Getting Started
Getting started with Cimon is as simple as introducing a single step in the pipeline. Running Cimon should be the first step in each of your jobs.
To get Cimon to learn your pipeline, we recommend starting it on "Detect Mode."
- GitHub Actions
- Azure Pipelines
- Jenkins
- GitLab CI
- CLI
- uses: cycodelabs/cimon-action@v0
with:
prevent: true
allowed-hosts: >
objects.githubusercontent.com
proxy.golang.org
storage.googleapis.com
allowed-ips: >
34.121.34.97
With our custom GitHub Action, we automatically run the agent, terminate it gracefully, and generate a neat report for you. To help you generate the preventive policy, the Security Report will guide you through the security profile you need to apply for your build.
Read more about GitHub Actions integration here.
- task: Cimon@0
inputs:
prevent: true
allowedHosts: >
objects.githubusercontent.com
proxy.golang.org
storage.googleapis.com
allowedIps: >
34.121.34.97
With our custom Azure Task, we automatically run the agent, terminate it gracefully, and generate a neat report for you. To help you generate the preventive policy, the Security Report will guide you through the security profile you need to apply for your build.
Read more about Azure Pipelines integration here.
stages {
stage('Install Cimon') {
steps {
sh 'curl -sSfL https://cimon-releases.s3.amazonaws.com/install.sh | sudo sh -s -- -b /usr/local/bin'
}
}
stage('Run Cimon') {
environment {
CIMON_PREVENT = "1"
CIMON_ALLOWED_HOSTS = """
objects.githubusercontent.com
proxy.golang.org
storage.googleapis.com
"""
CIMON_ALLOWED_IPS = """
34.121.34.97
"""
}
steps {
sh 'sudo -E cimon agent start-background'
}
}
...
}
post {
always {
sh 'sudo -E cimon agent stop'
}
}
variables:
CIMON_CLIENT_ID: $CIMON_CLIENT_ID
CIMON_SECRET: $CIMON_SECRET
install_and_start_cimon:
before_script: |
# 'curl' and 'jq' are prerequisite for the installation script.
# change the following line according to the package manager.
apt update && apt install curl jq -y
# Download Cimon
curl -sSfL https://cimon-releases.s3.amazonaws.com/install.sh | sh -s -- -b /usr/local/bin
# Start Cimon
cimon agent start-background
script: |
# Run commands
curl -sm 1 https://cycode.com > /dev/null || true
...
# Stop Cimon
cimon agent stop
The method to run Cimon in Jenkins is through our CLI integration. We provide a method to install the Cimon executable and run it afterward.
Read more about Jenkins integration here.
curl -sSfL https://cimon-releases.s3.amazonaws.com/install.sh | sudo sh -s -- -b /usr/local/bin
sudo -E CIMON_PREVENT=1 CIMON_ALLOWED_HOSTS="objects.githubusercontent.com proxy.golang.org storage.googleapis.com" CIMON_ALLOWED_IPS="34.121.34.97" cimon agent start-background'
<perform CI operations>
sudo -E cimon agent stop
Read more about CLI integration here.
Cycode Authentication
Authenticating is optional for Cycode customers to enhance Cimon's capabilities. You can read more about it here.
The Cimon API key consists of two values: client-id and secret, and can be generated from the Cycode service accounts page.
These values should be saved in a secure secret manager titled CIMON_CLIENT_ID and CIMON_SECRET. For example, this is how it should look in the GitHub Actions secret manager:
Once tokens are installed securely, Cimon can be invoked as follows:
- GitHub Actions
- Azure Pipelines
- Jenkins
- GitLab CI
- uses: cycodelabs/cimon-action@v0
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
- task: Cimon@0
inputs:
clientId: $(CIMON_CLIENT_ID)
secret: $(CIMON_SECRET)
environment {
CIMON_CLIENT_ID = credentials("cimon-client-id")
CIMON_SECRET = credentials("cimon-secret")
}
variables:
CIMON_CLIENT_ID: $CIMON_CLIENT_ID
CIMON_SECRET: $CIMON_SECRET