Meterian
Search…
Concourse CI
Integrate Meterian with Concourse CI pipeline
Assuming you have a working instance of Concourse CI, integrating Meterian only involves a few simple steps. These consist of a secrets pre-configuration to ensure the scan is authenticated and the addition of a task to a pipeline to execute said scan.
Secrets pre-configuration
In a .yml file set the key METERIAN_API_TOKEN as it follows
1
# secrets.yml
2
METERIAN_API_TOKEN: your API token
Copied!
To retrieve a Meterian API Token visit the Meterian Dashboard; in your account select the tab "Tokens" and create a new one, or use an existing one.
API tokens are available only on paid account. To upgrade your subscription, please contact us.
Meterian scan pipeline task
Now prepare a pipeline where the codebase you intend to scan is firstly pulled as a resource and then scanned by the Meterian client (to learn more about the pipeline syntax please refer to the official documentation)
1
# pipeline.yml
2
resources:
3
- name: source-code
4
type: git
5
source:
6
uri: your repository uri
7
branch: the target branch
8
9
jobs:
10
- name: you-job-name
11
plan:
12
- get: source-code
13
trigger: true
14
- task: meterian-scan
15
config:
16
platform: linux
17
image_resource:
18
type: registry-image
19
source:
20
repository: meterian/cli
21
inputs:
22
- name: source-code
23
path: .
24
run:
25
path: /root/entrypoint.sh
26
args: # [ eventual comma-separated arguments for the client ]
27
params:
28
METERIAN_API_TOKEN: ((METERIAN_API_TOKEN))
Copied!
Once done run the following fly client command to apply this pipeline to your Concourse CI instance
1
$ fly -t <Concourse target name> \
2
set-pipeline -p <pipeline name> \
3
-c pipeline.yml \
4
-l secrets.yml
Copied!
This example triggers a build whenever your repository is updated on GitHub. The repository is treated as a git-resource resource arbitrary named "source-code". Note there are countless resources developed by the Concourse CI community so consider consulting their catalog for other alternatives.
Adjustments for private repositories
The above example works great with public repositories but in order to use private repositories the pipeline requires some minor tweaks.
If you haven't already, create and set up deploy keys for your private repository following this guide.
Refer to the resource object and update your repository uri to a git ssh clone uri and add your deploy private key through the private_key attribute as it follows
1
resources:
2
- name: source-code
3
type: git
4
source:
6
branch: main
7
private_key: ((private-key))
Copied!
Now apply the changes through the fly client binding your private key to the variable private-key
1
$ fly -t <Concourse target name> \
2
set-pipeline -p <pipeline name> \
3
-c pipeline.yml \
4
-l secrets.yml \
5
-v private-key="$(cat /path/to/your/private/key)"
Copied!
Caveats
As of now the git-resource always pulls the specified branch in detached mode causing the scan to report a misleading branch name unless the appropriate override is provided. To fix this issue provide the --project-branch arguments with the right branch name to the Meterian scan task
1
- task: meterian-scan
2
config:
3
platform: linux
4
image_resource:
5
type: registry-image
6
source:
7
repository: meterian/cli
8
inputs:
9
- name: source-code
10
path: .
11
run:
12
path: /root/entrypoint.sh
13
args: [ --project-branch=correct-branch-name ]
14
params:
15
METERIAN_API_TOKEN: ((METERIAN_API_TOKEN))
Copied!
A full list of available client arguments can be found here https://docs.meterian.io/the-client/command-line-parameters
Last modified 1mo ago
Copy link