Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with Jenkins will be demonstrated.
After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.
To run Mobb within Jenkins, select “Jenkins”.
You will be presented with a sample Jenkinsfile script that you can use within a Jenkins pipeline.
Example 1 - Jenkins + GitHub Repo
This example uses the following combinations of tools to achieve the integration:
SCM: GitHub Repo
CI/CD: Jenkins
SAST Tool: Snyk
This particular example uses Snyk as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice.
def MOBBURLpipeline { agent any// Setting up environment variables environment { MOBB_API_KEY = credentials('MOBB_API_KEY') SNYK_API_KEY = credentials('SNYK_API_KEY') GITHUBREPOURL ='https://github.com/antonychiu2/testrepo'//change this to your GitHub Repository URL } tools { nodejs 'NodeJS' } stages {// Checkout the source code from the branch being committed stage('Checkout') { steps { checkout scmGit( branches: [[name: '$ghprbActualCommit']], extensions: [], userRemoteConfigs: [[ credentialsId: '2760a171-4592-4fe0-84da-2c2f561c8c88', refspec: '+refs/pull/*:refs/remotes/origin/pr/*', url: "${GITHUBREPOURL}"]] ) } }// Run SAST scan stage('SAST') { steps { sh 'npx snyk auth $SNYK_API_KEY' sh 'npx snyk code test --sarif-file-output=report.json' } } } post {// If SAST scan complete with no issues found, pipeline is successful success { echo 'Pipeline succeeded!' }// If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis failure { echo 'Pipeline failed!' script { MOBBURL = sh(returnStdout: true, script:'npx mobbdev@latest analyze -f report.json -r $GITHUBREPOURL --ref $ghprbSourceBranch --api-key $MOBB_API_KEY --ci')
.trim() } echo 'Mobb Fix Link: $MOBBURL'// Provide a "Mobb Fix Link" in the GitHub pull request page as a commit status step([$class: 'GitHubCommitStatusSetter', commitShaSource: [$class: 'ManuallyEnteredShaSource', sha: '$ghprbActualCommit'], contextSource: [$class: 'ManuallyEnteredCommitContextSource', context: 'Mobb Fix Link'], reposSource: [$class: 'ManuallyEnteredRepositorySource', url: '$GITHUBREPOURL'], statusBackrefSource: [$class: 'ManuallyEnteredBackrefSource', backref: "${MOBBURL}"], statusResultSource: [$class: 'ConditionalStatusResultSource', results: [[$class: 'AnyBuildResult', message: 'Click on "Details" to access the Mobb Fix Link', state: 'SUCCESS']]]
]) } }}
For a demonstration of how this integration works, you can visit the following YouTube video:
You can find a detailed step-by-step guide on how to run SAST to automatically detect code vulnerabilities and automatically fix them using Mobb on every pull request using GitHub and Jenkins pipeline here.
Example 2 - Jenkins + GitLab Repo
This example uses the following combinations of tools to achieve the integration:
SCM: GitLab Repo
CI/CD: Jenkins
SAST Tool: Checkmarx One
def MOBBURLpipeline { agent { label 'agent1' } environment { MOBB_API_KEY = credentials('MOBB_API_KEY') CX_TENANT = credentials('CX_TENANT') CX_API_TOKEN = credentials('CX_API_TOKEN') CX_BASE_AUTH_URI = credentials('CX_BASE_AUTH_URI') CX_BASE_URI = credentials('CX_BASE_URI') } tools { nodejs 'NodeJS' } stages { stage('Checkout') { steps { git branch: "${gitlabSourceBranch}", url: "${gitlabSourceRepoHomepage}" } } stage('Initialize') { steps {// Updates GitLab MR Commit Status with the pipeline in "pending" state updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'pending' } } stage('SAST') { steps {// This step downloads the Checkmarx One CLI and executes a SAST Scan on the code sh """ wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
tar -xf checkmarx.tar.gz ./cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN ./cx configure set --prop-name cx_base_auth_uri --prop-value $CX_BASE_AUTH_URI ./cx configure set --prop-name cx_base_uri --prop-value $CX_BASE_URI ./cx configure set --prop-name cx_tenant --prop-value $CX_TENANT ./cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch --threshold "sast-high=1"
""" } } } post {// If SAST scan complete with no issues found, pipeline is successful success { echo 'Pipeline succeeded!' updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'success' }// If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis failure { echo 'Pipeline failed!' script { MOBBURL = sh(returnStdout: true, script:'npx mobbdev@latest analyze -f cx_result.json -r ${gitlabSourceRepoHomepage%"/"} --ref $gitlabBranch --api-key $MOBB_API_KEY --ci')
.trim() } echo "Mobb Fix Link: ${MOBBURL}"//Sends th Mobb Link to the GitLab Merge Request via a comment. addGitLabMRComment(comment: "[Click here for the Mobb Autofix link](${MOBBURL})") updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'failed' } }}
