This article is about General Codeship Configuration.

Using Hakiri

You'll need roughly 3 minutes to read this article.

About Hakiri

Hakiri is a service for analyzing and monitoring the security of your Rails application dependencies.

By using Hakiri you can be sure that your Ruby gems are up to date and secure.

The Hakiri documentation does a great job of providing more information, in addition to the setup instructions below.

Codeship Pro

Setting Your Hakiri Stack ID

You will need to add your STACK_ID value to the encrypted environment variables that you encrypt and include in your codeship-services.yml file.

To generate your stack ID, you can follow the Hakiri documentation.

Manifest File

You will need a Hakiri manifest file to exist in your repo, unless you want to generate a new one each time you run your CI/CD process.

To generate the manifest file (either in CI/CD or locally so that you can commit it to your repository), you will need to follow the instructions below to install the Hakiri Toolbelt and then run the following command:

hakiri manifest:generate

Installing The Hakiri Toolbelt

To use Hakiri in your CI/CD process, you’ll need to add the Hakiri Toolbelt to a service in your codeship-services.yml file.

To install the Hakiri Toolbelt, you will need to add the following command to the Dockerfile for the service you want to run Hakiri on:

gem install hakiri

Note that this requires the Dockerfile to also have Ruby and the gems binary installed.

Running A Scan

Once your Hakiri Stack ID is loaded via your encrypted environment variables and you have defined a service that installs the Hakiri Toolbelt, you can run a Hakiri scan during your CI/CD pipeline by passing the Hakiri Toolbelt commands via the service you have it installed in.

For example:

- name: Hakiri
  service: app
  command: hakiri.sh

Inside this hakiri.sh script, you will have something similar to:

hakiri system:scan
hakiri system:sync -s $STACK_ID

There is a larger list of commands you can run over at the Hakiri documentation.

Codeship Basic

Setting Your Hakiri Stack ID

You will need to add your STACK_ID value to your project’s environment variables.

You can do this by navigating to Project Settings and then clicking on the Environment tab.

To generate your stack ID, you can follow the Hakiri documentation.

Manifest File

You will need a Hakiri manifest file to exist in your repo, unless you want to generate a new one each time you run your CI/CD process.

To generate the manifest file (either in CI/CD or locally so that you can commit it to your repository), you will need to follow the instructions below to install the Hakiri Toolbelt and then run the following command:

hakiri manifest:generate

Installing The Hakiri Toolbelt

To use Hakiri in your CI/CD process, you’ll need to install the Hakiri Toolbelt via your project’s setup commands.

gem install hakiri

Running A Scan

Once your Hakiri Stack ID is loaded via your environment variables and you have installed the Hakiri Toolbelt, you can run a Hakiri scan during your CI/CD pipeline.

You will need to add the following commands to your project’s setup and test commands.

For example:

hakiri system:scan
hakiri system:sync -s $STACK_ID

There is a larger list of commands you can run over at the Hakiri documentation.