CI/CD Integration - Viper for Java apps


Overview

A vFunction organization can continuously trigger static analysis to monitor for improvements and drift in an application. Continuous static analysis can be configured via a CI/CD pipeline integration.

This integration is used to statically analyze the Application’s binaries when new binaries are deployed. Once the static analysis has completed, it is automatically uploaded to the vFunction Server to be used for monitoring improvements and drift.


Prerequisites

  1. A Service Account for a vFunction Server
  2. A CI/CD pipeline that can, over HTTP or HTTPS, access the vFunction Server
  3. The ability to make configuration changes to the pipeline

Steps to create a Service Account

  1. Log into the vFunction Dashboard, e.g. https://vfunction.organization.com
  2. Click on the person icon in the upper-right corner
  3. Select My Account in the dropdown menu
  4. Click the button to Generate Service Account
  5. Copy the Service Account ID and Password for use in your pipeline

Create a vFunction YAML with the Application’s Details

  1. Create a viper-conf.yaml to be placed in the root of the repository (or in a designated location from which the vFunction Viper process will run):
##### Replace the Sample JAR location with the path to your own binaries

##### Replace the Sample Namespace with your own application's Namespace

archives:
  - /resource-repo-app/build/libs/resource-repo-app-expl.jar
  
app:
  included_packages:
    - com.vfunction.
  1. Place the viper-conf.yaml within the repository, such as Bitbucket, and note the location for use in the next step

Add vFunction variables and scripts into relevant Repository

Follow the steps that are relevant to your organization’s Repository:

Java Linux