Jenkins Integration Examples

This section provides the Jenkins integration examples for different use cases.

Example 1. Scan from the cloud using the NeuraLegion CLI (NPM installation)

To apply this option, you only need to install the NeuraLegion CLI globally on your Jenkins machine using the relative NPM command.

Prerequisites

  • You are an active user in the NeuraLegion App.
  • You have a valid organization API key or personal API key (NEURALEGION_TOKEN) with the following scopes: bot,
    scans : run,scan : read, and scans : stop.
  • You have downloaded the Node.js plug-in to your Jenkins machine.
  • You have created the NEURALEGION_TOKEN environmental variable on your Jenkins machine.
  • You have copied the NeuraLegion PROJECT_ID on the Projects page. If you do not specify the PROJECT_ID , the scan will be run under Default project.

Step-by-Step Guide

STEP 1 - Install the CLI

  sh 'npm install @neuralegion/nexploit-cli -g || true'

STEP 2 - Run (Re-Test) a Scan

  • If you need to run a new scan with a Crawler, use the following script:
  echo "Start NeuraLegion Scan 🏁"
           SCAN_ID=$(nexploit-cli scan:run --token ${NEURALEGION_TOKEN} --name "Jenkins Scan" --crawler https://brokencrystals.com/ --smart)
           echo "Scan was started with ID https://app.neuralegion.com/scans/$SCAN_ID\n"
  • If you need to re-test a previous scan with its ID OLD_SCAN_ID, use the following script:
echo "Retest a scan"
         NEW_SCAN_ID=$(nexploit-cli scan:retest --token=$NEURALEGION_TOKEN $OLD_SCAN_ID)
         echo "Scan was started with ID https://app.neuralegion.com/scans/$NEW_SCAN_ID\n"

STEP 3 - Poll the Results

📘

Note

When polling the scan results, it is recommended to follow the fail-fast principle by using the breakpoint command. See NeuraLegion CLI Command List for a full list of commands you can use in your Jenkins flow.

Poll the scan until until it returns some issue, or its time runs out:

 echo "Wait for issues ⏳\n"
           RESULT=$(nexploit-cli scan:polling --interval 30s --timeout 20m --token $NEURALEGION_TOKEN --breakpoint medium_issue $SCAN_ID)
           if [ -z "$RESULT" ]
           then
               echo "Failed to stop scan"
           else
               echo "Stop Scan 🛑"
               nexploit-cli scan:stop --token $NEURALEGION_TOKEN $SCAN_ID

STEP 4 - View the Results

To view the reports on the detected issues, go to the NeuraLegion App.

Complete Example

The following example is made up of the steps above and shows how to run a new scan using the Crawler discovery type:

pipeline {
 agent any
 environment {
   NEURALEGION_TOKEN = "$NEURALEGION_TOKEN"
   }
 tools {nodejs "node"}
 stages {
   stage("Install Dep"){
       steps{
           sh 'npm install @neuralegion/nexploit-cli -g || true'
       }
   }
   stage('Start Scan') {
     steps {
         sh '''#!/bin/bash
           echo "Start NeuraLegion Scan 🏁"
           SCAN_ID=$(nexploit-cli scan:run --token ${NEURALEGION_TOKEN} --name "Jenkins Scan" --crawler https://brokencrystals.com/ --smart)
           echo "Scan was started with ID https://app.neuralegion.com/scans/$SCAN_ID\n"
           sleep 10
           echo "Wait for issues ⏳\n"
           RESULT=$(nexploit-cli scan:polling --interval 30s --timeout 20m --token $NEURALEGION_TOKEN --breakpoint medium_issue $SCAN_ID)
           if [ -z "$RESULT" ]
           then
               echo "Failed to stop scan"
           else
               echo "Stop Scan 🛑"
               nexploit-cli scan:stop --token $NEURALEGION_TOKEN $SCAN_ID
           fi
       '''
     }
   }
 }
}

Example 2. Scan via a Repeater using the NeuraLegion CLI (NPM installation)

To apply this option, you need to install the NeuraLegion CLI on your Jenkins machine and activate the Repeater using the Repeater ID and NeuraLegion API key.

Prerequisites

  • You are an active user in the NeuraLegion App.
  • You have a Repeater with a valid ID ‘REPEATER’. See Managing Repeaters for the information about handling the Repeaters.
  • You have a valid organization API key or personal API key (NEURALEGION_TOKEN) with the following scopes: bot,
    scans : run,scan : read, and scans : stop.
  • You have downloaded the Node.js plug-in to your Jenkins machine.
  • You have created the NEURALEGION_TOKEN environmental variable on your Jenkins machine.
  • You have copied the NeuraLegion PROJECT_ID on the Projects page. If you do not specify the PROJECT_ID, the scan will be run under Default project.

Step-by-Step Guide

STEP 1 - Install the CLI

sh 'npm install @neuralegion/nexploit-cli -g || true'

STEP 2 - Activate the Repeater

   PID_REPEATER=$(nexploit-cli repeater --token=${NEURALEGION_TOKEN} --id=${REPEATER_ID} &> /dev/null & echo $!)

📘

Note

If a valid API token NEURALEGION_TOKEN and Repeater ID REPEATER were not added, then the Unauthorized access error appears. Please check your credentials.

🚧

Important

Make sure that the Repeater has an outbound connection to the NeuraLegion host depending on its deployment. The Repeater should be connected either to the default amq.nexploit.app via the AMQ protocol (over TLS) using port 5672 or to your private cloud using the relative port.

STEP 2 - Run (Re-Test) a Scan

  • If you need to run a new scan with a Crawler, use the following script:
  echo "Start NeuraLegion Scan 🏁"
           SCAN_ID=$(nexploit-cli scan:run --token ${NEURALEGION_TOKEN} --name "Jenkins Scan with Repeater" --crawler https://brokencrystals.com/ --smart)
           echo "Scan was started with ID https://app.neuralegion.com/scans/$SCAN_ID\n"
  • If you need to re-test a previous scan with its ID OLD_SCAN_ID and API key NEURALEGION_TOKEN, use the following script:
echo "Retest a scan"
         NEW_SCAN_ID=$(nexploit-cli scan:retest --token=$NEURALEGION_TOKEN $OLD_SCAN_ID;
echo "Scan started $NEW_SCAN_ID";

STEP 4 - Poll the Results

📘

Note

When polling the scan results, it is recommended to follow the fail-fast principle by using the breakpoint command. See NeuraLegion CLI Command List for a full list of commands you can use in your Jenkins flow.

Poll the scan until it returns some issue, or its time runs out:

  echo "Wait for issues ⏳\n"
           RESULT=$(nexploit-cli scan:polling --interval 30s --timeout 20m --token $NEURALEGION_TOKEN --breakpoint high_issue $SCAN_ID)

After that - stop the scan:

  nexploit-cli scan:stop --token $NEURALEGION_TOKEN $SCAN_ID

STEP 5 - View the Results

To view the reports on the detected issues, go to the NeuraLegion App.

Complete Example

The following example is made up of the steps above and shows how to run a new scan via a Repeater using the Crawler discovery type:

pipeline {
 agent any
 environment {
   NEURALEGION_TOKEN = "$NEURALEGION_TOKEN"
   REPEATER_ID = "$REPEATER"
   }
 tools {nodejs "node"}
 stages {
   stage("Install Dep"){
       steps{
          sh 'npm install @neuralegion/nexploit-cli -g || true'
       }
   }
   stage('Start Scan') {
     steps {
         sh '''#!/bin/bash
           echo "Start Repeater 🏁"
           PID_REPEATER=$(nexploit-cli repeater --token=${NEURALEGION_TOKEN} --id=${REPEATER_ID} &> /dev/null & echo $!)
           echo "Repeater started PID: $PID_REPEATER\n"
           sleep 10
           echo "Start NeuraLegion Scan 🏁"
           SCAN_ID=$(nexploit-cli scan:run --token ${NEURALEGION_TOKEN} --repeater ${REPEATER_ID} --name "Jenkins Scan with Repeater" --crawler https://brokencrystals.com/ --smart)
           echo "Scan was started with ID https://app.neuralegion.com/scans/$SCAN_ID\n"
           sleep 10
           echo "Wait for issues ⏳\n"
           RESULT=$(nexploit-cli scan:polling --interval 30s --timeout 20m --token $NEURALEGION_TOKEN --breakpoint high_issue $SCAN_ID)
           if [ -z "$RESULT" ]
           then
               echo "Failed to stop scan"
           else
               echo "Stop Scan 🛑"
               nexploit-cli scan:stop --token $NEURALEGION_TOKEN $SCAN_ID
           fi
       '''
     }
   }
 }

Example 3. Scan via a Repeater using the NeuraLegion CLI (Docker installation)

To apply this option, you need to configure a Docker image inside your pipeline (for example, by creating a docker-compose file). Once the Docker is configured, you can run the NeuraLegion CLI and activate the Repeater using the Repeater ID and NeuraLegion API key.

