You'll need roughly 3 minutes to read this article.
Gemnasium is a service for analyzing and monitoring the security of your application dependencies.
The Gemnasium documentation does a great job of providing more information, in addition to the setup instructions below.
You will need to add your GEMNASIUM_TOKEN value to the encrypted environment variables that you encrypt and include in your codeship-services.yml file.
There are other options to configure your .gemnasium.yml file that you can set in your encrypted environment variables, as well. See the Gemnasium documentation for a full list.
To use Gemnasium in your CI/CD process, you’ll need to add the Gemnasium CLI to a service in your codeship-services.yml file.
To add the Gemnasium CLI, you will need to add the following command to the Dockerfile for the service you want to run Gemnasium on:
sudo apt-get install gemnasium-toolbelt
Note that this requires the Dockerfile to be using a Debian-based base image. See the Gemnasium documentation for a list of alternative installation instructions.
Once your Gemnasium token is loaded via your environment variables and you have defined a service that installs the Gemnasium CLI, you can run a Gemnasium evaluation during your CI/CD pipeline by passing the Gemnasium CLI commands via the service you have it installed in.
We will combine the Gemnasium authentication and Gemnasium scan commands into a script file that we call from a step:
- name: Gemnasium
service: app
command: gemnasium.sh
Inside this gemnasium.sh script, you will have something similar to:
gemnasium configure $GEMNASIUM-PROJECT-ID
gemnasium eval -f=Gemfile,Gemfile.lock
There is a larger list of possible uses for Gemnasium, and commands you can run, over at the Gemnasium documentation.
Note that the above commands will require that the GEMNASIUM_TOKEN environment variable be set, as instructions earlier. They will also require passing the GEMNASIUM-PROJECT-ID either directly or through an environment variable.
You will need to add your GEMNASIUM_TOKEN value to the your project’s environment variables.
You can do this by navigating to Project Settings and then clicking on the Environment tab.
There are other options to configure your .gemnasium.yml file that you can set in your project’s environment variables, as well. See the Gemnasium documentation for a full list.
To use Gemnasium in your CI/CD process, you’ll need to install the Gemnasium CLI via your project’s setup commands:
go build -o gemnasium
Once your Gemnasium token is loaded via your environment variables and you have installed the Gemnasium CLI, you can run a Gemnasium evaluation during your CI/CD pipeline.
You will need to add the following commands to your project’s setup and test commands
gemnasium configure $GEMNASIUM-PROJECT-ID
gemnasium eval -f=Gemfile,Gemfile.lock
There is a larger list of possible uses for Gemnasium, and commands you can run, over at the Gemnasium documentation.
Note that the above commands will require that the GEMNASIUM_TOKEN environment variable be set, as instructions earlier. They will also require passing the GEMNASIUM-PROJECT-ID either directly or through an environment variable.
Get in touch if you have any further questions. You can either post on Stack Overflow using the tag #codeship or ask us a question via our Helpdesk.
We also have a couple of code examples and sample projects available, that make it easier to get started with Codeship.