The RIPS Bamboo Plugin adds a new Bamboo task that scans PHP source code via your RIPS installation and shows the results in a new tab on the build results page. Bamboo is a software that provides continuous integration functionalities and is developed by Atlassian. You can find an extensive user documentation on how to install and setup Bamboo as well as third-party plugins here.
You can find out more about our Bamboo plugin in our blog post.
|1.0 - 1.1||>= 2.8|
|2.0 - 2.1||>= 2.8|
There are various configuration options available that are explained in more detail below. Options annotated with an * are required.
URL of the RIPS API that should be used for scanning. Our SaaS API is available under https://api-2.ripstech.com. The connection can be checked using the Check API Connection button.
|Username*||Username of the RIPS account that should be used for scanning by Bamboo.|
|Password of the RIPS account that should be used for scanning by Bamboo. Changing the settings at a later time required re-entering of the password.|
|UI URL||URL of the RIPS user interface of your installation or SaaS Solution (https://saas.ripstech.com). Although the value is optional, leaving it blank will remove the Open in RIPS button on the results page.|
|Application ID*||ID of the application under which the scans should be performed. The correctness (and existence) of the ID can be checked with the Check Application ID button. It will display if the application was found and also print the name of the application.|
|Version Prefix*||A prefix of the resulting version name that will be shown in the RIPS user interface. The current build number and plan branch name will be attached to the version prefix.|
|Scan Timeout*||A duration in seconds after which the scan will not be tracked anymore by Bamboo. This will result in a failure and no result information will be gathered. This parameter is only valid for Bamboo - the scan may still be active in the RIPS ecosystem.|
|PHP Version*||The PHP Version that should be used for the analysis. It is possible to add wildcards to the version string, the following PHP Version is a valid input: "5.*.*".|
|Analysis Depth*||High analysis depth requires more memory and scan time while a low analysis depth leads to better performance but can miss deeply nested vulnerabilities.|
Sub-directory that should be analyzed. Leave blank to include all files and folders.
|Store Archive||Store the uploaded archive in your RIPS installation.|
|Remove code after scan||Do not store the full source code but only a limit code summary.|
Negatively reviewed issues are not counted in this section. Leaving a field blank skips the test.
|Maximum of new issues||Maximum number of newly detected issues that are allowed in the build.|
|Maximum of critical issues||Maximum number of critical issues that are allowed in the build.|
|Maximum of high issues||Maximum number of high issues that are allowed in the build.|
|Maximum of medium issues||Maximum number of medium issues that are allowed in the build.|
|Maximum of low issues||Maximum number of low issues that are allowed in the build.|
|Add thresholds as tests|
Add failed tests if the thresholds defined above are exceeded.
|Add found issues as tests|
There are three kinds of result views that are explained in more detail below: Analysis Results, Aggregated Results, and Summary.
The results are available from the RIPS tab on the build results page of an individual job.
|1||Scan results including the threshold settings. Breaking values are marked in bold and red.|
|2||Details about the scan that was performed.|
|3||Severity Distribution of all issues that are not negatively reviewed.|
|4||Distribution of new / old issues of all issues that are not negatively reviewed.|
|5||Comparison between the detected issues and the threshold values.|
Each individual job in Bamboo can use the RIPS plugin to analze source code. We show all jobs that contain an analysis in the "RIPS Aggregated Results" tab on the summary page of each build.
The summary shows the analysis results over time for each job of a plan and can be found as a tab on the plan details page.
There is currently a bug with Bamboo that makes it impossible to switch jobs on the summary page (this is only relevant if you have multiple jobs configured with multiple RIPS analysis). To circumvent this you can manually enter the following URL: