Versions Compared

Old Version 19

changes.mady.by.user Branko Marovic

Saved on

compared with

New Version Current

changes.mady.by.user Tomasz Weiss

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleNMaaS

The presented manual is based on the example of the NMaaS project which allows the network operations and engineering community to contribute and construct a portfolio of network management applications that can be easily shared and installed to manage these growing sets of infrastructure. More about NMaaS project can be found here.

1. Bamboo plan.

A dedicated Bamboo plan has been created to launch WS scans of NMaaS components at will.

...

It is worth noting that the scanning process is run within dedicated Docker containers rather than on the Bamboo agents directly. This is a recommended approach.

1.1. Repositories.

The plan uses the same source code repositories as typical plans created for source code integration, Sonar updates or Docker image builds.

1.2. Variables.

On the plan configuration level, a set of variables are defined that can be later on referenced from various tasks executed during the overall WS scan setup and execution process.

...

Some variables can be later on easily managed for the given software project like the product and project versions that are most likely to be bumped from time to time.

1.3. Stages, jobs and tasks.

The NMaaS software is composed of 3 major software components the Platform, Portal and Janitor. Each of them is scanned separately in a dedicated Job under the Default Stage of the plan.

...

The following description will base on the Platform scanning job. The other two are configured in a similar matter.

1.3.1. Checking out the source code repository.

The job starts with the execution of a plain Source Code Checkout task in which only the source code repository needs to be provided as a parameter.

1.3.2. Building Docker image.

Next, a Docker task is executed in order to build the Docker container image on which the scanning process will be launched.

...

We are relying on that some scan configuration files were already added to the sources as the run_ws.sh script.

1.3.3. Running the scan inside the Docker container.

The final task is again a Docker task but this time with the command Run a Docker container.

...

The container is started with the execution of run_ws.sh script in /scan/ws directory.

2. Changes required in the software source code.

In the case of NMaaS, for each of the software components, ws directory was created in the root directory with two files.

...

#!/bin/sh

echo "Downloading WhiteSource Mend agent..."

curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar



echo "Running WhiteSource Mend scan..."

java -jar wss-unified-agent.jar -apiKey ${API_KEY} -projectVersion ${PROJECT_VERSION} -projectToken ${PROJECT_TOKEN} -productVersion ${PRODUCT_VERSION} -productToken ${PRODUCT_TOKEN} -c ws.config -d ../

...

###############################################################

# WhiteSource Mend Unified-Agent configuration file

###############################################################

# GENERAL SCAN MODE: Files and Package Managers

###############################################################

# Organization vitals

######################



# TO BE PROVIDED AS COMMAND PARAMETER

#apiKey=

#userKey is required if WhiteSource Mend administrator has enabled "Enforce user level access" option

#userKey=

#requesterEmail=user@provider.com



#projectName=

# TO BE PROVIDED AS COMMAND PARAMETER

#projectVersion=

# TO BE PROVIDED AS COMMAND PARAMETER

#projectToken=

#projectTag= key:value



#productName=

# TO BE PROVIDED AS COMMAND PARAMETER

#productVersion=

# TO BE PROVIDED AS COMMAND PARAMETER

#productToken=

3. Running the Bamboo plan.

With all the above in place, the user can simply run the plan when desired.

...