Socket for Jenkins Jobs
Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for your open source dependencies. It is easy to integrate Socket into your Jenkins Build Process to provide an extra layer of security against Supply Chain Attacks.
Adding Socket to your build process
Requirements
In order to run the Socket CLI you will need the following installed in your Jenkins Runners/Agents
- Python3
- pip
- git
- python3.11-venv
Example Dockerfile of Jenkins with requirements
FROM jenkins/jenkins:2.462.2-jdk17
USER root
RUN apt-get update && apt-get install -y lsb-release
RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \
https://download.docker.com/linux/debian/gpg
RUN echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \
https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
RUN apt-get update && apt-get install -y docker-ce-cli python3 python3-pip python3.11-venv
USER jenkins
RUN jenkins-plugin-cli --plugins "blueocean docker-workflow"
Create your Socket API Key
You can either create your API Key yourself if you have permissions in your socket.dev account or you can have your Admin create it for you with the Reports scope.
-
Log into the socket.dev dashboard
-
Go to Settings
-
Go to the API Tokens tab
-
Select Create API Token
-
Give the token a name like Gitlab API Token
-
Set up the scopes
-
repo
- list
- create
- update
-
full-scans
- list
- create
-
- Click Confirm
- Click on Show key
- Click on the API Token to copy
Setting Socket API Key
-
Log into Jenkins
-
Go to Dashboard -> Manage Jenkins
-
Select
Credentials
-
Go to
System
-
Global Credentials
- Note: This can be whatever level that the Pipeline/Job that Socket will run in has access to
-
Select Add Credentials
-
Scope: Select the level needed for Socket to have access to
-
Secret: Paste the Socket API Key
-
id: SOCKET-API
-
Description: Socket Security API Key
-
-
Click Create
Example adding Socket as a Stage/Step in a Pipeline
- Log into Jenkins
- Select a Pipeline
- Scroll down to
Pipeline
- Add the following stage
stage('run-socket') { steps { script { withCredentials([string(credentialsId: 'SOCKET-API', variable: 'SOCKET_SECURITY_API_KEY')]) { // Run Socket sh "python3 -m venv .venv && PATH=.venv/bin:$PATH && pip install socketsecurity --upgrade && socketcli --target_path ." } } } }
- Save
Example adding Socket as a Build Step in a Job
-
Log into Jenkins
-
Select a job, in the example we selected
socket-example-job
-
Select
Configure
-
Scroll down to
Build Environment
-
Select
Use secret text(s) or file(s)
-
Configure a
Secret Text
-
Variable:
SOCKET_SECURITY_API_KEY
-
Credential should be the Socket API key
-
-
Scroll down to Build Steps
-
Select
Add a build step
-
Select
shell
for the type -
Add the following shell script
python3 -m venv .venv PATH=.venv/bin:$PATH pip install socketsecurity --upgrade socketcli --target_path .
-
Save
Testing pipeline
- Click
Build Now
- Check the console output
Updated 3 months ago