Before you begin:
Generate an Advanced Encryption Standard (AES) key and place the key in a
codeship.aes file in the root of your project directory. Read additional documentation on generating an AES key.
To complete this task:
Edit the text file containing your environment variables, which you encrypt prior to committing your code.
SRCCLR_API_TOKENto the file and set it to the authentication token you generated above.
Save the environment variable file.
Encrypt the environment variables using Jet CLI.
A file is generated, called
env.encryptedin this example, with the encrypted environment variables
jet encrypt env env.encrypted
Before you commit your code, add the env file to your
.gitignore, or delete the file after you create it.
codeship-services.ymlfile, and use the
encrypted_env_filedirective to add your encrypted environment variables from the
env.encryptedfile to your build process:
app: build: image: myorg/appname dockerfile_path: Dockerfile encrypted_env_file: env.encrypted
To scan using Veracode Software Composition Analysis agent-based scanning, in your project, edit the
codeship-steps.ymlfile and add this step after your build step:
- name: sourceclear
command: sh -c "curl -sSL https://download.sourceclear.com/ci.sh | sh”
Commit the changes to your repository.
The next time you run your build through Codeship Pro, Veracode SCA performs an agent-based scan of your repository. For details on configuring your Codeship Pro project, see the Codeship Pro documentation.