Scanning with the CodeLogic SQL Agent (Docker)
The CodeLogic SQL Agent for Docker provides an easy way to integrate CodeLogic scanning into your build process.
Generate the Docker Image
- Click Admin and then select the Installers tab.
- Locate the SQL Agent Docker Image tile and click Generate.
- Enter your CodeLogic Server IP address or hostname.
- Enter the username and password for accessing the database.
- Enter a connection string. Do not include the username and password with the connection string.
- JDBC string for relational databases such as PostgreSQL, Oracle and MySql
- Mongo string for MongoDB
- Bolt string for Neo4j databases
- Optionally, enter a database name.
- Click Next.
-
Copy your code snippet from the Success! window.
Docker Options Examples
- --pull always - ensures that you will always get the newest image
- --env CODELOGIC_HOST="https://codelogic.com" - passes an environment variable representing the IP address or hostname of the CodeLogic Server
- --env AGENT_UUID="1f5d0bbc-0924-4c6f-828c-532627c33178" - passes an environment variable for the agent UUID
- --env AGENT_PASSWORD="AahlDFNbb0PyU378" - passes an environment variable for the agent password
- codelogic.com/codelogic_sql:latest - tells docker to download the sql agent codelogic_sql:latest from the CodeLogic Server
- See Docker Documentation for more docker options.
Run the Docker Image
Tip
You can copy and paste the code snippet directly into your Jenkins file.
- Analyze a relational database
analyze -a yourApp -c jdbc:postgresql://localhost:5432/sampledb -u postgres_user -pwd postgres_pass
For more information, see Binary Scanning via Command Line (SQL).
View Scan Results
* Select the Search tab.
* Expand the application to view items and their dependencies.
Important
ScanSpaces should be unique to users or processes to avoid the inadvertent removal of previous scan sessions. The --expunge-scan-sessions
option removes all previous scan sessions with the same fingerprint, even if they were created by another user.
The fingerprint is a collection of parameters specified when scanning. In the example below, the Java agent fingerprint is these parameters:
--application
, --method-filter
, --path
, --scan-space-name
, and --type
.
For example, a Continuous Integration (CI) pipeline scan, perhaps in a Jenkinsfile, is initiated as part of a build whenever there is a code merge. These scans are stored by the CodeLogic Server in the Development ScanSpace.
The command in the Jenkinsfile is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development
.
A developer runs the same analysis using the CLI using CLI options that result in the same fingerprint but with the --expunge-scan-sessions
option.
The developer's command is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development --expunge-scan-sessions
.
Since the fingerprints match, all previous scans in the Development
ScanSpace on the CodeLogic server are removed.
This can be avoided by each user using their own ScanSpaces. A ScanSpace is created when the --scan-space-name
option is used, if it does not already exist.
Although a default ScanSpace is used if none is specified, always specifying a ScanSpace that is unique to a user is recommended.