Skip to main content

Using “run_scan.bat” to Configure the CI/CD Pipeline

The following procedure uses the run_scan.bat file to configure the CI/CD pipeline to run a generic scan-agent plugin scan as part of your application build.

To use “run_scan.bat” to configure the CD/CI pipeline to run a generic scan-agent plugin scan, do the following:

  1. Download and extract the contents of the CodeInsightversionPlugins.zip file, as described in the previous section, Downloading Plugins.

  2. Locate the generic-plugin-binary folder (in the code-insight-agent-sdk-generic-plugin folder), and copy it to the GitLab-runner folder (that is, your GitLab installation folder).

  3. Under the GitLab-Runner folder, create an output folder. For example, create a folder named output.

    GitLab Runner uses this folder to store logs and codebase information as part of the background process during the build.

  4. Locate the run_scan.bat file in the Gitlab-Runner\generic-plugin-binary folder.

  5. Open the file in an editor, and update the following properties to match your environment:

    • For the SET_ROOT_PATH property, provide the path for the output folder created in Step 4. For example:

      SET ROOT_PATH=D:\GitLab-Runner\output

      (Adjust the path as needed to match your GitLab Runner installation.)

    • For the cd command (in the next line after the SET_ROOT_PATH property), provide the location of the run_scan.bat file in GitLab Runner. For example:

      cd D:\GitLab-Runner\generic-plugin-binary

      (Adjust the path as needed to match your GitLab Runner installation.)

      info

      If the “cd” command is currently a comment, be sure to uncomment the line.

  6. Save the run_scan.bat file.

  7. Restart GitLab Runner using the following command:

    .\gitlab-runner.exe restart

  8. Locate the gitlab.ci.yml file for the repository containing the code you want to scan, and open this file in an editor.

  9. Update this file with information pertaining to the plugin scan.

    1. Add the following information defining the scan job:

      codeinsight_scan:
          stage: test
          only:
             - main
          tags:
              - <tag_for_your_GitLab-Runner>
          script:
              - cmd /Q /C <path\to\generic-plugin-binary\run_scan.bat> "$CODEINSIGHT_PROJECT" "$CODEINSIGHT_SERVER" "$AUTH_TOKEN" <codebase_folder_paths> <alias>

    2. In the script section, replace the following with information required for the plugin scan:

      • <path\to\generic-plugin-binary\run_scan.bat>—The path of the run_scan.bat file integrated with GitLab Runner, as in the example:

        D:\GitLab-Runner\generic-plugin-binary\run_scan.bat

      • <Codebase_folder_paths>—The path of the specific codebase folder to be scanned. Separate multiple folder paths with commas. These folders must be located on the local machine.

      • <alias>—A user-defined name for the scan-agent plugin, such as Eportal_Remote on abc.com. The alias is simply used to represent the “container” (scan root) under which all the scanned files will be listed in the API output and in the file tree in the Analysis Workbench. The name must be unique within the Code Insight project.

      note

      Do nothing with the variables $CODEINSIGHT_PROJECT, $CODEINSIGHT_SERVER, and $AUTH_TOKEN in the script section. These variables will be defined in the pipeline-schedule setup for the plugin scan (described in Step 11) and passed to the command listed.

  10. Save the gitlab.ci.yml file.

  11. When configuring the CI/CD pipeline schedule in the UI to run a Code Insight plugin scan, define the variables required for the scan:

    1. Navigate to the Variables section in the UI for the pipeline schedule.

    2. Select the specific variable from the dropdown and provide its value, as described in this list:

      • CODEINSIGHT_SERVER—The URL of the Code Insight Core Server (for example, http://1.1.1.1:8888/codeinsight).

      • CODEINSIGHT_PROJECT—The project you created in Code Insight to store the scan results (for example, "gitlabProject2").

      • AUTH_TOKEN—Your JSON Web Token (JWT) used to authorize user access to the Code Insight functionality, as in "eyJhbGciOiJIUzUxMiJ9...." (not showing the complete token).

        Generate this token using the Code Insight Web UI and then copy and paste it in this field. For more information, see Providing an Authorization Token.

      note

      Do not precede the JWT with the term “Bearer”, as it is already provided in the run_scan.bat file.

    3. Save the pipeline schedule once it is properly set up.

When triggered, the job for the plugin scan should run successfully.