Configure your Codeship Pro project
Before you begin:
Generate an Advanced Encryption Standard (AES) key and place the key in a codeship.aes
file in the root of your project directory. Read additional documentation on generating an AES key.
To complete this task:
-
Edit the text file containing your environment variables, which you encrypt prior to committing your code.
-
Add the
SRCCLR_API_TOKEN
to the file and set it to the authentication token you generated above. -
Save the environment variable file.
-
Encrypt the environment variables using Jet CLI.
A file is generated, called
env.encrypted
in this example, with the encrypted environment variablesjet encrypt env env.encrypted
-
Before you commit your code, add the env file to your
.gitignore
, or delete the file after you create it. -
Edit the
codeship-services.yml
file, and use theencrypted_env_file
directive to add your encrypted environment variables from theenv.encrypted
file to your build process:app: build: image: myorg/appname dockerfile_path: Dockerfile encrypted_env_file: env.encrypted
-
To scan using Veracode Software Composition Analysis agent-based scanning, in your project, edit the
codeship-steps.yml
file and add this step after your build step:- name: sourceclear
service: app
command: sh -c "curl -sSL https://sca-downloads.veracode.com/ci.sh | sh” -
Commit the changes to your repository.
Results:
The next time you run your build through Codeship Pro, Veracode SCA performs an agent-based scan of your repository. For details on configuring your Codeship Pro project, see the Codeship Pro documentation.