Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide
    26.2.0
    26.2.0

    Jenkins

    Jenkins

    Beta feature CI/CD support for Jenkins is currently in beta for select FortiCNAPP customers. Contact your FortiCNAPP Representative for more information.

    Managing FortiCNAPP API credentials with Jenkins

    There are a variety of ways to manage credentials in Jenkins. For more information, go to the Jenkins Documentation.

    Collecting LW_API_KEY and LW_API_SECRET

    To integrate with Jenkins, you must first collect your LW_API_KEY and LW_API_SECRET.

    To collect the environment secrets:

    1. Log in to the console.

    2. Click Settings > API keys.

    3. Select or create an API key.

    4. Click the download icon.

    5. Open the downloaded .json file to view your API Key and Secret.

    Adding LW_API_KEY and LW_API_SECRET credentials

    The following set of instructions add and configure global credentials in your Jenkins environment. Before implementing these credentials, check with your Jenkins administrator to verify that this is your organization's method of configuration.

    The following instructions are an example. Follow your organization’s credential management when implementing the procedure.

    You must have Credentials > Create permission in your Jenkins organization. This role is configured by a user with Administer permission.

    Creating new credentials

    To add new credentials:

    1. Log in to Jenkins.

    2. Go to Manage Jenkins.

    3. Click Manage Credentials.

    4. Click Jenkins under Stores scoped to Jenkins.

    5. Click Global credentials (unrestricted) under System.

    6. Click Add credentials.

      This may appear as add some credentials.

    7. Add LW_API_KEY and LW_API_SECRET as Secret text credentials.

    8. For each credential:

      1. In the Kind dropdown, click Secret text.

      2. In the Scope dropdown, select Global.

      3. Paste your secret in the Secret field.

      4. In the ID field, enter LW_API_KEY or LW_API_SECRET.

      5. Describe the credential.

      6. Click Create.

    Adding the credentials to your job configuration

    Once you have added LW_API_KEY and LW_API_SECRET as secret text credentials, you must add them to your job configuration.

    To add the credentials to your job configuration:

    1. Open your Jenkins job configuration.

    2. Go to Build environment.

    3. Select Use secret text(s) or file(s).

    4. Under Bindings, click Add.

    5. For each credential:

      1. In the Variable field, enter the Variable name (for example, LW_API_KEY).

      2. In the Credentials dropdown, select the credential that corresponds with the named variable.

      3. Click Save.

    Using the lacework/codesec image for IaC scanning

    Prepare an env.list File

    The lacework/codesec-iac image runs in Docker, but it relies on a number of environment variables being passed to it by Jenkins. This can be achieved by creating an env.list file in the workspace with the required variables and then having Docker use that for its environment.

    The following script can be used:

    #!/bin/bash
## Provide Lacework credentials
echo "LW_ACCOUNT=AcmeCorporation" > env.list 
echo "LW_API_KEY=${LW_API_KEY}" >> env.list
echo "LW_API_SECRET=${LW_API_SECRET}" >> env.list 

## Provide Jenkins build details
env | grep '^BRANCH_\|^CHANGE_\|^TAG_\|^BUILD_\|^JOB_\|^JENKINS_\|^GIT_' >> env.list

    The #!/bin/bash declaration at the top of the script verifies that the commands are interpreted as bash. Don't leave it out.

    Invoking Docker

    Your can then invoke Docker in your Jenkins job with usage such as:

    docker run --env-file env.list -v "$(pwd):/app/src" lacework/codesec:stable lacework iac scan --directory=.

    Defining an unstable result

    To have your job reach an “unstable” result, you can add an entry for EXIT_FLAG that defines your threshold for IaC violations in the env.list file.

    Previous
    Next

    Jenkins

    Jenkins

    Beta feature CI/CD support for Jenkins is currently in beta for select FortiCNAPP customers. Contact your FortiCNAPP Representative for more information.

    Managing FortiCNAPP API credentials with Jenkins

    There are a variety of ways to manage credentials in Jenkins. For more information, go to the Jenkins Documentation.

    Collecting LW_API_KEY and LW_API_SECRET

    To integrate with Jenkins, you must first collect your LW_API_KEY and LW_API_SECRET.

    To collect the environment secrets:

    1. Log in to the console.

    2. Click Settings > API keys.

    3. Select or create an API key.

    4. Click the download icon.

    5. Open the downloaded .json file to view your API Key and Secret.

    Adding LW_API_KEY and LW_API_SECRET credentials

    The following set of instructions add and configure global credentials in your Jenkins environment. Before implementing these credentials, check with your Jenkins administrator to verify that this is your organization's method of configuration.

    The following instructions are an example. Follow your organization’s credential management when implementing the procedure.

    You must have Credentials > Create permission in your Jenkins organization. This role is configured by a user with Administer permission.

    Creating new credentials

    To add new credentials:

    1. Log in to Jenkins.

    2. Go to Manage Jenkins.

    3. Click Manage Credentials.

    4. Click Jenkins under Stores scoped to Jenkins.

    5. Click Global credentials (unrestricted) under System.

    6. Click Add credentials.

      This may appear as add some credentials.

    7. Add LW_API_KEY and LW_API_SECRET as Secret text credentials.

    8. For each credential:

      1. In the Kind dropdown, click Secret text.

      2. In the Scope dropdown, select Global.

      3. Paste your secret in the Secret field.

      4. In the ID field, enter LW_API_KEY or LW_API_SECRET.

      5. Describe the credential.

      6. Click Create.

    Adding the credentials to your job configuration

    Once you have added LW_API_KEY and LW_API_SECRET as secret text credentials, you must add them to your job configuration.

    To add the credentials to your job configuration:

    1. Open your Jenkins job configuration.

    2. Go to Build environment.

    3. Select Use secret text(s) or file(s).

    4. Under Bindings, click Add.

    5. For each credential:

      1. In the Variable field, enter the Variable name (for example, LW_API_KEY).

      2. In the Credentials dropdown, select the credential that corresponds with the named variable.

      3. Click Save.

    Using the lacework/codesec image for IaC scanning

    Prepare an env.list File

    The lacework/codesec-iac image runs in Docker, but it relies on a number of environment variables being passed to it by Jenkins. This can be achieved by creating an env.list file in the workspace with the required variables and then having Docker use that for its environment.

    The following script can be used:

    #!/bin/bash
## Provide Lacework credentials
echo "LW_ACCOUNT=AcmeCorporation" > env.list 
echo "LW_API_KEY=${LW_API_KEY}" >> env.list
echo "LW_API_SECRET=${LW_API_SECRET}" >> env.list 

## Provide Jenkins build details
env | grep '^BRANCH_\|^CHANGE_\|^TAG_\|^BUILD_\|^JOB_\|^JENKINS_\|^GIT_' >> env.list

    The #!/bin/bash declaration at the top of the script verifies that the commands are interpreted as bash. Don't leave it out.

    Invoking Docker

    Your can then invoke Docker in your Jenkins job with usage such as:

    docker run --env-file env.list -v "$(pwd):/app/src" lacework/codesec:stable lacework iac scan --directory=.

    Defining an unstable result

    To have your job reach an “unstable” result, you can add an entry for EXIT_FLAG that defines your threshold for IaC violations in the env.list file.

    Previous
    Next