Jenkins
Integrate Inkog into Jenkins pipelines for automated AI agent security scanning.
Quick Start
Add Inkog to your Jenkinsfile:
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
stages {
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Security Scan') {
steps {
sh 'inkog . -output json > inkog-results.json'
}
}
}
}Basic Pipeline
Minimal configuration for security scanning.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Inkog Security Scan') {
steps {
sh 'inkog . -output text'
}
}
}
post {
always {
echo 'Security scan completed'
}
}
}Pipeline with Build Gate
Fail the build if critical or high severity issues are found.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Inkog Security Scan') {
steps {
script {
def exitCode = sh(
script: 'inkog . -severity high -output json > inkog-results.json',
returnStatus: true
)
if (exitCode == 1) {
error('Security findings detected! Check inkog-results.json')
} else if (exitCode == 2) {
error('Inkog scan failed to execute')
}
}
}
}
stage('Build') {
steps {
sh 'npm run build'
}
}
}
post {
always {
archiveArtifacts artifacts: 'inkog-results.json', allowEmptyArchive: true
}
failure {
echo 'Pipeline failed - check security scan results'
}
}
}HTML Report Pipeline
Generate and publish HTML reports.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Security Scan') {
steps {
sh 'inkog . -output html > inkog-report.html'
sh 'inkog . -output json > inkog-results.json'
}
}
}
post {
always {
// Archive artifacts
archiveArtifacts artifacts: 'inkog-*.html, inkog-*.json', allowEmptyArchive: true
// Publish HTML report
publishHTML(target: [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'inkog-report.html',
reportName: 'Inkog Security Report'
])
}
}
}Scheduled Security Scans
Run security scans on a schedule.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
triggers {
// Run daily at 2 AM
cron('0 2 * * *')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Full Security Scan') {
steps {
sh 'inkog . -output html > inkog-report.html'
sh 'inkog . -output json > inkog-results.json'
}
}
stage('Notify') {
steps {
script {
def results = readJSON file: 'inkog-results.json'
def critical = results.all_findings.count { it.severity == 'CRITICAL' }
def high = results.all_findings.count { it.severity == 'HIGH' }
if (critical > 0 || high > 0) {
emailext(
subject: "Inkog Alert: ${critical} critical, ${high} high findings",
body: "Security scan found issues. See attached report.",
attachmentsPattern: 'inkog-report.html',
to: 'security@company.com'
)
}
}
}
}
}
post {
always {
archiveArtifacts artifacts: 'inkog-*.html, inkog-*.json', allowEmptyArchive: true
}
}
}Multi-Branch Pipeline
Scan different branches with appropriate thresholds.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Security Scan') {
steps {
script {
// Stricter for main/production
def severity = (env.BRANCH_NAME == 'main' || env.BRANCH_NAME == 'production')
? 'medium'
: 'high'
sh "inkog . -severity ${severity} -output json > inkog-results.json"
}
}
}
stage('Check Results') {
steps {
script {
def results = readJSON file: 'inkog-results.json'
def findings = results.all_findings.size()
if (findings > 0 && env.BRANCH_NAME == 'main') {
error("${findings} security findings on main branch")
}
}
}
}
}
}Parallel Scanning
Scan multiple directories in parallel.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Parallel Scans') {
parallel {
stage('Scan Backend') {
steps {
sh 'inkog ./backend -output json > backend-results.json'
}
}
stage('Scan Agents') {
steps {
sh 'inkog ./agents -output json > agents-results.json'
}
}
stage('Scan Workflows') {
steps {
sh 'inkog ./workflows -output json > workflows-results.json'
}
}
}
}
stage('Aggregate Results') {
steps {
script {
def total = 0
['backend', 'agents', 'workflows'].each { dir ->
def results = readJSON file: "${dir}-results.json"
total += results.all_findings.size()
}
echo "Total findings across all directories: ${total}"
}
}
}
}
}Environment Configuration
Configure Inkog via environment variables.
pipeline {
agent any
environment {
INKOG_API_KEY = credentials('inkog-api-key')
CI = 'true' // Enables quiet mode
}
stages {
stage('Install Inkog') {
steps {
sh 'curl -fsSL https://inkog.io/install.sh | sh'
}
}
stage('Security Scan') {
steps {
sh 'inkog . -output json > results.json'
}
}
}
}Exit Codes
| Code | Meaning | Action |
|---|---|---|
0 | No findings | Continue pipeline |
1 | Findings detected | Fail or warn based on threshold |
2 | Scan error | Investigate and retry |
Best Practices
- Use curl install script for fast, consistent installation
- Store API key in Jenkins credentials (named
inkog-api-key) - Archive artifacts for audit trail
- Publish HTML reports for visibility
- Set severity thresholds appropriate to branch
- Schedule daily scans for comprehensive coverage
- Notify on critical findings via email or Slack
Related
Last updated on