Skip to main content

DerScanner Integration via Plugin

Instructions:

  1. Install the plugin: go to Administration->Plugins List->Upload plugin zip.

In some cases, for the plugin to work correctly, it may be necessary to remove its previous versions.

  1. Set up connection:

    1. Go to Administration->Integrations->DerScanner.
    2. Enter an API address (with trailing slash) and a token, which you can obtain from the User profile section of the user interface (see Account).
    3. Then click Test Connection (if connection is successfully tested, Successful message appears).
    4. Click Save.

  2. In build settings, add DerScanner SAST Build Step and specify the necessary settings.

  3. Add Build Features (only available if there is DerScanner SAST Build Step):

    • DerScanner PDF report configure export of the report with scan results in PDF format (see Export Report);
    • DerScanner statistics includes security score, the number of vulnerabilities of each severity level, duration of scan and LOC (see statistics at Build->Parameters->Reported statistic values).

  4. Configure Failure Conditions:

    1. In build settings, click Failure Conditions.
    2. Click Add failure condition and select Fail build on metric change.
    3. Set Failure Conditions based on DerScanner statistics (DerScanner LOC, DerScanner info level vulnerabilities, DerScanner low level vulnerabilities, DerScanner medium level vulnerabilities, DerScanner critical vulnerabilities, DerScanner scan duration, DerScanner score). ### DerScanner Integration via The Command Line Runner {#teamcity_clr}

To integrate into the TeamCity process via The Command Line Runner:

  1. Add Build Step with Command Line runner type in Build Configuration Settings.
  2. Develop a script to run the scan in DerScanner:
    • the project and environment settings are accessible via %key% (Predefined Build Parameters);
    • scan start script example:
    java -jar <path>/clt.jar -rest http://<installation_address>/app/api/v1 -token xxx -name TeamCityCLTTest -languages JAVA -type FILE -path %teamcity.build.checkoutDir

When creating a Build Step with Command Line runner type, use Custom script as Run, rather than Executable with parameters.

The following example uses PowerShell Build Step. This script starts the scan, gets its ID, and waits for its completion. After the scan is complete, you can download the PDF report via CLI.

$out = java -jar <path>\clt.jar -rest http://<installation_address>/app/api/v1 -token xxx -name TeamCityTest -languages JAVA -type FILE -path %teamcity.build.checkoutDir%;
$sep = "ScanUuid: ";
$line = $out.Where{$_.Contains($sep)}.Item(0);
$splitted = $line -split $sep;
$id = $splitted[1];

For ($i=0; $i -lt 12; $i++) {
    $out = java -jar <path>\clt.jar -rest http://<installation_address>/app/api/v1 -token xxx -cmd status -scanid $id;
    $sep = "Status: ";
    $line = $out.Where{$_.Contains($sep)}.Item(0);
    $splitted = $line -split $sep;
    $status = $splitted[1];
    write-host $( '##teamcity[message text=''{0}'']' -f $status );
    if ($status -eq "Scan completed"){
        break;
    }
    Start-Sleep -s 5;
}
java -jar <path>\clt.jar -rest http://<installation_address>/app/api/v1 -token xxx -cmd export -scanid $id –path <path> -default;