This article is about General Codeship Configuration.

Using SourceClear For Security Analysis

You'll need about one minute to read this article.

About SourceClear

SourceClear is as service for automatically testing and reporting on your application’s security vulnerabilities.

By using SourceClear you can be sure that your application code is tested and secure.

Their documentation does a great job of providing more information, in addition to the setup instructions below.

Codeship Pro

Setting Your API Token

To start, you need to add your SourceClear API token to your encrypted environment variables that you encrypt and include in your codeship-services.yml file.

Adding Commands

After adding the API token, you will need to add the following commands to a script, placed in your repository, that you will call from your codeship-steps.yml file:

curl -sSL https://download.sourceclear.com/ci.sh | bash

Note that if you are using parallel test steps then you likely only want to call this script once, as it’s own step, rather than as part of your test steps themselves.

Codeship Basic

Setting Your API Token

To start, you need to add your SourceClear API token to your environment variables.

You can do this by navigating to Project Settings and then clicking on the Environment tab.

Adding Commands

After adding the API token, you’ll just need to add the SourceClear command to your [project’s test commandsproject’s test commands]. The command to add is:

curl -sSL https://download.sourceclear.com/ci.sh | bash

Note that if you are using parallel test pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.