Jenkins

Mobb can be integrated into any CI/CD platform of your choice. In this guide, the process of integration with Jenkins will be demonstrated.

After logging into Mobb, select the last option in the menu: “Connect Mobb to Your Workflow”.

To run Mobb within Jenkins, select “Jenkins”.

You will be presented with a sample Jenkinsfile script that you can use within a Jenkins pipeline.

Example 1 - Jenkins + GitHub Repo

This example uses the following combinations of tools to achieve the integration:

SCM: GitHub Repo
CI/CD: Jenkins
SAST Tool: Checkmarx One

This particular example uses Checkmarx One as the SAST scanner, however, you may want to modify the script to use the SAST tool of your choice.

def MOBBURL

pipeline {
    agent any
    // Setting up environment variables
    environment {
        MOBB_API_KEY = credentials('MOBB_API_KEY')
        CX_API_TOKEN = credentials('CX_API_TOKEN')
        GITHUBREPOURL = 'https://github.com/antonychiu2/testrepo' //change this to your GitHub Repository URL
    }
    tools {
        nodejs 'NodeJS'
    }
    stages {
        // Checkout the source code from the branch being committed
        stage('Checkout') {
            steps {
                checkout scmGit(
                    branches: [[name: '$ghprbActualCommit']], 
                    extensions: [], 
                    userRemoteConfigs: [[
                        credentialsId: '2760a171-4592-4fe0-84da-2c2f561c8c88', 
                        refspec: '+refs/pull/*:refs/remotes/origin/pr/*', 
                        url: "${GITHUBREPOURL}"]]
                        )

            }
        }
        // Run SAST scan
        stage('SAST') {
            steps {
                sh 'wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz'
                sh 'tar -xf checkmarx.tar.gz'    
                sh './cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN'
                sh './cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch  --threshold "sast-high=1"'
            }
        }
    }
    post {
        // If SAST scan complete with no issues found, pipeline is successful
        success {
            echo 'Pipeline succeeded!'
        }
        // If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
        failure {
            echo 'Pipeline failed!'

                script {
                    MOBBURL = sh(returnStdout: true,
                                script:'npx mobbdev@latest analyze -f cx_result.json -r $GITHUBREPOURL --ref $ghprbSourceBranch --api-key $MOBB_API_KEY  --ci')
                                .trim()
                }     
            echo 'Mobb Fix Link: $MOBBURL'
            // Provide a "Mobb Fix Link" in the GitHub pull request page as a commit status
            step([$class: 'GitHubCommitStatusSetter', 
                    commitShaSource: [$class: 'ManuallyEnteredShaSource', sha: '$ghprbActualCommit'], 
                    contextSource: [$class: 'ManuallyEnteredCommitContextSource', context: 'Mobb Fix Link'], 
                    reposSource: [$class: 'ManuallyEnteredRepositorySource', url: '$GITHUBREPOURL'], 
                    statusBackrefSource: [$class: 'ManuallyEnteredBackrefSource', backref: "${MOBBURL}"], 
                    statusResultSource: [$class: 'ConditionalStatusResultSource', 
                        results: [[$class: 'AnyBuildResult', message: 'Click on "Details" to access the Mobb Fix Link', state: 'SUCCESS']]]
            ])
        }
    }
}

For a demonstration of how this integration works, you can visit the following YouTube video:

You can find a detailed step-by-step guide on how to run SAST to automatically detect code vulnerabilities and automatically fix them using Mobb on every pull request using GitHub and Jenkins pipeline here.

Example 2 - Jenkins + GitLab Repo

This example uses the following combinations of tools to achieve the integration:

SCM: GitLab Repo
CI/CD: Jenkins
SAST Tool: Checkmarx One

def MOBBURL
pipeline {
    agent { label 'agent1' }
    environment {
        MOBB_API_KEY = credentials('MOBB_API_KEY')
        CX_API_TOKEN = credentials('CX_API_TOKEN')
    }
    tools {
        nodejs 'NodeJS'
    }
    stages {
        stage('Checkout') {
            steps {
                git branch: "${gitlabSourceBranch}", url: "${gitlabSourceRepoHomepage}"
            }
        }
        stage('Initialize') {
            steps {
              // Updates GitLab MR Commit Status with the pipeline in "pending" state
              updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'pending'
            }
        }
        stage('SAST') {
            steps {
                    // This step downloads the Checkmarx One CLI and executes a SAST Scan on the code
                    sh """
                    wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
                    tar -xf checkmarx.tar.gz
                    ./cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN
                    ./cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch  --threshold "sast-high=1" 
                    """
            }
        }
    }
    post {
        // If SAST scan complete with no issues found, pipeline is successful
        success {
            echo 'Pipeline succeeded!'
            updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'success'
        }
        // If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
        failure {
            echo 'Pipeline failed!'
            script {
                MOBBURL = sh(returnStdout: true,
                            script:'npx mobbdev@latest analyze -f cx_result.json -r ${gitlabSourceRepoHomepage%"/"} --ref $gitlabBranch --api-key $MOBB_API_KEY --ci')
                            .trim()
            }     

            echo "Mobb Fix Link: ${MOBBURL}"
            //Sends th Mobb Link to the GitLab Merge Request via a comment. 
            addGitLabMRComment(comment: "[Click here for the Mobb Autofix link](${MOBBURL})")
            updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'failed'
        }
    }
}

PreviousAzure DevOps NextCircleCI

Last updated 6 months ago

Was this helpful?