Skip to main content
McAfee MVISION Cloud

Integrate MVISION Cloud Inline APIs with Jenkins, GitHub, and Bitbucket

McAfee MVISION Cloud provides a security solution for customers to evaluate the DevOps templates in both offline and inline mode. Using inline mode, you can integrate the repository and CI/CD tools with MVISION Cloud inline APIs to check for security vulnerabilities present in the DevOps template file. Currently, MVISION Cloud supports evaluating DevOps templates for AWS and Azure, including Terraform support.

This procedure uses the cloud version of GitHub, Bitbucket, and publicly accessible Jenkins.

Prerequisites

  1. Create a repository on GitHub. For details, see New Repo on GitHub.
  2. Create a Bitbucket repository. For details, see Create a repository in Bitbucket.

Install Jenkins

NOTE: Use VMs (AWS and Azure) rather than a physical computer. Open RDP port 3389 and Custom TCP port 8080 in the AWS Security group where the Jenkins EC2 instance resides.

install_jenkins.png

 

Install Jenkins on Ubuntu

To install Jenkins on Ubuntu:

  1. Install Java using the following command:

    sudo apt install openjdk-8-jre-headless

  2. Install git using the Ubuntu instructions here: https://help.ubuntu.com/lts/serverguide/git.html
  3. Install JSON processor library using the below command

    sudo apt-get install jq

  4. Install Jenkins using the Jenkins instructions here: Install Jenkins on Ubuntu

Configure Jenkins

Once Jenkins is installed, configure GitHub, Bitbucket, and the Jenkins integration with MVISION Cloud inline APIs.

  1. Go to the Jenkins URL (http://<ip-address:port>).
    configure_jenkins.png
  2. Follow the instructions on the page to set up Jenkins. Click Continue.
  3. Click Install Suggested Plugins for Jenkins.
    customize_jenkins.png
  4. It installs the suggested plugins as shown.
    getting_started_jenkins.png
  5. Create an admin user by filling in the required credentials. Click Save and Continue.
    create_first_admin_jenkins.png
  6. After Jenkins is configured, you see the screen Jenkins is ready!
    jenkins_is_ready.png
  7. Click Start using Jenkins.
  8. The Welcome to Jenkins screen displays.
    welcome_to_jenkins.png
  9. In the Jenkins homepage, click Manage Jenkins > Manage Plugins. 
    manage_jenkins_plugins.png
  10. The Git plugin is installed by default in Jenkins. You don't have to install it.
    • To configure GitHub only, skip to step 15.
    • To integrate BitBucket, in the Manage Plugins page, click the Available tab and search for Bitbucket.
  11. Select the Bitbucket plugin, and click Download now and install after restart.
    bitbucket_plugin.png
  12. Select the checkbox Restart Jenkins when the installation is complete and no jobs are running. 
    restart_jenkins.png   
  13. Jenkins restarts.
  14. In the Jenkins homepage, click Manage Jenkins. You go to the Manage Jenkins page. Click Manage Plugins. 
    manage_jenkins_plugins2.png
  15. In the Manage Plugins page, click the Advanced tab. In the Upload Plugins sections, click Choose file, select the file shiftleft-inline-1.0.0.0.hpi, and click Upload
    upload_plugin.png
  16. Once the installation is complete, select the checkbox Restart Jenkins when installation is complete and no jobs are running. Jenkins restarts and you see the following screen.
    restart_jenkins2.png
  17. In the Jenkins homepage, click Credentials > System > Global credentials (unrestricted). You go to the Global credentials (unrestricted) page:
    global_credentials.png
  18. Click Add Credentials. Enter the credentials of the GitHub repository, and click OK.
  19. Repeat the previous step to add credentials to the BitBucket repository, McAfee MVISION Cloud application.
    bitbucket_repository.png
  20. Go to the Jenkins homepage. Click Create new jobs > Freestyle Project.
  21. Enter a name for the job, and click OK.
    enter_item_name.png
  22. Click Configure on the job page. You see the following page:
    configure_job.png
  • For GitHub, under the General tab, select the option GitHub project and the GitHub repository URL as shown:
    general_tab.png
  • For BitBucket, under the General tab, don't select anything.
    general_bitbucket.png
  1. Select Git under Source Code Management and enter the repository URL and select the repository credentials from the menu.
    source_code_management.png
  • For GitHub, select the GitHub hook trigger for GITScm polling under the Build Triggers section as shown:
    github_hook_trigger.png
  • For BitBucket, under Build Triggers select Build when a change is pushed to Bitbucket.
    build_triggers.png
  1. Select Use secret test(s) or file(s) under the Build Environment section. Click Add under Bindings section, Select Username and password (separated) as shown.
    bindings.png
  2. Enter MVISION_USERNAME in the Username variable text box and MVISION_PASSWORD in the Password Variable and select the MVISION Cloud credentials from the menu.
    mvision_username.png
  3. For Ubuntu VM, In the Build section, click Add build step and select Execute Shell and paste the below shell script in the text area then click Save.
    ubuntu_vm.png
# The below statement needs to be executed to find the list of files changed in the last push to the repo
git log HEAD -1 --name-only --oneline --pretty="format:" > shift_left_${BUILD_NUMBER}.txt 

# For all files to be evaluated, run below instead
# find ./ -type f \( -iname \*.yaml -o -iname \*.yml -o -iname \*.tf -o -iname \*.json\) > shift_left_${BUILD_NUMBER}.txt
  1. In the Build section, click Add build step and select McAfee MVISION Cloud's - Shift Left Inline Integration.
    add_build_step.png
  2. From the following option in Jenkins, select Enable Shift Left Inline Integration.
    enable_shift_left.png
  3. From the menus, select the cloud service provider for DevOps templates you want to evaluate, and select your MVISION Cloud environment. 
    csp.png
  4. Click Save/Apply.

Configure GitHub

To configure GitHub:

  1. Select the repository you want to integrate in GitHub, and navigate to Settings > Webhooks > Add Webhook. You see the Add webhook page.
  2. Populate the following values:
    • Payload URL with value <<jenkins-url/github-webhook/>>. Use the public IP of Jenkins.
    • Select the content type as application/json.

configure_github.png

The GitHub and Jenkins integration with MVISION Cloud inline plugin is complete.

Any time you push to the GitHub repository triggers a build in Jenkins, which in turn performs the MVISION Cloud integration to check for vulnerabilities present in the DevOps template pushed to the repository.

Configure Bitbucket

To configure Bitbucket:

  1. In Bitbucket, select the repository you want to integrate. 
  2. Go to Settings > Webhooks > Add Webhook. The Add new webhook page opens.
  3. Add a Title, and enter the Jenkins URL bitbucket-hook/.
    configure_bitbucket.png
  4. Click Save.

The integration of Bitbucket and Jenkins with inline API is complete.

Any push to the Bitbucket repo triggers a build in Jenkins, which in turn calls the MVISION Cloud inline APIs to check for vulnerabilities present in the DevOps template committed in Bitbucket.

  • Was this article helpful?