Continuous integrating rust repositories with Jenkins

Continuous integration with Jenkins and Firo Vulnerability Managemena for Rust repositories

Summary

This guide uses our open-source tool cifiro together with our API to search

for vulnerabilities in the imported programming libraries.

With the help of Jenkins we can easily integrate the power of our open(free) API

in to the development work flow with the help of Jenkins

Jenkins

Step one

Head on over to watchers.firosolutions.com sign up and go to profile and grab your API key.

Step two

Head on over to your instance of Jenkins and in to the Jenkins web interface.

Once logged in install the plugin Free text Search

that will make it easy to

ask Jenkins to stop once a nasty decency is found lets create a new project

Manage Jenkins > Manage plugins > Available > Text Finder plugin

Step three

Now when that is done lets add a new project so New project > Freestyle project

Specify which repository you want to use.

Step four

For the configuration part we want to add:

Build > execute shell

export PATH="$HOME/.cargo/bin:$PATH" wget https://raw.githubusercontent.com/firosolutions/cifiro/master/cifiro.py python3.6 cifiro.py apikey=myapikeyhere &> out.meh cat out.meh cargo +nightly build --release

Note: in this example we build a test script with the unstable (+nightly) feature, remove this(+nightly) unless you build a nightly build

First we activate so we can call cargo from the regular shell.

Then we want get the cifiro script

We execute the cifiro.py with python3.6 and our API key then we output the result

in a text file and then we cat it to view it.

And then a regular cargo

Step five

Lets tell the Text Free search plugin to search throw the result

Add a Post-build Actions and select Jenkins Text Finder

Files: out.meh [X] Also search the console output Regular expression: "description":\s" [ ] Succeed if found [X] Unstable if found [X] Not build if found

final step

Done!

Give your self a pet on the shoulder!

If it finds a security vulnerability in one of your libraries it will fail the build.

And if it does find anything the build succeeds:

Extra notes: This can also been done with Node JS libraries.

Some people claims that it does not work without outputting to a file but if you have the latest version of Jenkins, it should be enough just to check in the box for “Also search the console output”.

For more ideas head over to our API documentation