Integrating Hakiri with Codeship

Written by: Kelly Andrews
3 min read
Stay connected

At Codeship, we’re pleased to be able to integrate with several third-party products across a variety of areas to ensure your CI/CD workflows are that much smoother. For example, Hakiri is a service for analyzing and monitoring the security of your Rails application dependencies. By using Hakiri, you can be sure that your Ruby gems are up to date and secure.

The Hakiri documentation does a great job of providing more information, in addition to the setup instructions below and our own documentation. We'll cover setups for both Codeship Pro and Codeship Basic.

Codeship Pro

You will need to add your STACK_ID value to the environment variables that you encrypt and include in your codeship-services.yml file.

To generate your stack ID, you can follow the Hakiri documentation.

Manifest file

You will need a Hakiri manifest file to exist in your repo, unless you want to generate a new one each time you run your CI/CD process.

To generate the manifest file (either in CI/CD or locally so that you can commit it to your repository), you will need to follow the instructions below to install the Hakiri Toolbelt and then run the following command:

hakiri manifest:generate

Installing the Hakiri Toolbelt

To use Hakiri in your CI/CD process, you’ll need to add the Hakiri Toolbelt to a service in your codeship-services.yml file.

To install the Hakiri Toolbelt, you will need to add the following command to the Dockerfile for the service you want to run Hakiri on:

gem install hakiri

Note that this requires the Dockerfile to also have Ruby and the gems binary installed.

Running a scan

Once your Hakiri Stack ID is loaded via your encrypted environment variables and you have defined a service that installs the Hakiri Toolbelt, you can run a Hakiri scan during your CI/CD pipeline by passing the Hakiri Toolbelt commands via the service you have it installed in.

For example:

- name: Hakiri
  service: app
  command: hakiri.sh

Inside this hakiri.sh script, you will have something similar to:

hakiri system:scan
hakiri system:sync -s $STACK_ID

There is a larger list of commands you can run over at the Hakiri documentation.

Codeship Basic

For Codeship Basic, you will need to add your STACK_ID value to your project’s environment variables. You can do this by navigating to Project Settings and then clicking on the Environment tab.

To generate your stack ID, you can follow the Hakiri documentation.

Manifest file

You will need a Hakiri manifest file to exist in your repo, unless you want to generate a new one each time you run your CI/CD process.

To generate the manifest file (either in CI/CD or locally so that you can commit it to your repository), you will need to follow the instructions below to install the Hakiri Toolbelt and then run the following command:

hakiri manifest:generate

Installing the Hakiri Toolbelt

To use Hakiri in your CI/CD process, you’ll need to install the Hakiri Toolbelt via your project’s setup commands.

gem install hakiri

Running a scan

Once your Hakiri Stack ID is loaded via your environment variables and you have installed the Hakiri Toolbelt, you can run a Hakiri scan during your CI/CD pipeline.

You will need to add the following commands to your project’s setup and test commands.

For example:

hakiri system:scan
hakiri system:sync -s $STACK_ID

There is a larger list of commands you can run over at the Hakiri documentation.

Stay up to date

We'll never share your email address and you can opt out at any time, we promise.