Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
Employee

How to Secure your Code and Docker Container Images in a Jenkins CICD pipeline with CG SourceGuard

SourceGuard was developped by Itamar Lavender and his team and is in Beta. It is one of the SAST scanners under development at Checkpoint that can do both source code scanning with a Repository like Github but container images as well.

Please refer the github page below to learn how to deploy and start performing DevSecOps SAST or Static Application Security Testing. It is available for everyone to test via the infinity portal

https://github.com/chkp-dhouari/SourceGuard

SourceGuard can be integrated with any CICD server like Jenkins, GitLab or AWS CodePipeline to perform SAST at various stages of the application build. 

In the Github page below, I described how to create a jenkins pipeline as code to deploy a node.js application using a docker container and add sourceguard SAST security as part of that CICD pipeline

https://github.com/chkp-dhouari/Jenkins-SourceGuard

                 cicd.png

3 Replies
Highlighted

I'm trying to poke SourceGuard with some random code on Windows. As per instruction, I did the portal registration and onboarding.

No matter what -src title I gave, I'm always getting back "Error: repository URL is missing" error. Do you have some test "vulnerable" code to practice against? Is it possible to publish it to your git?

P.S. It the voice-over missing in this video YouTube - SourceGuard Demo?

0 Kudos
Highlighted
Employee
Employee

it will scan a git dir. you need to install git on your laptop then make a dir. do git init and do git add the files that you want to scan

I am working on updating the github page and creating a new video this week

let me know if this helps

 

0 Kudos
Highlighted

I spend a few more hours trying SourceGuard to accept some piece of code without any luck. It throwing the same error. If it is not to difficult, please provide more details on using the tool.

Obviously I do not have developer background but did Git course some time ago and (hopefully) understand the concept of code control.

0 Kudos