Just a quick post on integrating IaC scanning into Jenkins with the Accurics CLI. This example will detect security violations in your Terraform provisioning along with any drift in config from running cloud resources in build. Super cool stuff!
Steps
- Download CLI: From the Accurics dashboard for your chosen environment hit Download CLI. This will download the Accurics binary and config file. The config file is needed to associate the scan results with your Accurics account and specific environment.
- Add Step to your Jenkins pipeline file: You can optionally set the -fail flag to stop the build if violations are detected. The CLI will produce reports in both html and json formats. For this example I have also optionally requested that Jenkins publish the HTML report as a build artifact.
Here is what the results look like from within Jenkins for a failed pipeline.
And the resulting html report:
Looks like I have some violations to address for the new infrastructure definition for the jeffsbooks app but currently no drift from my running application and cloud environment 👍
This was a super quick example on integrating IaC scanning for Terraform into a Jenkins pipeline. The Accurics CLI has many other options and support for other provisioning tools such as Helm, Kustomize, CFT, Ansible, ARM, CDM, etc.
If any questions come up or help is needed feel free to drop me a line.
Cheers,
Jeff
Oldest comments (0)