At Codeship, we’re pleased to be able to integrate with several third-party products across a variety of areas to ensure your CI/CD workflows are that much smoother. For example, Gemnasium is a service for analyzing and monitoring the security of your application dependencies. By using Gemnasium, you can be sure that your Ruby gems are up to date and secure.
The Gemnasium documentation does a great job of providing more information, in addition to the Codeship Pro and Codeship Basic setup instructions below.
Codeship Pro
Let's begin with the Codeship Pro setup for Gemnasium.
Setting your Gemnasium token
You will need to add your GEMNASIUM_TOKEN
value to the encrypted environment variables that you encrypt and include in your codeship-services.yml file.
There are other options to configure your .gemnasium.yml
file that you can set in your encrypted environment variables as well. See the Gemnasium documentation for a full list.
Installing the CLI
To use Gemnasium in your CI/CD process, you’ll need to add the Gemnasium CLI to a service in your codeship-services.yml file.
To add the Gemnasium CLI, you will need to add the following command to the Dockerfile for the service you want to run Gemnasium on:
sudo apt-get install gemnasium-toolbelt
This requires the Dockerfile to be using a Debian-based base image. See the Gemnasium documentation for a list of alternative installation instructions.
Running an evaluation
Once your Gemnasium token is loaded via your environment variables and you have defined a service that installs the Gemnasium CLI, you can run a Gemnasium evaluation during your CI/CD pipeline by passing the Gemnasium CLI commands via the service you have it installed in.
We will combine the Gemnasium authentication and Gemnasium scan commands into a script file that we call from a step:
- name: Gemnasium service: app command: gemnasium.sh
Inside this gemnasium.sh
script, you will have something similar to:
gemnasium configure $GEMNASIUM-PROJECT-ID gemnasium eval -f=Gemfile,Gemfile.lock
There is a larger list of possible uses for Gemnasium and commands you can run over at the Gemnasium documentation.
The above commands will require that the
GEMNASIUM_TOKEN
environment variable be set, as instructions earlier. They will also require passing theGEMNASIUM-PROJECT-ID
either directly or through an environment variable.
Codeship Basic
Moving on, let's get Gemnasium set up for Codeship Basic.
Setting your Gemnasium token
You will need to add your GEMNASIUM_TOKEN
value to the your project’s environment variables. You can do this by navigating to Project Settings and then clicking on the Environment tab.
There are other options to configure your .gemnasium.yml
file that you can set in your project’s environment variables, as well. See the Gemnasium documentation for a full list.
Installing the CLI
To use Gemnasium in your CI/CD process, you’ll need to install the Gemnasium CLI via your project’s setup commands:
go build -o gemnasium
Running an evaluation
Once your Gemnasium token is loaded via your environment variables and you have installed the Gemnasium CLI, you can run a Gemnasium evaluation during your CI/CD pipeline.
You will need to add the following commands to your project’s setup and test commands:
gemnasium configure $GEMNASIUM-PROJECT-ID gemnasium eval -f=Gemfile,Gemfile.lock
There is a larger list of possible uses for Gemnasium, and commands you can run in the Gemnasium documentation.
The above commands will require that the
GEMNASIUM_TOKEN
environment variable be set, as instructions earlier. They will also require passing theGEMNASIUM-PROJECT-I
D either directly or through an environment variable.