Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
ci-auto-orb: nowsecure/ci-auto-orb@1.2.1
Use ci-auto-orb
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
Executes security test using NowSecure AUTO.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
auto_url | url for nowsecure auto API | No | https://lab-api.nowsecure.com | string |
auto_token | API token, visit https://docs.nowsecure.com/auto/integration-services/jenkins-integration to generate token | No | $AUTO_TOKEN | string |
auto_group | Specify group if you belong to multiple groups | No | $AUTO_GROUP | string |
auto_dir | Specify artifacts-dir where security artifacts will be stored | No | /tmp/workspace/nowsecure-auto-security-test | string |
auto_file | Specify absolute path of mobile binary, you would need to attach workspace to this plugin step | Yes | - | string |
auto_wait | Specify maximum time to wait for results, if you specify 0 then plugin will not wait for the results | No | '30' | string |
auto_score | Specify minimum score the app should get from security testing, if you specify 0 then score will not be evaulated otherwise build will be marked as failure if security score is below this number | No | '50' | string |
auto_username | Specify test username for automation testing | No | '' | string |
auto_password | Specify test password for automation testing | No | '' | string |
auto_show_status_messages | Specify flag to show status messages from automation testing | No | 'false' | string |
auto_stop_tests_on_status | Specify flag to show status messages from automation testing | No | '' | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
# CircleCI config for Auto Mobile Security Testing
# See https://docs.nowsecure.com/auto/integration-services/jenkins-integration/
# https://github.com/nowsecure/auto-circleci-plugin
version: 2.1
description: NowSecure AUTO provides fully automated, mobile appsec testing coverage
display:
source_url: https://github.com/nowsecure/auto-circleci-plugin
home_url: https://www.nowsecure.com/
executors:
default:
description: Java docker container to use when running the NowSecure AUTO orb
docker:
- image: circleci/openjdk:8-jdk-node
environment:
TERM: dumb
commands:
mobile_security_test:
description: Executes security test using NowSecure AUTO.
parameters:
# url for nowsecure auto API
auto_url:
description: url for nowsecure auto API
type: string
default: https://lab-api.nowsecure.com
# API token, visit https://docs.nowsecure.com/auto/integration-services/jenkins-integration to generate token
auto_token:
description: API token, visit https://docs.nowsecure.com/auto/integration-services/jenkins-integration to generate token
type: string
default: $AUTO_TOKEN
# Specify group if you belong to multiple groups
auto_group:
description: Specify group if you belong to multiple groups
type: string
default: $AUTO_GROUP
# Specify artifacts-dir where security artifacts will be stored
auto_dir:
description: Specify artifacts-dir where security artifacts will be stored
type: string
default: "/tmp/workspace/nowsecure-auto-security-test"
# Specify absolute path of mobile binary, you would need to attach workspace to this plugin step
auto_file:
description: Specify absolute path of mobile binary, you would need to attach workspace to this plugin step
type: string
# Specify maximum time to wait for results, if you specify 0 then plugin won't wait for the results
auto_wait:
description: Specify maximum time to wait for results, if you specify 0 then plugin will not wait for the results
type: string
default: "30"
# Specify minimum score the app should get from security testing, if you specify 0 then score won't be evaulated otherwise build will be marked as failure if security score is below this number
auto_score:
description: Specify minimum score the app should get from security testing, if you specify 0 then score will not be evaulated otherwise build will be marked as failure if security score is below this number
type: string
default: "50"
# Specify test username for automation testing
auto_username:
description: Specify test username for automation testing
type: string
default: ""
# Specify test password for automation testing
auto_password:
description: Specify test password for automation testing
type: string
default: ""
# Specify flag to show status messages from automation testing
auto_show_status_messages:
description: Specify flag to show status messages from automation testing
type: string
default: "false"
# Specify flag to show status messages from automation testing
auto_stop_tests_on_status:
description: Specify flag to show status messages from automation testing
type: string
default: ""
steps:
- attach_workspace:
at: /tmp/workspace
- run: curl -Ls https://github.com/nowsecure/auto-circleci-plugin/archive/1.2.1.tar.gz | tar -xzf - -C .
- run:
command: cd auto-circleci-plugin-1.2.1 && ./gradlew run -Dauto.url=<< parameters.auto_url >> -Dauto.token=<< parameters.auto_token >> -Dauto.dir=<< parameters.auto_dir >> -Dauto.file=<< parameters.auto_file >> -Dauto.group=<< parameters.auto_group >> -Dauto.wait=<< parameters.auto_wait >> -Dauto.score=<< parameters.auto_score >> -Dauto.username=<<parameters.auto_username>> -Dauto.password=<<parameters.auto_password>> -Dauto.show.status.messages=<<parameters.auto_show_status_messages>> -Dauto.stop.tests.on.status=<<parameters.auto_stop_tests_on_status>>
no_output_timeout: 90m
- persist_to_workspace:
root: /tmp/workspace
paths:
- nowsecure-auto-security-test/*
- store_artifacts:
path: /tmp/workspace/nowsecure-auto-security-test
destination: nowsecure-auto-security-test