Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • Install Docker and Docker Pipeline plugins(if not already installed)
  • Install Environment Variables
  • Install Threat Agent in Pipeline
  • Install Threatrix Docker in Pipeline

Was this helpful?

  1. Integrations
  2. Build Integrations

Jenkins Pipeline

PreviousGitLab PipelineNextSCM Integrations

Last updated 7 months ago

Was this helpful?

Install Docker and Docker Pipeline plugins(if not already installed)

  • Navigate to Manage Jenkins

  • Manage Plugins

  • Select the "Installed" tab and enter "docker" in the filter box

  • From the results, you should find Docker Plugin and Docker Pipeline as shown below

Install Environment Variables

  • Grab your orgId and entityId credentials from your profile

  • Create and copy an API Key from your profile or Service Key from your admin dashboard (Admin -> Integration -> Service Keys)

  • Go to "Manage Jenkins" > "Manage Credentials"

  • Choose a Store

  • Choose a Domain

  • Go to "Add Credentials"

  • Select "SecretToken"

  • Configure the following Credentials

    • THREATRIX_OID (orgId from profile)

    • THREATRIX_EID (one entityID from your list of Entities)

    • THREATRIX_API_KEY(your personal API Key from profile or Service Key from Admin)

Install Threat Agent in Pipeline

  • Navigate to the pipeline into which you wish to install Threatrix scan agent

  • Click configure and navigate to the bottom of page to edit "Pipeline" script

  • After the stage(s) where you pull your project(s) into the workspace on the build server, add the following stage snippet to your Pipeline script

stage('Threatrix Scan') {
	environment {
		THREATRIX_OID = credentials('THREATRIX_OID')
		THREATRIX_EID = credentials('THREATRIX_EID')
		THREATRIX_API_KEY = credentials('THREATRIX_API_KEY')
	}
	steps {
		script {
				sh 'curl -LJO https://github.com/threatrix/threat-matrix/releases/download/agent-release-latest/threat-agent-latest.jar > /tmp/threatagent.jar'
				sh 'java -jar threatagent.jar --oid=${THREATRIX_OID} --eid=${THREATRIX_EID} --api-key=${THREATRIX_API_KEY} ./'
			}
		}
	}        
}

Install Threatrix Docker in Pipeline

  • Navigate to the pipeline into which you wish to install Threatrix scan agent

  • Click configure and navigate to the bottom of page to edit "Pipeline" script

  • After the stage(s) where you pull your project(s) into the workspace on the build server, add the following stage snippet to your Pipeline script

        stage('Threatrix Scan') {
            environment {
                THREATRIX_OID = credentials('THREATRIX_OID')
                THREATRIX_EID = credentials('THREATRIX_EID')
                THREATRIX_API_KEY = credentials('THREATRIX_API_KEY')
            }
            steps {
                script {
                        sh 'sudo docker pull threatrix/threat-agent'
                        sh 'sudo docker run --rm --name threatrix-threat-agent -v $(pwd):/app threatrix/threat-agent --oid=${THREATRIX_OID} --eid=${THREATRIX_EID} --api-key=${THREATRIX_API_KEY} ./'
                    }
                }
            }        
        }