After signing up, you will be redirected to the onboarding page. As part of onboarding, you will be prompted to connect Privado with your CI/CD tool to scan the repositories.
If you do not have appropriate permission for Jenkins, invite the relevant team member.
Click on the Jenkins button and we will guide you through on how to integrate Privado with Jenkins. The rest of the knowledge base mimics the documentation in the product.
To run Privado in Jenkins, you will need a recent version of Jenkins Server with the default set of plugins, such as the Pipeline and Credentials plugins. Your Jenkins server or build node needs a running docker daemon to initiate the Privado scan.
Configure Jenkins Pipeline
To create and configure a Jenkins Pipeline:
From the Jenkins web console, create a new Jenkins Pipeline job. You can follow the official Jenkins documentation to create one: Getting started with Pipeline.
Generate a CI API Token by clicking on the Generate API token button and add it as PRIVADO_API_TOKEN in the Jenkins credential store.
In Job Configuration settings, configure the Pipeline section. For the “Pipeline script from SCM” option, place the Jenkins file at the root of your project.
Please note the actual pipeline script is available in the Privado dashboard documentation.
Define values for the environment variables declared in the “Run Privado Scan” stage. These variables are required by the scan process and consumed in the docker run command that follows. While some of the variables are already defined, it is essential to define values for each of those variables.
Notice that the PRIVADO_API_KEY is fetched from the credentials store, which was set in the previous step.
As the scan pipelines complete, the results will appear on the dashboard. Your integration with Jenkins is complete. You can see that from the settings page, under setup as well.