Harness

Mobb can be integrated into any CI/CD platform of your choice. This guide will demonstrate how to integrate Mobb into a Harness CI pipeline using an existing SAST report.

Setting Up Secrets in Harness

Go to your Harness project.
Navigate to Project Setup → Secrets.
Create the following secrets:

mobb-api-token – Mobb API Token. Learn how to generate one here.
(Optional) cx-token – if you’re using CheckmarxOne for SAST

Creating the Harness Pipeline

In this example, we'll run Checkmarx One as our SAST tool and pass the results to Mobb.

Sample Pipeline YAML

In this sample pipeline, we will run a CheckmarxOne SAST scan to look for vulnerabilities in the checked-out repository. After the scan is complete, the scan result cx_result.json is passed to Mobb for analysis and to generate a fix report.

pipeline:
  name: harness_pipeline
  identifier: harness_pipeline
  projectIdentifier: default_project
  orgIdentifier: default
  tags: {}
  properties:
    ci:
      codebase:
        connectorRef: antonychiu2
        repoName: webgoat
        build: <+input>
  stages:
    - stage:
        name: Checkmarx Scan and Fix
        identifier: Checkmarx
        description: ""
        type: CI
        spec:
          cloneCodebase: true
          caching:
            enabled: true
            override: true
            paths: []
          platform:
            os: Linux
            arch: Amd64
          runtime:
            type: Cloud
            spec: {}
          execution:
            steps:
              - step:
                  type: CheckmarxOne
                  name: CheckmarxOne_1
                  identifier: CheckmarxOne_1
                  spec:
                    mode: orchestration
                    config: default
                    target:
                      type: repository
                      detection: auto
                    advanced:
                      log:
                        level: info
                      fail_on_severity: none
                      args:
                        cli: "--output-path ."
                    auth:
                      access_token: <+secrets.getValue("org.cx-token")>
                      type: apiKey
                    tool:
                      project_name: Webgoat
              - step:
                  type: Run
                  name: Mobb Autofixer
                  identifier: Mobb_Autofixer
                  spec:
                    connectorRef: account.harnessImage
                    image: node:20
                    shell: Sh
                    command: |-
                      echo "Running Mobb with SAST report..."
 
                      npx mobbdev@latest analyze \
                        -f cx_result.json \
                        -r "$CI_REPO_REMOTE" \
                        --ref "$CI_COMMIT_BRANCH" \
                        --api-key <+secrets.getValue("org.mobb-api-token")> \
                        --ci
                  when:
                    stageStatus: All
          sharedPaths:
            - /shared
          buildIntelligence:
            enabled: false

Viewing the Mobb Report Link

Once the pipeline runs successfully, the Mobb report link will appear in the Harness Logs section for the "Mobb Autofixer" step.

You can click the link to open the relevant Mobb report, review the proposed fixes, and apply them back to your repository.

Summary

You are now fully configured to integrate Mobb into your Harness CI pipeline. Mobb will automatically read your SAST reports and generate fixes that you can review and commit with confidence.

For a list of supported SAST formats, visit the System Requirements page.

PreviousBitbucket Pipeline NextAdministration

Last updated 1 month ago

Was this helpful?