Prerequisites

  • You are an active user in the NeuraLegion App.
  • You have a Repeater with a valid ID ‘REPEATER’. See Managing Repeaters for the information about handling the Repeaters.
  • You have a valid organization API key or personal API key (NEURALEGION_TOKEN) with the following scopes: bot,
    scans : run,scan : read, and scans : stop.
  • You have downloaded the Node.js plug-in to your Jenkins machine.
  • You have created the NEURALEGION_TOKEN environmental variable on your Jenkins machine.
  • You have copied the NeuraLegion PROJECT_ID on the Projects page. If you do not specify the PROJECT_ID, the scan will be run under Default project.

Step-by-Step Guide

STEP 1 - Run the Docker container with the Repeater

 sh 'npm install @neuralegion/nexploit-cli -g || true'
          sh 'docker rm $(docker ps --filter status=exited -q)'
          sh 'docker run -d --name "NLRepeater1" neuralegion/repeater:latest repeater --id ${REPEATER} --token ${NEURALEGION_TOKEN}'

📘

Note

If a valid API token NEURALEGION-TOKEN and Repeater ID REPEATER were not added, then the Unauthorized access error appears. Please check your credentials.

🚧

Important

Make sure that the Repeater has an outbound connection to the NeuraLegion host depending on its deployment. The Repeater should be connected either to the default amq.app.neuralegion.com via the AMQ protocol (over TLS) using port 5672 or to your private cloud using the relative port.

STEP 2 - Start a Scan

      SCAN_ID=$(nexploit-cli scan:run --token ${NEURALEGION_TOKEN} --repeater ${REPEATER} --name "Jenkins Scan with Docker" --crawler https://brokencrystals.com/ --smart)
           echo "Scan was started with ID https://app.neuralegion.com/scans/$SCAN_ID\n"

STEP 3 - Poll the Results

📘

Note

When polling the scan results, it is recommended to follow the fail-fast principle by using the breakpoint command. See NeuraLegion CLI Command List for a full list of commands you can use in your Travis flow.

echo "Poll for scan results";

# Poll the scan until it returns some issue, or its time runs out
   RESULT=$(nexploit-cli scan:polling --interval 30s --timeout 20m --token $NEURALEGION_TOKEN --breakpoint high_issue $SCAN_ID)

# After that - stop the scan
nexploit-cli scan:stop --token $NEURALEGION_TOKEN $SCAN_ID

STEP 4 - Stop the Docker container

  sh 'docker kill "NLRepeater1"'
         sh 'docker rm $(docker ps --filter status=exited -q)'

STEP 5 - View the Results

To view the reports on the detected issues, go to the NeuraLegion App

Complete Example

The following example is made up of the steps above and shows how to run a new scan via a Repeater using the Crawler discovery type:

pipeline {
 agent any
 environment {
   NEURALEGION_TOKEN = "$NEURALEGION_TOKEN"
   }
 tools {nodejs "node"}
 stages {
   stage("Install Dep"){
       steps{
          sh 'npm install @neuralegion/nexploit-cli -g || true'
          sh 'docker rm $(docker ps --filter status=exited -q)'
          sh 'docker run -d --name "NLRepeater1" neuralegion/repeater:latest repeater --id ${REPEATER} --token ${NEURALEGION_TOKEN}'
          sleep 5
       }
   }
   stage('Start Scan') {
     steps {
         sh '''#!/bin/bash
           echo "Start NeuraLegion Scan 🏁"
           SCAN_ID=$(nexploit-cli scan:run --token ${NEURALEGION_TOKEN} --repeater ${REPEATER} --name "Jenkins Scan with Docker" --crawler https://brokencrystals.com/ --smart)
           echo "Scan was started with ID https://app.neuralegion.com/scans/$SCAN_ID\n"
           sleep 10
           echo "Wait for issues ⏳\n"
           RESULT=$(nexploit-cli scan:polling --interval 30s --timeout 20m --token $NEURALEGION_TOKEN --breakpoint high_issue $SCAN_ID)
           if [ -z "$RESULT" ]
           then
               echo "Failed to stop scan"
           else
               echo "Stop Scan 🛑"
               nexploit-cli scan:stop --token $NEURALEGION_TOKEN $SCAN_ID
           fi
       '''
     }
   }
   stage('Stop Docker container') {
     steps {
         sh 'docker kill "NLRepeater1"'
         sh 'docker rm $(docker ps --filter status=exited -q)'
        }
   }
 }
}

 

Did this page help you?