Skip to main content

Integrate the Portal with CI/CD tools

Continuous integration and continuous delivery (CI/CD) are essential to the modern software development lifecycle. To help you build and deliver secure software, ReversingLabs provides official CI/CD integrations for the Spectra Assure Portal that you can use in new and existing software development projects.

More specifically, the Portal can integrate with popular CI/CD services to scan your build artifacts (compiled software packages) for security issues. The artifacts are uploaded to your Portal instance, scanned, and added to a project and package of your choice as a new package version (or as a reproducible build artifact of an existing version).

All successfully scanned artifacts are visible in the Portal interface, and accessible by you and any other Portal users who can access your projects. You can then view the analysis report and manage the artifact like any other package version on the Portal. By default, artifacts uploaded to the Portal through the official integrations have their release status set to "Unreleased" in the project and package they're added to.

Based on the scan results, you can configure the build to fail if major issues are detected, and prevent potentially compromised software from reaching the release stage. You can also download the analysis results in any of the supported report formats, and depending on the integration, display the results directly in the interface of your CI/CD service.

Supported integrationsโ€‹

This section lists the official Portal integrations currently provided by ReversingLabs. All integrations come with usage instructions and examples.

In general, the CI/CD integrations rely on the rl-scanner-cloud Docker image to connect to a Portal instance from the container and upload the artifact to the Portal for scanning.

An active Portal account with a Personal Access Token is required to use the integrations.

Examplesโ€‹

This section lists ready-to-use, realistic examples for Portal integrations. These examples are convenient for quickly testing each integration before you add it to your CI/CD pipelines.

In all the examples, we're using the source code and Maven build instructions for the Struts2 showcase web app, which came with Apache Struts v2.5.28. The examples illustrate a common CI/CD use-case with:

  • the build stage, where the artifact is created
  • the test stage, where the artifact is uploaded to the Portal and scanned
  • the publish stage, where analysis reports are generated in the Portal and optionally stored in a specific location or displayed in the CI/CD service interface

All examples are hosted in public GitHub repositories maintained by ReversingLabs. To try out an example, you can fork or clone its repository. Then, follow the instructions in the repository and use the resources linked in the supported integrations section on this page to modify the configuration if necessary.

All examples require an active Portal account with a Personal Access Token.

Spectra Assure Portal SDKโ€‹

ReversingLabs provides an official SDK (software development kit) for Python that can be used to integrate the Spectra Assure Portal and interact with it in your own applications. The SDK provides access to operations supported by the Spectra Assure APIs.

The SDK library can be installed directly from PyPi as spectra-assure-sdk.

For usage instructions and examples, refer to the documentation in the SDK GitHub repository.