How to Prepare for a Successful On-boarding (CI)

Owned by Saar Avishai (Unlicensed)
Last updated: Jun 19, 2018 by Alon Eizenman
2 min read

The SeaLights configuration process is fairly straightforward and streamlined; regardless of the technology being scanned, the configuration steps are fairly similar.

In order to integrate SeaLights efficiently and smoothly, and in accordance with your organization's policies, a few key points should be noted to ensure proper configuration to report the desired coverage & test information to the dashboard: 

1. Configuring SeaLights as Part of the CI/CD Workflow:

This method allows for a more accurate reporting of coverage as information is gathered on a build-by-build basis - all configured within your existing CI workflow:

The integration process can then be divided into two main methods:

  • Integrated into the CI itself via plugin (current support for Jenkins and VSTS)
  • Integrated as part of the workflow steps invoking shell commands run from inside the CI (technically, all CIs with command execution capabilities are supported)
  1. The following information is necessary to proceed with the onboarding process:
    1. Testing frameworks in use across all stages
    2. Build tool used, if applicable
    3. Application servers on which the onboarded app is deployed on
    4. Containers and their roles, if applicable
    5. Application specific package names/namespaces
    6. In case code is transpiled, ensure the existence and location of map files is known
    7. Specific Network/Security configuration (proxies, firewalls, etc), if applicable
    8. What is the Source Control system used? (SCM)
  2. Is the entire flow (build & test) done automatically, triggered by other jobs or executed manually?
  3. Are any supplementary arguments provided on application runtime?

3. Required Personnel & Permissions

  1. DevOps team member with permissions to edit the CI jobs where the applications are built & tested
  2. Ensure the DevOps has administrator permissions on the CI server being worked on, as well as the app-specific working directories
  3. If your organization is working from behind a proxy - outbound HTTPS network traffic must be allowed to reach the Sealights server
  4. For the early stages of the POC, it is advisable that someone with knowledge about the application & technical layout be available in case any questions arise along the way