Skip to content

reversinglabs/rl-cloud-example-struts2showcase-jenkins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

src

src

 
 

.gitignore

.gitignore

 
 

Jenkinsfile

Jenkinsfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

ReversingLabs rl-scanner-cloud Jenkins Examples

This repository contains working examples of Jenkins pipeline scripts to illustrate scanning with the ReversingLabs Spectra Assure Portal.

ReversingLabs Spectra Assure Portal is capable of scanning nearly any type of software artifact or package that results from a build.

In this example, we're using the source code and Maven build instructions for the Struts2 showcase web app, which came with Apache Struts v2.5.28.

The following examples are provided in this repository:

  • Jenkinsfile

Jenkinsfile

This pipeline script builds the WAR file and scans it using the ReversingLabs rl-scanner-cloud Docker image.

After the file is scanned, analysis reports in JSON, CycloneDX, and SPDX formats are published as a build artifact.

The script requires that you create the RLPORTAL_ACCESS_TOKEN secret credential within Jenkins to store your Portal access token.

Supported parameters

Name Required Type Description
RLPORTAL_ACCESS_TOKEN Yes string A Personal Access Token for authenticating requests to the Spectra Assure Portal. Before you can use this example, you must create the token in your Portal settings. Tokens can expire and be revoked, in which case you'll have to update this value.
RLPORTAL_SERVER Yes string Name of the Spectra Assure Portal instance to use for the scan. The Portal instance name usually matches the subdirectory of my.secure.software in your Portal URL. For example, if your portal URL is my.secure.software/demo, the instance name to use with this parameter is demo.
RLPORTAL_ORG Yes string Name of the Spectra Assure Portal organization to use for the scan. The organization must exist on the Portal instance specified with RLPORTAL_SERVER. The user account authenticated with the token must be a member of the specified organization and have the appropriate permissions to upload and scan a file. Organization names are case-sensitive.
RLPORTAL_GROUP Yes string Name of the Spectra Assure Portal group to use for the scan. The group must exist in the Portal organization specified with RLPORTAL_ORG. Group names are case-sensitive.
ARTIFACT2SCAN Yes string The artifact (file) you want to scan. The file must be in any of the formats supported by Spectra Assure.

Pipeline result

The scan in this example will produce the FAIL CI status. The pipeline will fail, as the scanner detects 4 critical issues: Found 4 vulnerabilities matching selected criteria.

Useful resources

  1. The official Spectra Assure Portal documentation
  2. The official reversinglabs/rl-scanner-cloud Docker image on Docker Hub

About

Demonstrates scanning with the ReversingLabs SSCS rl-scanner-cloud docker image in Jenkins.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages