Jenkins

Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with Jenkins will be demonstrated.

After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.

To run Mobb within Jenkins, select “Jenkins”.

You will be presented with a sample Jenkinsfile script that you can use within a Jenkins pipeline.

Example 1 - Jenkins + GitHub Repo

This example uses the following combinations of tools to achieve the integration:

  • SCM: GitHub Repo

  • CI/CD: Jenkins

  • SAST Tool: Snyk

This particular example uses Snyk as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice.

def MOBBURL

pipeline {
    agent any
    // Setting up environment variables
    environment {
        MOBB_API_KEY = credentials('MOBB_API_KEY')
        SNYK_API_KEY = credentials('SNYK_API_KEY')
        GITHUBREPOURL = 'https://github.com/antonychiu2/testrepo' //change this to your GitHub Repository URL
    }
    tools {
        nodejs 'NodeJS'
    }
    stages {
        // Checkout the source code from the branch being committed
        stage('Checkout') {
            steps {
                checkout scmGit(
                    branches: [[name: '$ghprbActualCommit']], 
                    extensions: [], 
                    userRemoteConfigs: [[
                        credentialsId: '2760a171-4592-4fe0-84da-2c2f561c8c88', 
                        refspec: '+refs/pull/*:refs/remotes/origin/pr/*', 
                        url: "${GITHUBREPOURL}"]]
                        )

            }
        }
        // Run SAST scan
        stage('SAST') {
            steps {
                sh 'npx snyk auth $SNYK_API_KEY'
                sh 'npx snyk code test --sarif-file-output=report.json'
            }
        }
    }
    post {
        // If SAST scan complete with no issues found, pipeline is successful
        success {
            echo 'Pipeline succeeded!'
        }
        // If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
        failure {
            echo 'Pipeline failed!'

                script {
                    MOBBURL = sh(returnStdout: true,
                                script:'npx mobbdev@latest analyze -f report.json -r $GITHUBREPOURL --ref $ghprbSourceBranch --api-key $MOBB_API_KEY  --ci')
                                .trim()
                }     
            echo 'Mobb Fix Link: $MOBBURL'
            // Provide a "Mobb Fix Link" in the GitHub pull request page as a commit status
            step([$class: 'GitHubCommitStatusSetter', 
                    commitShaSource: [$class: 'ManuallyEnteredShaSource', sha: '$ghprbActualCommit'], 
                    contextSource: [$class: 'ManuallyEnteredCommitContextSource', context: 'Mobb Fix Link'], 
                    reposSource: [$class: 'ManuallyEnteredRepositorySource', url: '$GITHUBREPOURL'], 
                    statusBackrefSource: [$class: 'ManuallyEnteredBackrefSource', backref: "${MOBBURL}"], 
                    statusResultSource: [$class: 'ConditionalStatusResultSource', 
                        results: [[$class: 'AnyBuildResult', message: 'Click on "Details" to access the Mobb Fix Link', state: 'SUCCESS']]]
            ])
        }
    }
}

For a demonstration of how this integration works, you can visit the following YouTube video:

You can find a detailed step-by-step guide on how to run SAST to automatically detect code vulnerabilities and automatically fix them using Mobb on every pull request using GitHub and Jenkins pipeline here.

Example 2 - Jenkins + GitLab Repo

This example uses the following combinations of tools to achieve the integration:

  • SCM: GitLab Repo

  • CI/CD: Jenkins

  • SAST Tool: Checkmarx One

def MOBBURL
pipeline {
    agent { label 'agent1' }
    environment {
        MOBB_API_KEY = credentials('MOBB_API_KEY')
        CX_TENANT = credentials('CX_TENANT')
        CX_API_TOKEN = credentials('CX_API_TOKEN')
        CX_BASE_AUTH_URI = credentials('CX_BASE_AUTH_URI')
        CX_BASE_URI = credentials('CX_BASE_URI')
    }
    tools {
        nodejs 'NodeJS'
    }
    stages {
        stage('Checkout') {
            steps {
                git branch: "${gitlabSourceBranch}", url: "${gitlabSourceRepoHomepage}"
            }
        }
        stage('Initialize') {
            steps {
              // Updates GitLab MR Commit Status with the pipeline in "pending" state
              updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'pending'
            }
        }
        stage('SAST') {
            steps {
                    // This step downloads the Checkmarx One CLI and executes a SAST Scan on the code
                    sh """
                    wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
                    tar -xf checkmarx.tar.gz
                    ./cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN
                    ./cx configure set --prop-name cx_base_auth_uri --prop-value $CX_BASE_AUTH_URI
                    ./cx configure set --prop-name cx_base_uri --prop-value $CX_BASE_URI
                    ./cx configure set --prop-name cx_tenant --prop-value $CX_TENANT
                    ./cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch  --threshold "sast-high=1" 
                    """
            }
        }
    }
    post {
        // If SAST scan complete with no issues found, pipeline is successful
        success {
            echo 'Pipeline succeeded!'
            updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'success'
        }
        // If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
        failure {
            echo 'Pipeline failed!'
            script {
                MOBBURL = sh(returnStdout: true,
                            script:'npx mobbdev@latest analyze -f cx_result.json -r ${gitlabSourceRepoHomepage%"/"} --ref $gitlabBranch --api-key $MOBB_API_KEY --ci')
                            .trim()
            }     

            echo "Mobb Fix Link: ${MOBBURL}"
            //Sends th Mobb Link to the GitLab Merge Request via a comment. 
            addGitLabMRComment(comment: "[Click here for the Mobb Autofix link](${MOBBURL})")
            updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'failed'
        }
    }
}

Last updated