Executes the Boost Security Scanner cli tool to scan repositories for vulnerabilities and uploads results to the Boost API. This plugin runs as a command hook.
Add the following to your pipeline.yml:
steps:
- label: "BoostSecurity Scanner"
plugins:
- boostsecurityio/boostsec-scanner#v1:
api_token: 'TOKEN'The plugin may use a version pin containing either the Major, Major.Minor or Major.Minor.Patch in order to control what updates get dynamically pulled in. It is, however, important to understand that Buildkite will not pull in any updates for a plugin it has already downloaded and cached within the agent unless either the agent is restarted or the version pin is changed.
All pipeline options listed below may be configured either by specying the
key:value pair in the plugin configuration or by exporting environment
variables in your buildkite environment. All such environment variables should
be capitalized and prefixed with either BOOST or
BUILDKITE_PLUGIN_BOOST_SECURITY_SCANNER.
Additional CLI args to pass to the boost cli.
Overrides the API endpoint url
The Boost Security API token secret.
NOTE: We recommend you not put the API token directly in your pipeline.yml file. Intead, either expose the environment variable or refer to Builtkite's secrets management document.
Overrides the cli version to download when performing scans. If undefined, this will default to pulling "1".
The relative path of a module within the scanner registry.
Optional identifier to uniquely identify the scanner
Optional identifier to identify a a monorepo component
Optional path within the git repository to execute scanners in.
When this parameter is specified, you must also provide a scan_label to identify the component.
Optional timeout on a diff scan after which the Github check will be marked as failed. This defaults to 120 seconds.
Optional timeout on a main scan after which the Github check will be marked as failed. This defaults to 2 hours.
To run the tests:
make lint
make tests