This repository contains working examples of Azure DevOps (ADO) pipeline scripts to illustrate scanning with the ReversingLabs Spectra Assure CLI.
ReversingLabs Spectra Assure CLI is capable of scanning nearly any type of software artifact or package that results from a build.
In these examples, we're using the source code and Maven build instructions for the Struts2 showcase web app, which came with Apache Struts v2.5.28.
The following examples are provided in this repository:
- azure-pipelines.yml
- azure-pipelines-cli.yml
Both examples require that you define the RLSECURE_ENCODED_LICENSE
and the RLSECURE_SITE_KEY
secret environment variables
to store your ReversingLabs
license and site key.
The following parameters can be modified in the pipeline.
Note: All optional string parameters have a default empty string value and do not have to be specified if not used.
Parameter name | Required | Description | Type |
---|---|---|---|
RLSECURE_ENCODED_LICENSE |
Yes | The rl-secure license file converted to a Base64-encoded string. Users must encode the contents of the license file, and provide the resulting string with this variable. |
string |
RLSECURE_SITE_KEY |
Yes | The rl-secure license site key. The site key is a string generated by ReversingLabs and sent to users with the license file. |
string |
RLSECURE_DIR |
Yes | The directory where rl-secure should be installed. The package store is automatically initialized in this directory. |
string |
ARTIFACT2SCAN |
Yes | The name of the file you want to scan. Must be relative to BUILD_PATH . The file must exist in the specified location before the scan starts. |
string |
REPORT_PATH |
No | The directory where analysis reports will be stored after the scan is finished. The path must be relative to $(System.DefaultWorkingDirectory) . The directory must be empty before the scan starts. |
string |
PACKAGE_URL |
No | When using a package store, use this parameter to specify the package URL (PURL) for the scanned artifact. | string |
This pipeline script builds the WAR file and scans it using the ReversingLabs rl-scanner Docker image.
After the file is scanned, analysis reports in HTML, JSON, CycloneDX, and SPDX formats are saved as pipeline artifacts.
This pipeline script builds the WAR file.
It installs the rl-deploy Python package,
which is subsequently used to install and license the rl-secure
CLI.
After the file is scanned, analysis reports in HTML, JSON, CycloneDX, and SPDX formats are saved as pipeline artifacts.