Nucleus now has a public github where users can contribute their parsers for scan files so that they can be uploaded into Nucleus.
Check out all the available tools here: Nucleus Github
Using Nucleus Scripts in your CI/CD environment
The intent of the Nucleus community python scripts are to help build Nucleus into the CI/CD pipeline in a more efficient way. The general process should look as follows:
- Scan Application with scanning tool
- Post File to Nucleus
Scan Application
When building the application (or at different stages of the development cycle), you should be using a build system such as Jenkins to automate the scanning of an application. This can be done with a multitude of tools, but in this case let's use Brakeman as an example.
Every time you commit changes, you scan with Brakeman. At the end of every day, you scan for the last time and save the brakeman_output.json into a directory within your application.
Post File to Nucleus
Download the community scan plugin for Brakeman to post data to Nucleus. The python script allows you to run it as a cron job, and always taking the scan output from a certain directory at specified intervals.
Edit the python script to include the URL of your Nucleus instance, and your API key which you will need to authenticate to Nucleus.
In this example, every night you could run a cron job to automatically take the brakeman_output.json and sanitize it and post it to your Nucleus project so that Nucleus will always have the latest information.
The cron job would look something like the following:
0 0 * * * python /path/to/python/script.py -i /path/to/brakeman_output.json -o /path/to/nucleus_brakeman_output.json -# <project_id>
This will allow you to automate the population of data from your build system into Nucleus every night or on a schedule of your choosing.
Comments
0 comments
Please sign in to leave a comment.