Using “codeinsight-<generic-plugin-version>.jar” to Configure the CI/CD Pipeline
The following procedure uses the codeinsight-<generic-plugin-version>.jar file to configure the CI/CD pipeline to run a generic scan-agent plugin scan as part of your application build.
To use “codeinsight-<generic-plugin-version>.jar” to configure the CD/CI pipeline to run a generic scan-agent plugin scan, do the following:
-
Download and extract the contents of the
CodeInsightversionPlugins.zipfile, as described in the previous section, Downloading Plugins. -
Locate the
generic-plugin-binaryfolder (in thecode-insight-agent-sdk-generic-pluginfolder), and copy it to theGitLab-Runnerfolder (that is, your GitLab Runner installation folder). -
Restart GitLab Runner using the following command:
.\gitlab-runner.exe restart -
Locate the
gitlab.ci.ymlfile for the repository containing the code you want to scan, and open this file in an editor. -
Add the following code to define the job for Code Insight plugin scan.
codeinsight_scan:
stage: test
only:
- main
tags:
- <tag_for_your_GitLab-Runner>
script:
- cmd /Q /C cd <path/to/generic-plugin-binary/>
- cmd /Q /C java -jar <path/to/generic-plugin-binary/codeinsight-generic-<version>>.jar -server
"$CODEINSIGHT_SERVER" -project "$CODEINSIGHT_PROJECT" -token "Bearer $AUTH_TOKEN" -root
"<codebase_path>" -scandirs "<codebase_folder_paths>" -alias <alias>
variables:
CODEINSIGHT_SERVER: "<http://<codeinsight_host>:8888/codeinsight>"
AUTH_TOKEN: "<token>"
CODEINSIGHT_PROJECT: "<codeinsight_project_name>"See Plugin Scan Information to Provide in gitlab.ci.yml File for a description of the properties and variables that you need to define in this content for the scan job.
-
Save
gitlab.ci.yml. -
Configure the CI/CD pipeline schedule in the UI to run the job for the Code Insight plugin scan.
When triggered, the job for the plugin scan should run successfully.
Plugin Scan Information to Provide in gitlab.ci.yml File
The following tables describes the properties and variables that you need to define to set up the job for the Code Insight plugin scan in the gitlab.ci.yml file. Refer to Step 5 in the previous section for the context of these properties and variable definitions.
Required Properties in the “codeinsight_scan” Section of “gitlab.ci.yml”
This table describes the required properties in the codeinsight_scan section of the gitlab.ci.yml file.
| Property Section/Keyword | Description | ||
|---|---|---|---|
| tags | - <tag_for_your_GitLab-Runner> | Replace <tag_for_your_GitLab-Runner> with the tag defined for your GitLab Runner. For example: - hello | |
| script | Define the properties used in the script commands that run the Code Insight plugin scan. | ||
| -cmd (first) | <path/to/generic-plugin-binary/> | Replace <path/to/generic-plugin-binary/> with the location of the generic scan-agent plugin in GitLab. For example: -cmd D:\GitLab-Runner\generic-plugin-binary | |
| -cmd (second) | Define the properties required in the second command of the script. | ||
-jar <path/to/generic-plugin-binary/codeinsight-generic-version>>.jar | For the jar property, replace <path/to/generic-plugin-binary/codeinsight-generic-version> with the path and version of the codeinsight-generic-<version>. jar file. For example: -jar D:\GitLab-Runner\generic-plugin-binary\codeinsight-generic-3.1.12.jar | ||
-root "<codebase_path>" | For the root property, replace <codebase_path> with the root path for the codebase to be scanned. For example: -root D:\GitLab-Runner\output | ||
-scandirs "<codebase_folder_paths>" | For the scandirs property, replace <codebase_folder_paths> with the path of the specific folder to be scanned. Separate multiple folder paths with commas. | ||
-alias <alias> | For the alias property, replace <alias> with a user-defined name for the scan-agent plugin. For example: -alias Eportal_Remote on abc.com The alias is simply used to represent the “container” (scan root) under which all the scanned files will be listed in the API output and in the file tree in the Analysis Workbench. The name must be unique within the Code Insight project. |
Required Variable Definitions in the “variables” Section of “gitlab.ci.yml”
This table describes the variable values that must be defined in the variables section of the gitlab.ci.yml file. These values are passed to the script and to the pipeline-schedule configuration required for the scan.
| Variable Definition | Description | |
|---|---|---|
CODEINSIGHT_SERVER: "<http://<codeinsight_host>:8888/codeinsight>" | Replace <http://<codeinsight_host>:8888/codeinsight> with the URL for the Code Insight Core Server, such as: CODEINSIGHT_SERVER: "http://1.1.1.1:8888/codeinsight" | |
AUTH_TOKEN:"<token>" | Replace <token> with the JSON Web Token (JWT) used to authorize user access to the Code Insight functionality. For example: AUTH_TOKEN: "eyJhbGciOiJIUzUxMiJ9\.\.\.\." (not showing the complete token) Do not precede the token with the term “Bearer” as it is already indicated in the script command. You can generate this token using the Code Insight Web UI and then copy and paste it in this field. For more information, see Providing an Authorization Token. | |
CODEINSIGHT_PROJECT: <codeinsight_project_name> | Replace <codeinsight_project_name> with the name of the project you created in Code Insight to store the scan results. For example: CODEINSIGHT_PROJECT: "gitlabProject2" |