Bamboo
Following is a sample code segment that can be configured in bamboo.yml file to perform a SAST scan.
Note: Make sure to update the parameters in the sample code according to your environment before using it.
— —
version: 2plan:
project-key: MYAPP
name: Build the myapp
key: MYAPP
stages:
-scan the myapp stage:
jobs:
— Scan
Scan:
tasks:
– clean # To keep the working directory clean
-script:
- env | grep -E "bamboo_buildNumber|bamboo_repository_branch_name|bamboo_repository_revision_number" > /tmp/env
– docker pull registry.fortidevsec.forticloud.com/fdevsec_sast:latest
– docker run --rm --env-file /tmp/env --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest
Following is a sample code segment that can be configured in bamboo.yml file to perform a DAST scan.
— —
version: 2plan:
project-key: MYAPP
name: Build the myapp
key: MYAPP
stages:
-scan the myapp stage:
jobs:
— Scan
Scan:
tasks:
– clean # To keep the working directory clean
-script:
- env | grep -E "bamboo_buildNumber|bamboo_repository_branch_name|bamboo_repository_revision_number" > /tmp/env
– docker pull registry.fortidevsec.forticloud.com/fdevsec_dast:latest
– docker run --rm --env-file /tmp/env --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_dast:latest