Azure DevOps

Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with Azure DevOps Pipeline will be demonstrated.

After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.

To run Mobb within Azure DevOps, select “Azure DevOps”.

You will be presented with a sample yaml script that you can use within an Azure DevOps pipeline. This particular example uses Snyk as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice.

  - '*'

  vmImage: ubuntu-latest

- group: Mobb-demo

- task: NodeTool@0
    versionSource: 'spec'
    versionSpec: '18.x'
  displayName: Install Node 18

- script: |
    #Extracts exact branch name of the active branch
    export ACTIVE_BRANCH=$(echo "$SYSTEM_PULLREQUEST_SOURCEBRANCH" | sed 's/.*\///') 
  displayName: 'Prepare Environment Variables'

- script: |
    wget -O checkmarx.tar.gz
    tar -xf checkmarx.tar.gz
    ./cx configure set --prop-name cx_apikey --prop-value $(CX_API_TOKEN)
    ./cx configure set --prop-name cx_base_auth_uri --prop-value $(CX_BASE_AUTH_URI)
    ./cx configure set --prop-name cx_base_uri --prop-value $(CX_BASE_URI)
    ./cx configure set --prop-name cx_tenant --prop-value $(CX_TENANT)
  displayName: 'Prepare Checkmarx CLI'

- script: |
    # Run Checkmarx scan
    # Threshold setting can be further fine tuned here, i.e. --threshold "sast-high=10; sast-medium=20" will fail the build when the # of issues exceed these numbers for the given severity
    ./cx scan create --project-name $BUILD_REPOSITORY_NAME -s ./ --report-format json --scan-types sast --branch nobranch --threshold "sast-high=1" 
  displayName: 'Run Checkmarx SAST Scan'

- task: PublishBuildArtifacts@1
    pathToPublish: $(System.DefaultWorkingDirectory)/cx_result.json
    artifactName: 'Checkmarx Report'
  condition: always()
  displayName: 'Publish SAST report as artifact'

- script: |

    # Running the Mobb step to conduct fix analysis on the resulting SAST report
    export MOBBURL=$(npx mobbdev@latest analyze -f cx_result.json -r $BUILD_REPOSITORY_URI --ref $ACTIVE_BRANCH --api-key $(MOBB_API_KEY) --ci)
    MOBBURL=$(echo "$MOBBURL" | sed 's/\x1B\[1m//g; s/\x1B\[22m//g') # Remove ANSI formatting characters
    echo Mobb URL: $MOBBURL

    # Update the Pull Request comments section with a dedicated Mobb link that allows users to interface with Mobb UI to customize their fix. 
    chmod +x ./scripts/

  displayName: 'Mobb Autofixer'
  condition: failed()
      SYSTEM_ACCESSTOKEN: $(System.AccessToken)

You can find a detailed implementation guide for this Azure DevOps integration here.

Last updated