You can use the Accurics CLI to scan code in your CI/CD pipeline and fail the builds if Accurics finds severe vulnerabilities in the code. After installing Accurics CLI on the build machine, you must add the necessary instructions to the pipeline script to run the tool against the files present in the repository.
Following are some of the examples:
Azure DevOps (on MAC)
Add the following commands to the YAML file:
trigger: -master pool: vmImage: ‘macOS-latest’ steps task: CmdLine@2 inputs: script: | brew install terraform brew install accurics export ARM_SUBSCRIPTION_ID= subscription id export ARM_TENANT_ID= tenant id export ARM_CLIENT_ID= client id export ARM_CLIENT_SECRET= client secret accurics init accurics plan
AWS Code Pipeline (On Linux)
Add the following commands to the buildspec.YAML file:
version: 0.2 phases: install: commands: curl -s -qL -o terraform_install.zip https://releases.hashicorp.com/terraform/0.13.5/terraform_0.13.5_linux_amd64.zip unzip terraform_install.zip -d /usr/bin/ chmod +x /usr/bin/terraform finally: terraform --version build: commands: export ARM_SUBSCRIPTION_ID=subscription ID export ARM_TENANT_ID=tenant ID export ARM_CLIENT_ID=client ID export ARM_CLIENT_SECRET=client secret ./accurics init ./accurics plan
Jenkins (on Linux)
In the Jenkins Build section, add a build step to execute shell, then add the following commands:
wget https://downloads.accurics.com/cli/1.0.24/accurics_linux -O accurics chmod +x accurics export ARM_SUBSCRIPTION_ID=subscription ID export ARM_TENANT_ID=tenant ID export ARM_CLIENT_ID=client ID export ARM_CLIENT_SECRET=client secret ./accurics init ./accurics plan -mode=pipeline
Bamboo (on Linux)
Add the following commands in the Script body of a Script Configuration in a Bamboo Task.
cp /home/user/AccuricsCLI/* ./ export ARM_SUBSCRIPTION_ID=<SUBSCRIPTION ID> export ARM_TENANT_ID=<TENANT ID> export ARM_CLIENT_ID=<CLIENT ID> export ARM_CLIENT_SECRET=<CLIENT SECRET> ./accurics init ./accurics plan if [ $? -eq 0 ]; then exit 0; else exit 1; fi
– SUBSCRIPTION ID
– TENANT ID
– CLIENT ID
– CLIENT SECRET
For detailed information, see Configuring Azure Resources on Bamboo.