CodeNotary
Integrations

Thanks for CodeNotary integration for Jenkins you can make sure that only trusted code, libraries and content is built into your application. The integration does not require any package or plugin installation, but a simple 3 steps configuration from your Jenkins tool.

Requirements

Please install the latest version the CodeNotary vcn CLI. It can be downloaded from GitHub vcn repository or directly from the dashboard https://dashboard.codenotary.io/download.

System level configuration

  • On the Home Screen, locate and click the Credentials link in the sidebar menu to expand the submenu beneath it.
  • With the submenu opened up, go ahead and select the credentials type, in this case, select System.
  • After selecting System, click Add Domain and notice the right-hand display shows ‘Global credentials (unrestricted)’. Click the link.
  • Create new credentials by selecting the Add Credentials option.

Per build job

Create your credential entries

Now that you have the credential creation display opened, you will need to create your credential entries for your:

  • VCN_USER, corresponding to your user account’s email
  • VCN_PASSWORD, corresponding to your user account’s password
  • VCNNOTARIZATIONPASSWORD, which is your vcn notarization password, if different from the login password

Login and configure the build job environment

Next, you will need login and to configure the build job environment for each build job you have. This is relatively simple. All you need to do is to tie the vcn credentials in from the system configuration to the local environment variables by setting the appropriate bindings.

Add notarization step to the build job

After successfully setting your bindings, you will need to add a build job build step for signing your code with the vcn application. Click on the ‘Add build step’ drop down and select ‘Execute shell.’

Configure build step for notarization

Next, after vcn login and entering your credentials in the CLI, you will need to configure your build step for vcn noarization by typing in the Command field the following script:

vcn login
vcn notarize docker://gcr.io/vchain-ops/vcn:stable

Before deployment

Lastly, you will need to execute this snippet in the deployment process:

vcn authenticate docker://gcr.io/vchain-ops/vcn:stable && your_deploy_script.sh

And that’s it. You’re now ready to have vChain CodeNotary provide a perpetually running integrity check into all of your Jenkins build deployment pipeline, as well as ensure you are participating in the latest DevSecOps best practices.

 

Go to documentation