Skip to content

reversinglabs/rl-cli-example-struts2showcase-ado

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

azure-pipelines-cli.yml

azure-pipelines-cli.yml

 
 

azure-pipelines.yml

azure-pipelines.yml

 
 

pom.xml

pom.xml

 
 

Repository files navigation

ReversingLabs rl-secure Azure DevOps (ADO) Examples

This repository contains working examples of Azure DevOps (ADO) pipeline scripts to illustrate scanning with the ReversingLabs Spectra Assure CLI.

ReversingLabs Spectra Assure CLI is capable of scanning nearly any type of software artifact or package that results from a build.

In these examples, we're using the source code and Maven build instructions for the Struts2 showcase web app, which came with Apache Struts v2.5.28.

The following examples are provided in this repository:

  • azure-pipelines.yml
  • azure-pipelines-cli.yml

Both examples require that you define the RLSECURE_ENCODED_LICENSE and the RLSECURE_SITE_KEY secret environment variables to store your ReversingLabs license and site key.

Supported parameters

The following parameters can be modified in the pipeline.

Note: All optional string parameters have a default empty string value and do not have to be specified if not used.

Parameter name Required Description Type
RLSECURE_ENCODED_LICENSE Yes The rl-secure license file converted to a Base64-encoded string. Users must encode the contents of the license file, and provide the resulting string with this variable. string
RLSECURE_SITE_KEY Yes The rl-secure license site key. The site key is a string generated by ReversingLabs and sent to users with the license file. string
RLSECURE_DIR Yes The directory where rl-secure should be installed. The package store is automatically initialized in this directory. string
ARTIFACT2SCAN Yes The name of the file you want to scan. Must be relative to BUILD_PATH. The file must exist in the specified location before the scan starts. string
REPORT_PATH No The directory where analysis reports will be stored after the scan is finished. The path must be relative to $(System.DefaultWorkingDirectory). The directory must be empty before the scan starts. string
PACKAGE_URL No When using a package store, use this parameter to specify the package URL (PURL) for the scanned artifact. string

azure-pipelines.yml

This pipeline script builds the WAR file and scans it using the ReversingLabs rl-scanner Docker image.

After the file is scanned, analysis reports in HTML, JSON, CycloneDX, and SPDX formats are saved as pipeline artifacts.

azure-pipelines-cli.yml

This pipeline script builds the WAR file.

It installs the rl-deploy Python package, which is subsequently used to install and license the rl-secure CLI.

After the file is scanned, analysis reports in HTML, JSON, CycloneDX, and SPDX formats are saved as pipeline artifacts.

About

Example of scanning with the ReversingLabs secure.software CLI with Azure Pipelines

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages