Using the Dockerized image can be convenient as it contains, by default, all the tools you need to run your analysis: you won't need to install anything else. However, when a complex pipeline is used, in presence of a docker-in-docker setup or when specific version of the tooling is needed, you can always revert to the Java Thin client. This will require you to install all the tools you need but it will grant you greater control to the specifics of the environment, including of course specific version of tools.
When creating the pipeline, or just by opening the Edit panel, rember to set the METERIAN_API_TOKEN environment variable. Please note that checking the 'Keep this value secret' option will prevent the script from working as it will not be able to read it
To retrieve a Meterian API Token visit the Meterian Dashboard; in your account select the tab "Tokens" and create a new one, or use an existing one.
API tokens are available only on paid accounts: to upgrade your subscription, please contact us.
How does it work
When the script specified in the configuration file is executed, the latest version of the Meterian client gets downloaded in the home folder of the machine and the Meterian client is launched against the source code.
At the end of the scan the pipeline task will pass or fail depending on the scan results.