Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Multi-factor Authentication
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
      • Conan support
      • GCC / CLANG (Linux)
      • Visual Studio / CL (Windows)
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page
  • Integration with Meterian-Docker-Scanner
  • Integration with the Meterian Client

Was this helpful?

  1. CI INTEGRATIONS

Generic CI

Integrating Meterian into your CI platform is very simple and it requires very few .steps. In this section we will explain the different type of integrations.

The only prerequisite is a Meterian API Token

To retrieve a Meterian API Token visit the Meterian Dashboard; in your account select the tab "Tokens" and create a new one, or use an existing one.

API tokens are available only on paid account. To upgrade your subscription, please contact us.

Set the METERIAN_API_TOKEN

  • Specify a secret variable named “METERIAN_API_TOKEN” in the “Environment” section of your CI platform

Integration with Meterian-Docker-Scanner

Easy version

Pre-requisites: Docker, Bash and WGet

In the CI taks / Pipeline add this snippet:

wget -q https://raw.githubusercontent.com/MeterianHQ/meterian-scanner-docker/master/scripts/meterian-docker-ci

bash meterian-docker-ci [Meterian CLI Options]

Advanced version

Pre-requisites: Docker

In the CI taks / Pipeline add this snippet:

docker pull --quiet meterian/cli
docker run --rm --volume ${PWD}:/workspace --env METERIAN_API_TOKEN=$METERIAN_API_TOKEN meterian/cli [Meterian CLI Options]

What does it do?

The latest version of the Meterian Dockerized client will be downloaded into the CI machine and it will run the Meterian analysis against your project

Integration with the Meterian Client

Pre-requisites: Java8, Languages package managers

In the CI tasks / Pipeline add this snippet:

wget -N https://www.meterian.io/downloads/meterian-cli.jar

java -jar meterian-cli.jar [Meterian CLI Options]

What does it do?

The latest version of the Meterian Thin Client will be downloaded to the workspace of your CI task and it will run the Meterian analysis against your project.

The Meterian Thin Client is a Java native application written in Java8, so you will need a suitable JRE installed to your CI environment.

It also requires the package managers for the projects languages:

for example for a NodeJS application it will need to be running in a working NodeJS/NPM installation compatible with your project. This rule applies to every platform.

Learn more about the Meterian Client here.

PreviousConcourse CINextGitLab CI/CD

Last updated 4 years ago

Was this helpful?