Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with Jenkins will be demonstrated.
After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.
To run Mobb within Jenkins, select “Jenkins”.
You will be presented with a sample Jenkinsfile script that you can use within a Jenkins pipeline.
Example 1 - Jenkins + GitHub Repo
This example uses the following combinations of tools to achieve the integration:
SCM: GitHub Repo
CI/CD: Jenkins
SAST Tool: Snyk
This particular example uses Snyk as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice.
def MOBBURL
pipeline {
agent any
// Setting up environment variables
environment {
MOBB_API_KEY = credentials('MOBB_API_KEY')
SNYK_API_KEY = credentials('SNYK_API_KEY')
GITHUBREPOURL = 'https://github.com/antonychiu2/testrepo' //change this to your GitHub Repository URL
}
tools {
nodejs 'NodeJS'
}
stages {
// Checkout the source code from the branch being committed
stage('Checkout') {
steps {
checkout scmGit(
branches: [[name: '$ghprbActualCommit']],
extensions: [],
userRemoteConfigs: [[
credentialsId: '2760a171-4592-4fe0-84da-2c2f561c8c88',
refspec: '+refs/pull/*:refs/remotes/origin/pr/*',
url: "${GITHUBREPOURL}"]]
)
}
}
// Run SAST scan
stage('SAST') {
steps {
sh 'npx snyk auth $SNYK_API_KEY'
sh 'npx snyk code test --sarif-file-output=report.json'
}
}
}
post {
// If SAST scan complete with no issues found, pipeline is successful
success {
echo 'Pipeline succeeded!'
}
// If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
failure {
echo 'Pipeline failed!'
script {
MOBBURL = sh(returnStdout: true,
script:'npx mobbdev@latest analyze -f report.json -r $GITHUBREPOURL --ref $ghprbSourceBranch --api-key $MOBB_API_KEY --ci')
.trim()
}
echo 'Mobb Fix Link: $MOBBURL'
// Provide a "Mobb Fix Link" in the GitHub pull request page as a commit status
step([$class: 'GitHubCommitStatusSetter',
commitShaSource: [$class: 'ManuallyEnteredShaSource', sha: '$ghprbActualCommit'],
contextSource: [$class: 'ManuallyEnteredCommitContextSource', context: 'Mobb Fix Link'],
reposSource: [$class: 'ManuallyEnteredRepositorySource', url: '$GITHUBREPOURL'],
statusBackrefSource: [$class: 'ManuallyEnteredBackrefSource', backref: "${MOBBURL}"],
statusResultSource: [$class: 'ConditionalStatusResultSource',
results: [[$class: 'AnyBuildResult', message: 'Click on "Details" to access the Mobb Fix Link', state: 'SUCCESS']]]
])
}
}
}
For a demonstration of how this integration works, you can visit the following YouTube video:
You can find a detailed step-by-step guide on how to run SAST to automatically detect code vulnerabilities and automatically fix them using Mobb on every pull request using GitHub and Jenkins pipeline here.
Example 2 - Jenkins + GitLab Repo
This example uses the following combinations of tools to achieve the integration:
SCM: GitLab Repo
CI/CD: Jenkins
SAST Tool: Checkmarx One
def MOBBURL
pipeline {
agent { label 'agent1' }
environment {
MOBB_API_KEY = credentials('MOBB_API_KEY')
CX_TENANT = credentials('CX_TENANT')
CX_API_TOKEN = credentials('CX_API_TOKEN')
CX_BASE_AUTH_URI = credentials('CX_BASE_AUTH_URI')
CX_BASE_URI = credentials('CX_BASE_URI')
}
tools {
nodejs 'NodeJS'
}
stages {
stage('Checkout') {
steps {
git branch: "${gitlabSourceBranch}", url: "${gitlabSourceRepoHomepage}"
}
}
stage('Initialize') {
steps {
// Updates GitLab MR Commit Status with the pipeline in "pending" state
updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'pending'
}
}
stage('SAST') {
steps {
// This step downloads the Checkmarx One CLI and executes a SAST Scan on the code
sh """
wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
tar -xf checkmarx.tar.gz
./cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN
./cx configure set --prop-name cx_base_auth_uri --prop-value $CX_BASE_AUTH_URI
./cx configure set --prop-name cx_base_uri --prop-value $CX_BASE_URI
./cx configure set --prop-name cx_tenant --prop-value $CX_TENANT
./cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch --threshold "sast-high=1"
"""
}
}
}
post {
// If SAST scan complete with no issues found, pipeline is successful
success {
echo 'Pipeline succeeded!'
updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'success'
}
// If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
failure {
echo 'Pipeline failed!'
script {
MOBBURL = sh(returnStdout: true,
script:'npx mobbdev@latest analyze -f cx_result.json -r ${gitlabSourceRepoHomepage%"/"} --ref $gitlabBranch --api-key $MOBB_API_KEY --ci')
.trim()
}
echo "Mobb Fix Link: ${MOBBURL}"
//Sends th Mobb Link to the GitLab Merge Request via a comment.
addGitLabMRComment(comment: "[Click here for the Mobb Autofix link](${MOBBURL})")
updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'failed'
}
}
}
