Bamboo

The RIPS Bamboo Plugin adds a new Bamboo task that scans your application's source code via your RIPS installation and shows the results in a new tab on the build results page. Bamboo is a software that provides continuous integration functionalities and is developed by Atlassian. You can find an extensive user documentation on how to install and setup Bamboo as well as third-party plugins here.

Plugin on the Marketplace

You can find out more about our Bamboo plugin in our blog post.

Download

PluginRIPS APIBamboo CompatibilityLink
1.1.12.85.14.0 - 6.2.3Download
2.2.22.85.15.0 - 6.7.2Download
3.0.03.x5.15.0 - 6.8.0Download

Configuration

There are various configuration options available that are explained in more detail below. Options annotated with an * are required.

Server Settings

NameDescription
API URL*

URL of the RIPS API that should be used for scanning.
Our SaaS API is available at https://api-3.ripstech.com. This API also works for trial accounts.
For On-premises, make sure to also add the port of your API, for example: http://192.168.201.1:8080
The connection can be checked using the Check API Connection button.

User Email*Email of the RIPS account that should be used for scanning by Bamboo.

Password*

Password of the RIPS account that should be used for scanning by Bamboo. Changing the settings at a later time required re-entering of the password.
UI URLURL of the RIPS user interface of your installation or SaaS Solution (https://saas.ripstech.com). Although the value is optional, leaving it blank will remove the Open in RIPS button on the results page.

Scan Settings

NameDescription
Application*Application under which the scans should be performed. The application list can be refreshed with the Refresh Applications button below.
Version pattern*The version name that will be shown in the RIPS user interface. Its complete customizable by the use of placeholders, which will be replaced.
Scan Timeout*A duration in minutes after which the scan will not be tracked anymore by Bamboo. This will result in a failure and no result information will be gathered. This parameter is only valid for Bamboo - the scan may still be active in the RIPS ecosystem.
Analysis Depth*High analysis depth requires more memory and scan time while a low analysis depth leads to better performance but can miss deeply nested vulnerabilities.

Version Pattern

PatternDescription
{isoDateTime}
Insert timestamp of the scan starting time.
{buildSystem}
Insert "Bamboo".
{buildNumber}
Insert current build number.
{projectName}
Insert plan name.
{projectKey}
Insert plan key.
{branch}
Insert name of current branch.
{commit}Insert short commit id.
{longCommit}
Insert long commit id.

Threshold Settings

Negatively reviewed issues are not counted in this section. Leaving a field blank skips the test.

NameDescription
Maximum of new issuesMaximum number of newly detected issues that are allowed in the build.
Maximum of critical issuesMaximum number of critical issues that are allowed in the build.
Maximum of high issuesMaximum number of high issues that are allowed in the build.
Maximum of medium issuesMaximum number of medium issues that are allowed in the build.
Maximum of low issuesMaximum number of low issues that are allowed in the build.
Add thresholds as tests

Add failed tests if the thresholds defined above are exceeded.

Add found issues as tests

Issues from failed thresholds will be added as failed tests.

Results

There are three kinds of result views that are explained in more detail below: Analysis Results, Aggregated Results, and Summary.

Analysis Results

The results are available from the RIPS tab on the build results page of an individual job. 

SectionDescription
1Scan results including the threshold settings. Breaking values are marked in bold and red.
2Details about the scan that was performed.
3Severity Distribution of all issues that are not negatively reviewed.
4Distribution of new / old issues of all issues that are not negatively reviewed.
5Comparison between the detected issues and the threshold values.

Aggregated Results

Each individual job in Bamboo can use the RIPS plugin to analze source code. We show all jobs that contain an analysis in the "RIPS Aggregated Results" tab on the summary page of each build. 

Summary

The summary shows the analysis results over time for each job of a plan and can be found as a tab on the plan details page.