Drone is a relatively new continuous delivery platform built on docker. It can easily be integrated with various services such as GitHub, GitLab, or Bitbucket.
Since it is built on docker RIPS can be quickly integrated using our rips-cli docker container.
This article refers to Drone version 0.8.
In the most straightforward setup RIPS can be used as one of the build steps inside your
.drone.yml file. The following example showcases this setup that breaks the build if the analysis detects more than one security vulnerability:
- rips-cli -vvv rips:scan:start -a <app_id> -p /data/src/ -t 1
The required configuration options (RIPS_BASE_URI, RIPS_USERNAME, RIPS_PASSWORD) can be provided with environment variables and/or secret storage directly via drone (see documentation).
drone secret add --repository your/repository --image rips/rips-cli --name RIPS_USERNAME --value your-username
drone secret add --repository your/repository --image rips/rips-cli --name RIPS_PASSWORD --value your-secret-password
You will find your token here: https://your-drone-instance/account/token
You can test your build step by using the docker image mentioned in the above configuration (it will scan the directory you are currently in):
docker run --rm -it -v $PWD:/data -e RIPS_BASE_URI=api -e RIPS_USERNAME=username -e RIPS_PASSWORD=password rips/rips-cli rips:scan:start -a app_id -p /data -t 1
Since it is the rips-cli that is running in the docker container it is best to consult the rips-cli documentation to find out more commands and configuration options.