Jenkins
Nctl
works with the Jenkins CI pipeline and can be used in the Jenkins workflow to scan the configuration files present in a repository against the centrally defined policies. The Jenkins job will trigger the scanning of the files and if unsuccessful, the entire job will fail, which will prompt the user with feedback for their changes. Upon successful completion of the job, the scan results will be published to the NCH for viewing. NCH provides insights to platform administrators on overall governance of different code repositories in their organization.
Understanding the Jenkins Workflow
To see pipeline scanning with Jenkins CI in action:
-
Create a Bitbucket or Git repository with some Docker, Kubernetes, and Terraform files. Refer to the official GitHub docs for creating a repository.
-
Next, log into Jenkins with your credentials which will take you the dashboaerd page.
-
After that, click on
New Item
located on the left hand top corner of the screen. It will initiate the creation of a Jenkins job. -
Enter the name of the job. Select
Freestyle project
from the list of options to choose from and clickOK
.
- Now that the job is created, it needs to be configured accordingly for the pipeline scanning to take place. To do so:
a. Click on General and fill outJira site
with your organization’s Atlassian URL.
b. After that, selectGit
as the Source Code Management and provide the repository details.
c. Enter theURL
of your repository and provide the credentials if its a private one. Leave credentials as none if it is a public repository.
d. Next, mention the branch name where the scanning will take place. Type./main
if there is no other branches in the repository.
e. Next, under Additional Behaviours, clickAdd
and selectCheck out to specific local branch
from the dropdown and typemain
under Branch Name.
f. After this, scroll down to Build Steps and click on Add build step.
g. SelectRun Nctl Scan
from the dropdown.
g. Fill out theNCTL Binary Link
field with the URL of the latest Nctl binary version to download. The required URL is available here.
h. Now, check the box for Scan Only Repository which will help integrate NCH.
i. UnderAPI Key
, add the API key that can be found in the profile section of the NCH tenant.
j. Fill outPath to Policies files
with the path to your policy files andNirmata URL
with the NCH URL (https://www.nirmata.io)
k. Finally, click Save to complete the job configuration.
- Next, click on Build Now on the left hand side navigation bar to run the job. This will trigger the pipeline scan and the process can be seen under
Build History
located on the left hand lower corner of the screen.
- Now, click on the build number under Build History to see details on the completion of the job. The status page will open by default where the information on the success or the failure of the job will be visible.
- Click on Console Output on the navigation bar to have a look at the scan results.
- Scroll down to the end of the page to verify the publishing of the report to the NCH tenant.
To have a look at the scan report in NCH:
- Log into NCH and go to Policies>Policy Reports. The Policy Reports can be viewed based on Categories, Clusters, Namespaces, and Repositories.
- Navigate to the Repositories tab to find the scanned repository under the list of repositories.
- Click on the repository hyperlink to get a detailed view of the scanned report.