Skip to content

Scanning with the CodeLogic JavaScript Agent (Docker)

The CodeLogic JavaScript Agent for Docker provides an easy way to integrate CodeLogic scanning into your build process.

  1. Generate the Docker Image
  2. Run the Docker Image
  3. View Scan Results
  4. Adding Custom Certificate Authorities

Generate the Docker Image

  • Click Admin and then select the Installers tab.

DockerAgents.png

  • Locate the JavaScript Agent Docker Image tile and click Generate.
  • Enter your CodeLogic Server IP address or hostname.
  • Enter the directory path to be scanned in the field provided.
  • Click Next.

  • Copy your code snippet from the Success! window.

    Docker Options Examples

    • --pull always - ensures that you will always get the newest image
    • --env CODELOGIC_HOST="https://codelogic.com" - passes an environment variable representing the IP address or hostname of the CodeLogic Server
    • --env AGENT_UUID="1f5d0bbc-0924-4c6f-828c-532627c33178" - passes an environment variable for the agent UUID
    • --env AGENT_PASSWORD="AahlDFNbb0PyU378" - passes an environment variable for the agent password
    • --env SCAN_PATH="/scan" - passes an environment variable for the agent to use when scanning
    • --volume "/tmp/mySimulatedApp:/scan" - mounts the directory /tmp/mySimulatedApp onto the directory /scan so that it is accessible by the docker container
    • codelogic.com/codelogic_javascript:latest - tells docker to download the javascript agent codelogic_javascript:latest from the CodeLogic Server
    • See Docker Documentation for more docker options.

Run the Docker Image

Tip

You can copy and paste the code snippet directly into your Jenkins file.

View Scan Results

  • Select the Search tab.
  • Expand the application to view items and their dependencies.

Adding Custom Certificate Authorities

When running a server with a self-signed certificate or internal certificate authority the following options can be used to add the certificate authority to the docker image.

  • --volume "/home/<user_dir>/cacerts/:/opt/codelogic/certs" - mounts the directory containing your ca certificates into the docker image.
  • --env NODE_EXTRA_CA_CERTS="/opt/codelogic/certs/your-certificate.pem" - loads the certificate authorities from the pem file into the docker image.

CI/CD Scanning

Using the Docker agent with Jenkins

The CodeLogic Java Agent for Docker can be used to scan artifacts in Jenkins pipelines.

Example:

stage('CodeLogic Scan with latest AWS image') {
    when {
        expression { BRANCH_NAME ==~ /(integration|v.*|feature\/.*)/ }
    }
    steps {
        catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
            // Publish CodeLogic Scan
            sh('''
            docker run --pull always --rm --interactive                              \
                 --env "AGENT_UUID=${AGENT_UUID}"                                    \
                 --env "AGENT_PASSWORD=${AGENT_PASSWORD}"                            \
                 --volume ${PWD}:/scan                                               \
                 yourinstance.app.codelogic.com/codelogic_javascript:latest analyze  \
                 --host https://yourinstance.app.codelogic.com                       \
                 --application "Your Application"                                    \
                 -p /scan                                                            \
                 --scan-space-name "Development"                                     \
                 -e
           ''')
        }
    }
}