Sample YAML files for CI/CD Integration
Note: Refer the sample YAML files given in this section and configure
them accordingly for other CICD tools with the help of your Devops Engineers.
Sample Linux Executable YAML File
stages:
- pqc-scan
variables:
GIT_DEPTH: "0" #Full clone depth to include .git directory.
pqc_code_scan:
stage: pqc-scan
image: ubuntu:latest
before_script:
# Prerequisite: Agent binary, `config.ini`, and `secret.key`
# Prerequisite: Provide executable permission to agent.
- chmod +x ./code-scan-agent
# Prerequisite: Prepare output + log directories.
- mkdir -p scan-output scan-logs
script:
# Single mandatory execution step: runs the scan agent with required arguments. Provide the location of source code in argument --input-folder which was checkout or cloned.
- ./code-scan-agent \
--input-folder /path/to/source-directory" \
--output-folder scan-output \
--config /path/to/config.ini \
--log-dir scan-logs \
--key s/path/to/secret.key
artifacts:
paths:
- scan-output
- scan-logs
expire_in: 1 weekSample Docker Executable YAML File
stages:
- pqc-scan
variables:
GIT_DEPTH: "0" # Full clone depth to include .git directory.
pqc_code_scan:
stage: pqc-scan
image: ubuntu:latest
before_script:
# Prerequisite: Agent image, `config.ini`, and `secret.key` .
- docker load -i code-scan-agent-image-v1.0.0.tar.gz
# Prerequisite: Prepare output + log directories.
- mkdir -p output-folder log-folder
script:
# Single mandatory execution step: runs the scan agent with required arguments. Provide the location of source code in argument --input-folder which was checked out or cloned.
- |
docker run --rm \
-v "/path/to/input-folder:/input-folder-name" \
-v "/path/to/output-folder:/output-folder" \
-v "/path/to/config.ini:/config.ini" \
-v "/path/to/secret.key:/secret.key" \
-v "/path/to/log-folder:/logs" \
code-scan-agent:v1.0.0 \
--input-folder /input-folder-name \
--output-folder /output-folder \
--log-dir /logs \
--config /config.ini \
--key /secret.key
artifacts:
paths:
- output-folder
- log-folder
expire_in: 1 week