Overview

Integrating Bridgecrew with Jenkins makes it possible for Bridgecrew to scan your Infrastructure-as-code files, display Incidents on the Console and, optionally, cause a build to fail.

Jenkins is an extremely powerful and customizable tool. There are many ways to integrate Jenkins with a code repository to trigger builds. This page gives examples, but it is very likely that you will need to adapt these examples to your environment.

How to Integrate

  1. From the Integrations Catalog, under CI/CD, select Jenkins.
  1. Enter a name for your token and add a description (Optional), then select Create. Tokens are specific per user and enforce the role and permission assigned to that user within the organization.
  1. Save the API Token, then select Next. (The Token will not be available later.)
  1. Copy the URL of the Repository to be scanned, then select Next.
  1. To configure your subscription, you need to copy the pipeline step shown and paste it into your Jenkins Pipeline, then select Done.
    Note: this example hardcodes your Bridgecrew API token. We recommend configuring this value in a Jenkins credential.
    Note: after the next Jenkins scan, the scanned repository will appear in the Integrations grid; for further details, see here.

Environment variables

Adding environment context variables allows you to enrich Bridgecrew's code reviews in the platform with additional metadata. You do not need to specify any of these values for the integration to work; these are optional. Depending on your environment, you may be able to pull these from other environment variables. Or, you can set them manually, as in the example below.

  • BC_FROM_BRANCH
  • BC_TO_BRANCH
  • BC_PR_ID
  • BC_PR_URL
  • BC_COMMIT_HASH
  • BC_COMMIT_URL
  • BC_AUTHOR_NAME
  • BC_AUTHOR_URL
  • BC_RUN_ID
  • BC_RUN_URL
  • BC_REPOSITORY_URL

Bridgecrew API key

We strongly recommend that you utilize Jenkins's credential store for your Bridgecrew API key. In the example below, we omit this step for simplicity.

Example

pipeline {
    agent {
        docker {
            image 'kennethreitz/pipenv:latest'
            args '-u root --privileged -v /var/run/docker.sock:/var/run/docker.sock'
        }
    }
    stages {
        stage('test') {
            steps {
                checkout([$class: 'GitSCM', branches: [[name: 'master']], userRemoteConfigs: [[url: '[email protected]:org/repo.git']]])
                script {
                    sh "export BC_REPOSITORY_URL=https://github.com/org/repo"
                    sh "pipenv install"
                    sh "pipenv run pip install bridgecrew"
                    sh "pipenv run bridgecrew --directory .  --bc-api-key API_KEY --repo-id org/repo"
                }
            }
        }
    }
    options {
        preserveStashes()
        timestamps()
    }
}

Did this page help you?