Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Convert-to-SARIF Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
    • Harness
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • Single Sign-On (SSO)
      • Connecting Okta to Mobb
      • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Example 1 - Jenkins + GitHub Repo
  • Example 2 - Jenkins + GitLab Repo

Was this helpful?

  1. CI/CD Integrations

Jenkins

PreviousAzure DevOpsNextCircleCI

Last updated 16 days ago

Was this helpful?

Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with Jenkins will be demonstrated.

After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.

To run Mobb within Jenkins, select “Jenkins”.

You will be presented with a sample Jenkinsfile script that you can use within a Jenkins pipeline.

Example 1 - Jenkins + GitHub Repo

This example uses the following combinations of tools to achieve the integration:

  • SCM: GitHub Repo

  • CI/CD: Jenkins

  • SAST Tool: Checkmarx One

This particular example uses Checkmarx One as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice.

def MOBBURL

pipeline {
    agent any
    // Setting up environment variables
    environment {
        MOBB_API_KEY = credentials('MOBB_API_KEY')
        CX_API_TOKEN = credentials('CX_API_TOKEN')
        GITHUBREPOURL = 'https://github.com/antonychiu2/testrepo' //change this to your GitHub Repository URL
    }
    tools {
        nodejs 'NodeJS'
    }
    stages {
        // Checkout the source code from the branch being committed
        stage('Checkout') {
            steps {
                checkout scmGit(
                    branches: [[name: '$ghprbActualCommit']], 
                    extensions: [], 
                    userRemoteConfigs: [[
                        credentialsId: '2760a171-4592-4fe0-84da-2c2f561c8c88', 
                        refspec: '+refs/pull/*:refs/remotes/origin/pr/*', 
                        url: "${GITHUBREPOURL}"]]
                        )

            }
        }
        // Run SAST scan
        stage('SAST') {
            steps {
                sh 'wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz'
                sh 'tar -xf checkmarx.tar.gz'    
                sh './cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN'
                sh './cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch  --threshold "sast-high=1"'
            }
        }
    }
    post {
        // If SAST scan complete with no issues found, pipeline is successful
        success {
            echo 'Pipeline succeeded!'
        }
        // If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
        failure {
            echo 'Pipeline failed!'

                script {
                    MOBBURL = sh(returnStdout: true,
                                script:'npx mobbdev@latest analyze -f cx_result.json -r $GITHUBREPOURL --ref $ghprbSourceBranch --api-key $MOBB_API_KEY  --ci')
                                .trim()
                }     
            echo 'Mobb Fix Link: $MOBBURL'
            // Provide a "Mobb Fix Link" in the GitHub pull request page as a commit status
            step([$class: 'GitHubCommitStatusSetter', 
                    commitShaSource: [$class: 'ManuallyEnteredShaSource', sha: '$ghprbActualCommit'], 
                    contextSource: [$class: 'ManuallyEnteredCommitContextSource', context: 'Mobb Fix Link'], 
                    reposSource: [$class: 'ManuallyEnteredRepositorySource', url: '$GITHUBREPOURL'], 
                    statusBackrefSource: [$class: 'ManuallyEnteredBackrefSource', backref: "${MOBBURL}"], 
                    statusResultSource: [$class: 'ConditionalStatusResultSource', 
                        results: [[$class: 'AnyBuildResult', message: 'Click on "Details" to access the Mobb Fix Link', state: 'SUCCESS']]]
            ])
        }
    }
}

For a demonstration of how this integration works, you can visit the following YouTube video:

Example 2 - Jenkins + GitLab Repo

This example uses the following combinations of tools to achieve the integration:

  • SCM: GitLab Repo

  • CI/CD: Jenkins

  • SAST Tool: Checkmarx One

def MOBBURL
pipeline {
    agent { label 'agent1' }
    environment {
        MOBB_API_KEY = credentials('MOBB_API_KEY')
        CX_API_TOKEN = credentials('CX_API_TOKEN')
    }
    tools {
        nodejs 'NodeJS'
    }
    stages {
        stage('Checkout') {
            steps {
                git branch: "${gitlabSourceBranch}", url: "${gitlabSourceRepoHomepage}"
            }
        }
        stage('Initialize') {
            steps {
              // Updates GitLab MR Commit Status with the pipeline in "pending" state
              updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'pending'
            }
        }
        stage('SAST') {
            steps {
                    // This step downloads the Checkmarx One CLI and executes a SAST Scan on the code
                    sh """
                    wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
                    tar -xf checkmarx.tar.gz
                    ./cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN
                    ./cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch  --threshold "sast-high=1" 
                    """
            }
        }
    }
    post {
        // If SAST scan complete with no issues found, pipeline is successful
        success {
            echo 'Pipeline succeeded!'
            updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'success'
        }
        // If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
        failure {
            echo 'Pipeline failed!'
            script {
                MOBBURL = sh(returnStdout: true,
                            script:'npx mobbdev@latest analyze -f cx_result.json -r ${gitlabSourceRepoHomepage%"/"} --ref $gitlabBranch --api-key $MOBB_API_KEY --ci')
                            .trim()
            }     

            echo "Mobb Fix Link: ${MOBBURL}"
            //Sends th Mobb Link to the GitLab Merge Request via a comment. 
            addGitLabMRComment(comment: "[Click here for the Mobb Autofix link](${MOBBURL})")
            updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'failed'
        }
    }
}

You can find a detailed step-by-step guide on how to run SAST to automatically detect code vulnerabilities and automatically fix them using Mobb on every pull request using GitHub and Jenkins pipeline .

here