This article is about General Codeship Configuration.

Using SourceClear For Security Analysis

Estimated Reading Time: 1 min

About SourceClear

SourceClear is as service for automatically testing and reporting on your application’s security vulnerabilities. Their documentation does a great job of providing more information, in addition to the setup instructions below.

Codeship Pro

Setting Your API Token

To start, you need to add your SourceClear API token to your encrypted environment variables that you encrypt and include in your codeship-services.yml file.

Adding Commands

After adding the API token, you will need to add the following commands to a script, placed in your repository, that you will call from your codeship-steps.yml file:

curl -sSL https://download.sourceclear.com/ci.sh | bash

Note that if you are using parallel test steps then you likely only want to call this script once, as it’s own step, rather than as part of your test steps themselves.

Codeship Basic

Setting Your API Token

To start, you need to add your SourceClear API token to your environment variables.

You can do this by navigating to Project Settings and then clicking on the Environment tab.

Adding Commands

After adding the API token, you’ll just need to add the SourceClear command to your project’s test commands. The command to add is:

curl -sSL https://download.sourceclear.com/ci.sh | bash

Note that if you are using parallel test pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.

Need More Help?

Get in touch if you need more help, or post on Stack Overflow using the tag #Codeship.

  • Ask The Helpdesk A Question
  • Code Examples And Sample Projects
    • Was This Article Helpful?