CICD Pipeline(bit-bucket) DevSecOPS using snyk

snyk.io

Developers would love Snyk because of ease of use and ease of integration and in this article let’s discuss about integrating Snyk with Bit-bucket pipeline, it’s simple easy and straight forward

Step 1: There are some perquisites that you have configure in bit-bucket

Configure bit-bucket app password with the following permissions

Image source : docs.snyk.io

Reference Documentation: https://docs.snyk.io/more-info/getting-started/atlassian-integrations/atlassian/devsecops-bitbucket-cloud/module-1/bitbucket-configuration

Step2: Get Access to your api from snyk dashboard

Step3: Enable the pipeline in Bitbucket

Snyk has default integration with bitbucket pipelines

Step 4: Create and run the pipeline

# This sample is for medium page by nataraj to demo snyk devsecops solution
# SNYK_TOKEN is a repository variable
image: atlassian/default-image:3
pipelines:
  default:
    - parallel:
      - step:
          name: 'Build and Test'
          script:
            - echo "Your build and test goes here..."
      - step:
          name: 'Lint'
          script:
            - echo "Your linting goes here..."
      - step:
            name: "SynkSecurityScanIntegration"
            script:
              - echo "npm install and npm test"
              - npm install
              - npm test
              - echo "Synk  Integration with bitbucket pipeline by Nataraj..."
              - pipe: snyk/snyk-scan:0.5.2
                variables:
                  SNYK_TOKEN: $SNYK_TOKEN
                  LANGUAGE: "npm" # Required unless SNYK_TEST_JSON_INPUT is set
                  # IMAGE_NAME: "<string>" # Only required if LANGUAGE set to "docker"
                  # CODE_INSIGHTS_RESULTS: "<boolean>" # Optional.
                  # SNYK_TEST_JSON_INPUT: "<string>" # Optional. The filename or path of a JSON file containg the output from running a test with the Snyk CLI (with json output option).
                  # PROTECT: "<boolean>" # Optional.
                  # DONT_BREAK_BUILD: "<boolean>" # Optional.
                  # MONITOR: "<boolean>" # Optional.
                  # SEVERITY_THRESHOLD: "<low|medium|high|critical>" # Optional.
                  # ORGANIZATION: "<string>" # Optional.
                  # PROJECT_FOLDER: "<string>" # Optional.
                  # TARGET_FILE: "<string>" # Optional.
                  # EXTRA_ARGS: "<string>" # Optional.
                  # DEBUG: "<boolean>" # Optional.
Note: The pipeline has variables like SNYK_TOKEN and others which has to be defined in the pipeline variables 

Got this pipeline from Mike Doherty account rep from Snyk(he is instantaneous with his communication and responses)

- step:
        name: Run Snyk
        caches:
          - node
        script:
          - npm install
          - curl https://static.snyk.io/cli/latest/snyk-linux -o snyk
          - chmod +x ./snyk
          - ./snyk test > snyk-output.txt

After the pipeline is run you can access the Snyk Dashboard for the list of issues.