Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Configuring Dependency Track for NodeJs
in pre-build or post build task creates a bill of materials from NodeJs projects and environments and uploads it to D-track for Component Analysis to identify and reduce risk in the software supply chain.
Prerequisite: Make sure you have set up an account in dependency track
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for NodeJs from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|---|---|
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Configuring Dependency Track for Python
in pre-build or post build task creates a bill of materials from Python projects and environments and uploads it to D-track for Component Analysis to identify and reduce risk in the software supply chain.
Prerequisite: Make sure you have set up an account in dependency track
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for Python from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|---|---|
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Building container images in CI often results in a growing number of images, not all of which are production-ready. Therefore, it's a best practice to maintain a separate repository exclusively for storing production-builds. However, this would involve copying the container image (production-ready) from your existing repository to the production repository.
This plugin helps you copy a container image to a desired container repository. The pushing of image can be between repositories of the same container registry or between repositories of different container registry. One of the major usecases this plugin serves is multi-cloud deployments.
The plugin can be used at post CI, pre-CD, and post-CD. Moreover, you can also customize the image tag pattern for the copied image.
Go to App Configuration tab of your application.
Select Workflow Editor and click your deployment pipeline.
In this example, we will be adding the plugin in pre-CD stage; therefore, go to Pre-Deployment stage tab of your deployment pipeline and click Add task.
From the list of plugins, choose Copy container image.
Add the image destination in the field given for DESTINATION_INFO variable. The format is registry-name | username/repository-name
.
registry-name is the name you gave to your container registry while adding it in Global Configuration → OCI/Container Registry.
user-name is the your account name registered with you container registry, e.g., DockerHub.
repository-name is the name of the repository within your container registry that hosts the container images of your application.
Click Update Pipeline.
Go to the Build & Deploy tab of your application and click Select Image in the pre-deployment stage.
Choose a CI image that you wish to copy to the destination and click Trigger Stage.
The copying process will initiate, and once it is successful, the tag for the copied image would reflect at all relevant screens:
Destination Repository
CD Pipeline (Image Selection)
You can also filter out specific images (of target repository) from deployment. Refer Filter Condition to know the process.
Semgrep is a fast, open source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.
Prerequisite: Make sure you have set up an account in Semgrep
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Semgrep from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|---|---|
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
DTrackEndpoint
String
API endpoint of your dependency track account
DTrackProjectName
String
Name of your dependency track project
DTrackProjectVersion
String
Version of dependency track project
DTrackApiKey
String
API key of your dependency track account
CheckoutPath
String
Checkout path of Git material
ProjectManifestType
String
Type of your Python project manifest which is used to build cycloneDx Software Bill of Materials (SBOM). E.g., PIP, Poetry etc.
RelativePathToPoetryLock
String
Path to your poetry.lock file inside your project
RelativePathToPipfile
String
Path to your Pipfile.lock file inside your project
RelativePathToRequirementTxt
String
Path to your requirements.txt file inside your project
DTrackEndpoint
String
API endpoint of your dependency track account
DTrackProjectName
String
Name of your dependency track project
DTrackProjectVersion
String
Version of dependency track project
DTrackApiKey
String
API key of your dependency track account
CheckoutPath
String
Checkout path of Git material
SemgrepAppToken
String
App token of Semgrep. If it is provided, this token will be used, otherwise it will be picked from Global Secret.
PrefixAppNameInSemgrepBranchName
Bool
Enter either true
or false
accordingly whether you want app name to be reflected with a branch name. If it is true
, it will add app name with branch name. E.g., {SemgrepAppName}-{branchName}
UseCommitAsSemgrepBranchName
Bool
Enter either true
or false
accordingly whether you want app name to be reflected with commit hash. If it is true
, it will add app name with commit hash. E.g., {SemgrepAppName}-{CommitHash}.
SemgrepAppName
String
App name for Semgrep. If it is provided, and PrefixAppNameInSemgrepBranchName
is true, then this will be prefixed with branch name/commit hash.
ExtraCommandArguments
String
Extra command arguments for Semgrep CI command. E.g., Input: --json --dry-run.
K6 is an open-source tool and cloud service that makes load testing easy for developers and QA engineers.
Prerequisite: Make sure you have set up an account in k6.io
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select K6 Load Testing from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|---|---|
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Pipeline plugins (a.k.a. preset plugins) are micro tools that allow you to enhance and refine the of your application by adding new features, integrating with external tools, and automating tasks.
Unlike , preset plugins come bundled with specific variables and conditions that help you make the plugins work seamlessly with your CI/CD pipeline.
Some plugins are meant for pre-build/post-build, while some are meant for pre-deployment/post-deployment.
From this section, you can know more about the individual plugins and its purpose.
Configuring Sonarqube
in pre-build or post build task enhances your workflow with Continuous Code Quality & Code Security.
Prerequisite: Make sure you have set up an account in Sonarqube
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Sonarqube from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Codacy is an automated code analysis/quality tool that helps developers to ship better software in a faster manner.
Prerequisite: Make sure you have set up an account in Codacy
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Codacy from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Pass/Failure Condition
refers to conditions to execute pass or fail of your build. You can select either:
Set pass conditions
or
Set failure conditions
Click Update Pipeline.
Configuring Dependency Track for NodeJs
in pre-build or post build task creates a bill of materials from Maven & Gradle projects and environments and uploads it to D-track for to identify and reduce risk in the software supply chain.
Prerequisite: Make sure you have set up an account in dependency track
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for Maven & Gradle from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Variable | Format | Description |
---|
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Variable | Format | Description |
---|
RelativePathToScript
String
Checkout path + script path along with script name
PrometheusUsername
String
Username of Prometheus account
PrometheusApiKey
String
API key of Prometheus account
PrometheusRemoteWriteEndpoint
String
Remote write endpoint of Prometheus account
OutputType
String
Log
or Prometheus
SonarqubeProjectKey | String | Project key of SonarQube account |
SonarqubeApiKey | String | API key of SonarQube account |
SonarqubeEndpoint | String | API endpoint of SonarQube account |
CheckoutPath | String | Checkout path of Git material |
UsePropertiesFileFromProject | Boolean | Enter either |
CheckForSonarAnalysisReport | Boolean | Enter either |
AbortPipelineOnPolicyCheckFailed | Boolean | Enter either |
CodacyEndpoint | String | API endpoint for Codacy |
GitProvider | String | Git provider for the scanning |
CodacyApiToken | String | API token for Codacy. If it is provided, it will be used, otherwise it will be picked from Global secret (CODACY_API_TOKEN). |
Organisation | String | Your Organization for Codacy |
RepoName | String | Your Repository name |
Branch | String | Your branch name |
BuildToolType | String | Type of build tool your project is using. E.g., Maven, or Gradle |
DTrackEndpoint | String | API endpoint of your dependency track account |
DTrackProjectName | String | Name of your dependency track project |
DTrackProjectVersion | String | Version of dependency track project |
DTrackApiKey | String | API key of your dependency track account |
CheckoutPath | String | Checkout path of Git material |
Configuring Sonarqube-v1.1.0
in pre-build or post build task enhances your workflow with Continuous Code Quality & Code Security.
Prerequisite: Make sure you have set up an account in Sonarqube
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Sonarqube v1.1.0 from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Pass/Fail Condition
refers to a conditional statement to pass or fail the Pre-Build Stage (or Post-Build Stage). You can select either:
Set pass conditions
or
Set failure conditions
Click Update Pipeline.
Variable | Format | Description |
---|---|---|
SonarqubeProjectPrefixName
String
This is the SonarQube project prefix name. If not provided, the prefix name is automatically generated.
SonarqubeBranchName
String
Branch name to be used to send the scanned result on sonarqube project.
SonarqubeProjectKey
String
Project key of SonarQube account
CheckForSonarAnalysisReport
Bool
Boolean value - true or false. Set true to poll for generated report from sonarqube.
AbortPipelineOnPolicyCheckFailed
Bool
Boolean value - true or false. Set true to abort on report check failed.
UsePropertiesFileFromProject
Bool
Boolean value - true or false. Set true to use source code sonar-properties file.
SonarqubeEndpoint
String
API endpoint of SonarQube account.
CheckoutPath
String
Checkout path of Git material.
SonarqubeApiKey
String
API key of SonarQube account
SonarContainerImage
String
Container Image that will be used for sonar scanning purpose.