# Jenkins Integration

## Introduction

Sec1 Security plugin help developers/teams to scan their SCM for open source vulnerabilities against Sec1 Security DB

## Usage

To use the plugin up you will need to take the following steps in order:

1. [Install the Sec1 Security Plugin](#1-install-the-sec1-security-plugin)
2. [Configure a Sec1 API Token Credential](#2-configure-a-sec1-api-token-credential)
3. [Add Sec1 Security to your Project](#3-add-sec1-security-to-your-project)

## 1. Install the SEC1 Security Plugin

* Go to "Manage Jenkins" > "System Configuration" > "Plugins".
* Search for "Sec1 Security" under "Available plugins".
* Install the plugin.

### Custom API Endpoints

By default, Sec1 uses the <https://api.sec1.io> endpoint. It is possible to configure Sec1 to use a different endpoint by changing the `SEC1_INSTANCE_URL` environment variable:

* Go to "Manage Jenkins" > "System Configuration" -> "System"
* Under "Global properties" check the "Environment variables" option
* Click "Add"
* Set the name to `SEC1_INSTANCE_URL` and the value to the custom endpoint

## 2. Configure a Sec1 API Token Credential

* Go to "Manage Jenkins" > "Security" > "Credentials". For more info refer [Using Credentials Jenkins](https://www.jenkins.io/doc/book/using/using-credentials/)
* Choose a Store
* Choose a Domain
* Go to "Add Credentials"
* Select "Secret text"
* Add `<YOUR_SEC1_API_KEY_ID>` as ID and Configure the Credentials.
* Remember the "ID" as you'll need it when configuring the build step.

Note : If you do not see Credetails option then get in touch with your Jenkins Admin to get proper access. Refer [Role-based Authorization Strategy](https://plugins.jenkins.io/role-strategy/)

To get `Sec1 Api Key` navigate to [Scopy](https://scopy.sec1.io/) > "Login with GitHub" > "Settings"

* In "API key" section, click on "Generate API key"
* Copy key for use.

> <details>
>
> <summary>📷 Show Preview</summary>
>
> <img src="https://307871102-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZPTNiztX3Ibw7jPbJaOR%2Fuploads%2Fgit-blob-fb7ef0e13c87a34ca8153cf2d2d82fc350266c0d%2Fsec1-configuration-api-key.png?alt=media" alt="Sec1 API Token" data-size="original">
>
> </details>

## 3. Add Sec1 Security to your Project

This step will depend on if you're using Freestyle Projects or Pipeline Projects.

### Freestyle Projects

* Select a project
* Go to "Configure"
* Under "Build", select "Add build step" select "Execute Sec1 Security Scanner"
* Configure as needed. Click the "?" icons for more information about each option.

> <details>
>
> <summary>📷 Show Preview</summary>
>
> <img src="https://307871102-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZPTNiztX3Ibw7jPbJaOR%2Fuploads%2Fgit-blob-66f6d4ab7a7c208579fd5044a303a032ba4a1c09%2Fsec1-buildstep.png?alt=media" alt="Basic configuration" data-size="original">
>
> </details>

### Pipeline Projects

Use the `sec1Security` step as part of your pipeline script. You can use the "Snippet Generator" to generate the code from a web form and copy it into your pipeline.

> <details>
>
> <summary>📷 Show Example</summary>
>
> ```groovy
> pipeline {
>   agent any
>
>   stages {
>     stage('Build') {
>       steps {
>         echo 'Building...'
>       }
>     }
>     stage('Sec1 Security') {
>             steps {
>                 script {
>                     sec1Security (
>                         scanFileLocation: "${WORKSPACE}", // this is the location of you scm checkout directory. if not configured don't change it.
>                         apiCredentialsId: "<Your Sec1 Api Key ID>", 
>                         //optional
>                         applyThreshold: true,
>                         actionOnThresholdBreached: "unstable",
>                         threshold: [criticalThreshold: '0', highThreshold: '0']
>                     )
>                 }
>             }
>         }
>     stage('Deploy') {
>       steps {
>         echo 'Deploying...'
>       }
>     }
>   }
> }
> ```
>
> </details>

Whether the step should fail if issues and vulnerabilities are found. You can pass the following parameters to your \`sec1Security\` step.

#### `scanFileLocation` (required, default: `${WORKSPACE}`)

Location where scm checkout is done. Default is `${WORKSPACE}` of build job.

Scan will fill if you dont provide this value.

#### `apiCredentialsId` (optional, default: *none*)

Sec1 Api Key Credential ID. As configured in "[2. Configure a Sec1 API Token Credential](#2-configure-a-sec1-api-token-credential)".

#### `applyThreshold` (optional, default: `false`)

Whether vulnerability threshold needs to be applied on the build.

#### `threshold` (optional, default: `false`)

Threshold values for each type of vulerability. e.g. configuration: \[criticalThreshold: '0', highThreshold: '10', mediumThreshold: '0', lowThreshold: '0']

If scan reports gives more vulnerabilities than configured threshold for the respective type of vulnerability then error will be shown in console and build status will be modified based on actionOnThresholdBreached value.

#### `actionOnThresholdBreached` (optional, default: `fail`)

The action which needs to be taken on build if vulnerability threshold is breached. Possible values: `fail`, `unstable`, `continue`

## Troubleshooting

To see more information on your steps:

* View the "Console Output" for a specific build.

***

\-- Sec1 team