One of the main features of SensioLabsInsight service is that it integrates smoothly into your existing workflow and technical infrastructure. We know that most companies use Jenkins as their continuous integration server and for that reason, SensioLabsInsight provides out-of-the-box Jenkins integration.
Jenkins integration is performed through the SensioLabsInsight API. The easiest way to use this API is via the PHAR version of its command line tool. Download it from http://get.insight.sensiolabs.com/insight.phar, or execute the following commands:
# download it with cURL $ curl -o insight.phar -s http://get.insight.sensiolabs.com/insight.phar # download it with wget $ wget http://get.insight.sensiolabs.com/insight.phar
Check that the
insight.phar file has been correctly downloaded by executing
the following command that lists all your projects configured on Insight:
$ php insight.phar projects
The first time you execute
insight.phar, you will be prompted for your
SensioLabsInsight API token and user UUID. You can find this information in
the API/SDK tab of your SensioLabsInsight account preferences:
insight.phar file will optionally save these credentials for you to
reuse them for the next commands. To override these stored credentials, use
--user-uuid command options.
First, make sure that you have installed the PMD plugin, which is required to process the SensioLabsInsight reports generated in PMD format. Then, create a new build command that executes the following:
#!/bin/sh php insight.phar analysis --format=pmd <project-UUID> > insight-pmd.xml
Finally, add a new post-build action in Jenkins to publish the PMD analysis results stored in the
And that's all! From there on, whenever a new build is initiated by Jenkins, a new analysis will be triggered in SensioLabsInsight and the results will be integrated directly into your Jenkins output.
Click on the report details to view the complete list of violations, including the file and line of code where each one was found:
Deploying code that contains security exploits and performance bottlenecks can pose a serious threat to your company. Integrating SensioLabsInsight into your deployment process via Jenkins prevents you from deploying bad code into production servers.
Start by adding a new
fail-condition option to the
analysis command and
then set the condition that will cause the build to fail:
$ php insight.phar analysis <project-UUID> --format="pmd" \ --fail-condition="counts.security > 0"
counts.security > 0 expression is a good starting point to prevent the
deployment of dangerous code, but you can use any other condition built with
the ExpressionLanguage component.
The two variables that can be used in the expressions are called
analysis variable stores all the information about the
analysis as defined by the Analysis.php model class. The
variable stores the number of violations grouped by category. Combining both
variables you can build very powerful expressions:
// the project has a too low grade analysis.grade in ['none', 'bronze'] // the project has a lot of violations, including some performance issues analysis.nbViolations > 50 and counts.performance > 0 // the technical debt of the project is too high analysis.remediationCost > 100