Quick Start Guide for Jenkins

version 2.3 or later

1. Prerequisite

1-1. Install Docker

The Sider Scan CLI runs on Docker. Therefore, you need to install Docker on the server where Jenkins is running. If Jenkins itself is running on Docker, you will need to start Docker from the Jenkins server using a method such as DooD (Docker out of Docker). https://docs.docker.com/get-docker/

Please make sure the permission of jenkins user in order to run Docker.

1-2. Install envsubst command

You will need to install the envsubst command on your Jenkins server, which is included in the gettext package. For example, if you use Ubuntu, please type following command.

apt-get install gettext

1-3. Jenkins startup options

Sider Scan will save a detailed report of the analysis results as a Jenkins artifact. In order to view the analysis results by a standard web browser, please set up the Jenkins options as follows:

java -Dhudson.model.DirectoryBrowserSupport.CSP="" -jar jenkins.war

Please be noted that this can be a security risk. Before you set up this option, read carefully the article on the content security policy of Jenkins. https://www.jenkins.io/doc/book/security/configuring-content-security-policy/#customizing-content-security-policy

1-4. Activate Copy Artifact Plugin

In the Jenkins dashboard, click “Manage Jenkins” in the sider menu, and click “Go to plugin manager”. In the plugin manager, search “Copy Artifact Plugin” and “Enable” it.

If you don’t install the “Copy Artifact” yet, you can find it in Available Tab. Please install it.
Once “Copy Artifact” Plugin is installed, please enable it.

2 Build settings

Click “configure” in the side menu, and show the configuration of the project. Configure build settings as follows:

2-1. Activate “Delete workspace before build”

In the “Build Environment” tab, check “Delete workspace before build starts”.

2-2. Add the build step, “Copy from other project”

Next, add “Copy from other project”, and configure following options:

  1. Project: input the same project name to be configured. Sider Scan will review the result of previous analysis.
  2. Build: the latest successful build
  3. Artifact to be copied: output.radump
  4. Optional: checked

2-3. Add the build step, “Execute shell”

After “Copy from other project”, add “Execute shell”. In the “Command” text box, Input the following script.

mkdir scan_result
tmpscanjson=$(mktemp) && envsubst < .siderscan.json > "$tmpscanjson" && mv "$tmpscanjson" .siderscan.json
sudo docker run -e "TZ=Asia/Tokyo" -v $(pwd):/target -w /target --rm sider/sider_scan_runner:latest sider run /target

2-4. Add Post-build Actions, “Archive the artifacts”

Add “Archive the artifacts” in Post-build Actions, and input following script in “Files to archive”.
scan_result/**,output.radump

2-5. Confirmation

Please confirm the build procedure. The right procedure is:

  1. Build – Copy artifacts from another project (See section 2-2)
  2. Build – Execute shell (See section 2-3)
  3. Post-build – Archive the artifacts (See section 2-4)

3. Place the configuration file “.siderscan.json” in the root directory of your repository

Create the following Sider Scan configuration file .siderscan.json, and deploy it to the root directory of your repository.

There are two sections that needs to be edited. Please modify the string of yourname@example.com at the Line number 4 and 14 to the email address you want to receive the analysis report from Sider Scan.

{
  "report": {
    "mail": {
      "to": ["yourname@example.com"],
      "useBuiltInProvider": true
    },
    "language": "en"
  },
  "scan": {
    "result": {
      "url": "${BUILD_URL}artifact"
    }
  },
  "enableSiderScanTracing": {
    "userEmail": "yourname@example.com"
  }
}

You are all set. Every time Jenkins starts the build job, the Sider Scan analyzes source code in the repository. The build timing depends on the configuration of Jenkins. You can start the build process manually by clicking the “Build Now” button in the Jenkins side menu.

For more detail

About the detail options and advanced configuration, please refer to these documents: