Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Overview

This topic describes how to use the Serverless Framework. The Serverless Framework is a widely-used tool to develop, deploy, test, secure, and monitor your Serverless applications.

Using the Serverless Framework Integration

To use the integration, do as follows:

NOTE: For example purpose, this procedure provides instructions for running from Jenkins.

1. Create a Unified Agent configuration file, with relevant flags to scan the function type you selected (npm, mvn, etc.) and relevant flags for a Serverless scan. Ensure that you do not include:

  • The serverless.includes flag
  • If your file is stored publicly, do not include your API token

2. Install this plugin: npm install serverless-whitesource.

3. In the .yml file of the scanned serverless function, add the plugin and the path to the configuration file as so:


        plugins:
         serverless-whitesource
        custom:
           whitesource:
                  pathToConfig: {path-to-configuration-file}  (NOTE: Mandatory parameter)
                  pathToJar:      {path-to-jar}  (NOTE: Mandatory parameter)
                  
                 # optional parameters, must start with 'wss-' prefix; any valid CLI parameter of the UA can be entered here. for example:
                 wss-logLevel: { log level, for example, debug} (NOTE: Optional parameter)
                 wss-apiKey: {enter API key} (NOTE: Optional parameter)
 

4. Deploy the serverless function: serverless deploy. The plugin will update the configuration file with the path to a .txt file containing the names of the functions found in the .yml file and will run the UA with this config file.



  • No labels

Copyright © 2024 Mend.io (White Source Ltd.) | All rights reserved.