Integrate the CLI with CI/CD tools
Continuous integration and continuous delivery (CI/CD) are essential to the modern software development lifecycle. To help you build and deliver secure software, ReversingLabs provides official CI/CD integrations for the Spectra Assure CLI that you can use in new and existing software development projects.
More specifically, the Spectra Assure CLI can integrate with popular CI/CD services to scan your build artifacts (compiled software packages) for security issues. Based on the scan results, you can configure the build to fail if major issues are detected, and prevent potentially compromised software from reaching the release stage. You can also export the scan results as a standalone report file, and depending on the integration, display the results directly in the interface of your CI/CD service.
Supported integrationsโ
This section lists the official Spectra Assure CLI integrations currently provided by ReversingLabs. All integrations come with usage instructions and examples.
In general, the CI/CD integrations rely on the rl-scanner Docker image to run rl-secure
in a container, scan a single build artifact, and generate an analysis report.
A valid, active rl-secure
license with a site key is required to use the integrations.
Examplesโ
This section lists ready-to-use, realistic examples for Spectra Assure CLI integrations. These examples are convenient for quickly testing each integration before you add it to your CI/CD pipelines.
In all the examples, we're using the source code and Maven build instructions for the Struts2 showcase web app, which came with Apache Struts v2.5.28. The examples illustrate a common CI/CD use-case with:
- the build stage, where the artifact is created
- the test stage, where the artifact is scanned with the Spectra Assure CLI
- the publish stage, where analysis reports are generated and stored in a specific location and/or displayed in the CI/CD service interface.
All examples are hosted in public GitHub repositories maintained by ReversingLabs. To try out an example, you can fork or clone its repository. Then, follow the instructions in the repository and use the resources linked in the supported integrations section on this page to modify the configuration if necessary.
All examples require a valid, active rl-secure
license with a site key.