Integrating Gemnasium with Codeship

At Codeship, we’re pleased to be able to integrate with several third-party products across a variety of areas to ensure your CI/CD workflows are that much smoother. For example, Gemnasium is a service for analyzing and monitoring the security of your application dependencies. By using Gemnasium, you can be sure that your Ruby gems are up to date and secure.

The Gemnasium documentation does a great job of providing more information, in addition to the Codeship Pro and Codeship Basic setup instructions below.

Let's begin with the Codeship Pro setup for Gemnasium.

You will need to add your GEMNASIUM_TOKEN value to the encrypted environment variables that you encrypt and include in your codeship-services.yml file.

There are other options to configure your .gemnasium.yml file that you can set in your encrypted environment variables as well. See the Gemnasium documentation for a full list.

To use Gemnasium in your CI/CD process, you’ll need to add the Gemnasium CLI to a service in your codeship-services.yml file.

To add the Gemnasium CLI, you will need to add the following command to the Dockerfile for the service you want to run Gemnasium on:

sudo apt-get install gemnasium-toolbelt

This requires the Dockerfile to be using a Debian-based base image. See the Gemnasium documentation for a list of alternative installation instructions.

Once your Gemnasium token is loaded via your environment variables and you have defined a service that installs the Gemnasium CLI, you can run a Gemnasium evaluation during your CI/CD pipeline by passing the Gemnasium CLI commands via the service you have it installed in.

We will combine the Gemnasium authentication and Gemnasium scan commands into a script file that we call from a step:

- name: Gemnasium
  service: app
  command: gemnasium.sh

Inside this gemnasium.sh script, you will have something similar to:

gemnasium configure $GEMNASIUM-PROJECT-ID
gemnasium eval -f=Gemfile,Gemfile.lock

There is a larger list of possible uses for Gemnasium and commands you can run over at the Gemnasium documentation.

The above commands will require that the GEMNASIUM_TOKEN environment variable be set, as instructions earlier. They will also require passing the GEMNASIUM-PROJECT-ID either directly or through an environment variable.

Moving on, let's get Gemnasium set up for Codeship Basic.

You will need to add your GEMNASIUM_TOKEN value to the your project’s environment variables. You can do this by navigating to Project Settings and then clicking on the Environment tab.

There are other options to configure your .gemnasium.yml file that you can set in your project’s environment variables, as well. See the Gemnasium documentation for a full list.

To use Gemnasium in your CI/CD process, you’ll need to install the Gemnasium CLI via your project’s setup commands:

go build -o gemnasium

Once your Gemnasium token is loaded via your environment variables and you have installed the Gemnasium CLI, you can run a Gemnasium evaluation during your CI/CD pipeline.

You will need to add the following commands to your project’s setup and test commands:

gemnasium configure $GEMNASIUM-PROJECT-ID
gemnasium eval -f=Gemfile,Gemfile.lock

There is a larger list of possible uses for Gemnasium, and commands you can run in the Gemnasium documentation.

The above commands will require that the GEMNASIUM_TOKEN environment variable be set, as instructions earlier. They will also require passing the GEMNASIUM-PROJECT-ID either directly or through an environment variable.