant
Start for free
Sign up for free