Overview
This topic describes how to use the Serverless Framework. The Serverless Framework is a widely-used tool to develop, deploy, test, secure, and monitor your Serverless applications.
Using the Serverless Framework Integration
To use the integration, do as follows:
NOTE: For example purpose, this procedure provides instructions for running from Jenkins.
1. Create a Unified Agent configuration file, with relevant flags to scan the function type you selected (npm, mvn, etc.) and relevant flags for a Serverless scan. Ensure that you do not include:
- The serverless.includes flag
- If your file is stored publicly, do not include your API token
2. Install this plugin: npm install serverless-whitesource.
3. In the .yml file of the scanned serverless function, add the plugin and the path to the configuration file as so:
4. Deploy the serverless function: serverless deploy. The plugin will update the configuration file with the path to a .txt file containing the names of the functions found in the .yml file and will run the UA with this config file.