CodeThreat - Knowledge Center
CodeThreatGithub
  • Latest
    • v2409 Cloud Upgrades, Repo Monitoring, Path Exclusion, and New JS/TS Rulesets
  • Product Updates
    • v2402 GenAI, Sarif and New Language Supports
    • v2401 SCA Release
    • v2311.30
    • v2310.29
    • v2309.30
    • v2308.30
    • v2307.25
    • v2306.26
    • v2305.26
    • v2304.23
  • Privacy Policy
  • Terms of Service
  • Company Handbook
  • Usage Guide
    • API Documentation
    • CT Server Installation
      • Deploy with Docker
      • Self-Hosted Server Setup
      • Installation
    • Introducing CodeThreat
    • Create a CodeThreat Account
    • Quick Start & Scan
    • HomePage
    • Projects
      • Overview
      • Scans
      • SCA(Software Composition Analysis)
      • Licences
      • Dependency Tree
      • Project Structure
      • Report
    • Issues
      • Issue List
      • Issue List Filter
      • Issue Detail
    • Integrations
      • Azure
      • Github
      • Gitlab
      • Jira
    • CI-CD Integrations
      • GitHub Actions
      • Jenkins
      • Gitlab
      • Bamboo
      • Azure
    • Notifications
    • Settings
      • General
      • SMTP
      • License
      • OAUTH Apps
        • Azure
        • Github
        • GitLab
      • Organizations
      • Scan Policy
      • Users & Groups
      • Notifications
      • Access Token
Powered by GitBook
On this page

Was this helpful?

  1. Usage Guide
  2. CI-CD Integrations

Bamboo

PreviousGitlabNextAzure

Last updated 11 months ago

Was this helpful?

Bamboo is a continuous integration and continuous delivery (CI/CD) tool developed by Atlassian. The CodeThreat Bamboo plugin allows you to add security scans to your Bamboo CI/CD workflows. This integration enhances the security of your projects by helping to detect vulnerabilities at an early stage. Below are the steps for installing and configuring the Codethreat Bamboo plugin, along with an example task configuration:

CodeThreat Bamboo Plugin Installation

  • Installing the Plugin: Upload the CodeThreat Bamboo plugin to your Bamboo server. This is typically done through Bamboo's Manage Apps or Add-ons section.

  • Creating a Task within a Plan: Navigate to an existing or new Bamboo plan and click on the Tasks tab. From there, use the Add task option to add a CodeThreat Scan Task to your plan.

Task Configuration

After adding the task, you will encounter a configuration window like the one below. There are some mandatory fields in this window that you need to fill out:

  • Username and Password or Token: The username and password or access token for your CodeThreat account. These details are used to authorize CodeThreat scans.

  • Organization Name: The name of your organization registered in CodeThreat.

  • Project Name: The name of the project you want to scan, which will be created on CodeThreat.

Failure Conditions

Max Number High/Critical: These settings allow the pipeline to be considered failed based on the number of findings at a certain level of criticality. For example, 5 critical findings could cause the pipeline to stop.

Weaknesses: This setting stops the pipeline if weaknesses of a certain type are found. Multiple types of weaknesses can be specified, separated by commas. For example, “.*injection” or ".*injection,buffer.over.read,mass.assigment”

Condition: This setting determines how failure conditions are evaluated. The "AND" option requires all conditions to be met; "OR" indicates that meeting any one condition is sufficient.

— In addition

Policy Name: Determines under which security policy the scan will be conducted. The default is "Advanced Security," but different policies can also be selected.

Base URL: The URL of the server where CodeThreat is running. For example,.

https://codethreat.example.com