Page tree
Skip to end of metadata
Go to start of metadata

Drone is a relatively new continuous delivery platform built on docker. It can easily be integrated with various services such as GitHub, GitLab, or Bitbucket.

Since it is built on docker RIPS can be quickly integrated using our rips-cli docker container.

This article refers to Drone version 0.8.

Setup

In the most straightforward setup RIPS can be used as one of the build steps inside your .drone.yml file. The following example showcases this setup that breaks the build if the analysis detects more than one security vulnerability:

workspace:
  base: /data
  path: src/

pipeline:
  analysis:
    image: rips/rips-cli
    environment:
      - RIPS_BASE_URI=https://api-2.ripstech.com
    secrets:
      - RIPS_USERNAME
      - RIPS_PASSWORD
    commands:
      - rips-cli -vvv rips:scan:start -a <app_id> -p /data/src/ -t 1

Configuration

The required configuration options (RIPS_BASE_URI, RIPS_USERNAME, RIPS_PASSWORD) can be provided with environment variables and/or secret storage directly via drone (see documentation).

Secret Storage

export DRONE_SERVER=https://your-drone-instance
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoidGVzdCIsInR5cGUiOiJ1c2VyIn0.1QZ9ikK6TCQvYcdxYWWWEjIue0s3YWYtX86yClaCxAA
drone secret add --repository your/repository --image rips/rips-cli --name RIPS_USERNAME --value your-username
drone secret add --repository your/repository --image rips/rips-cli --name RIPS_PASSWORD --value your-secret-password

You will find your token here: https://your-drone-instance/account/token

Testing

You can test your build step by using the docker image mentioned in the above configuration (it will scan the directory you are currently in):

docker run --rm -it -v $PWD:/data -e RIPS_BASE_URI=api -e RIPS_USERNAME=username -e RIPS_PASSWORD=password rips/rips-cli rips:scan:start -a app_id -p /data -t 1

Further Reading

Since it is the rips-cli that is running in the docker container it is best to consult the rips-cli documentation to find out more commands and configuration options.

  • No labels