BluBracket provides a Docker image to scan for secrets as part of your CI pipeline. To configure, run the following docker image on your pull request build.
BluBracket CI/CD secret scanning is only supported for Pull Requests.
Prerequisite: It is required that your existing repos be monitored by BluBracket.
Docker Run Command
docker run \ -e SYSTEM_PULLREQUEST_PULLREQUESTNUMBER="<PR Number>" \ -e BLUBRACKET_CI_CD_API="https://my_tenant.blubracket.com/api/analyzer/commit/scan" \ -e BLUBRACKET_CI_CD_TOKEN="TOKEN_FROM_API_KEY" \ -e BUILD_REPOSITORY_URI=“https URL of repo” \ -it blubracket/ci-cd-scan:latest
The following four pipeline variables need to be created whether you are creating a new pipeline or using an existing pipeline:
Value: Create a BluBracket Integration API token
Steps to create a BluBracket API token:
Value: https://[your BluBracket tenant name]/api/analyzer/commit/scan
Value: This should be set to the HTTPS URL of the repo, usually this will be available as a variable in the CI pipeline. For Example:
In Gitlab CI, the variable is $CI_PROJECT_URL
In Bitbucket pipelines, the variable is $BITBUCKET_GIT_HTTP_ORIGIN
Value: This should be set to the pull request number, usually this will be available as a variable in the CI pipeline. For Example:
In Gitlab CI, the variable is $CI_MERGE_REQUEST_IID
In Bitbucket pipelines, the variable is $BITBUCKET_PR_ID