Bitbucket Pipeline SnykDB Integration
Snyk’s unique combination of developer-first tooling and best in class security depth enables businesses to easily build security into their continuous development process. In this session, we are showing how you can integrate the SnykDB in your bitbucket pipeline integration. In this tutorial, I am explaining this based on an Angular project.
options:
docker: true
image: node:10.15.3
pipelines:
branches:
master:
- step:
name: Install npm & SnykDB
size: 2x
caches:
- node
script:
- npm install
- npm rebuild node-sass
- npm install -g @angular/cli
- pipe: snyk/snyk-scan:0.2.0
variables:
SNYK_TOKEN: $SNYK_TOKEN
LANGUAGE: "npm"
TEST: "true"
MONITOR: "true"
DONT_BREAK_BUILD: "true"
ORGANIZATION: $ORG_NAME
artifacts:
- dist/**$SNYK_TOKEN — This is synkAPI token that can be taken from the account page, this need to be saved as a repository variable under pipeline settings.
ORG_NAME — Name of your organization, in this case, my organization name is cloudopsguruonline, Again this is saved as a repository variable under the pipeline settings.
LANGUAGE: “npm” : Build language like npm, Java , DotNet etc.
TEST / PROTECT: “true” , test will test your dependencies for vulnerabilities and tell you how many vulnerabilities are found. It will return a non-zero exit code which will cause a build to fail when run inside of CI environments (depending on how the CI tool is configured).protect is used to apply patches to your vulnerable dependencies.
MONITOR: “true” : can be used from the CLI to create a project on the Snyk website that will be continuously monitored for new vulnerabilities.
DONT_BREAK_BUILD: “true” : This will prevent breaking build in case of fail due to vulnerability, advised to not enable this.
Result :
https://cloudops-guru.in/2020/08/06/bitbucket-snykdb-integration/