From 7bfbe1376bf8c1e84c0b5b32ab40dee27e7d8e41 Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Tue, 30 Dec 2025 09:22:03 -0800 Subject: [PATCH 1/3] Jenkins CI pipeline --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/README.md b/README.md index 29c6510..9767b6c 100644 --- a/README.md +++ b/README.md @@ -237,6 +237,7 @@ iex "& { $(iwr 'https://github.com/AikidoSec/safe-chain/releases/latest/download - ✅ **GitHub Actions** - ✅ **Azure Pipelines** - ✅ **CircleCI** +- ✅ **Jenkins** ## GitHub Actions Example @@ -288,4 +289,70 @@ workflows: - build ``` +## Jenkins Example + +```groovy +pipeline { + agent any + + environment { + // Jenkins does not automatically persist PATH updates from setup-ci, + // so add the shims + binary directory explicitly for all stages. + PATH = "${env.HOME}/.safe-chain/shims:${env.HOME}/.safe-chain/bin:${env.PATH}" + } + + stages { + stage('Install Node.js') { + steps { + sh ''' + set -euo pipefail + + # install Node.js + npm (requires root, or passwordless sudo on the agent) + sudo -n apt-get update + sudo -n apt-get install -y nodejs npm + + node -v + npm -v + ''' + } + } + + stage('Install safe-chain') { + steps { + sh ''' + set -euo pipefail + + # Install Safe Chain for CI + curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci + ''' + } + } + + stage('Verify safe-chain on PATH') { + steps { + sh ''' + set -euo pipefail + + command -v safe-chain + command -v npm + + # Test: npm should resolve to the safe-chain shim + test "$(command -v npm)" = "$HOME/.safe-chain/shims/npm" + ''' + } + } + + stage('Install project dependencies etc...') { + steps { + sh ''' + set -euo pipefail + npm ci + ''' + } + } + } +} +``` + + After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection. From 8d0dcd00680297c2d3a98ee2e8fcfc02ec5656b2 Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Tue, 30 Dec 2025 10:11:25 -0800 Subject: [PATCH 2/3] Small fix --- README.md | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 9767b6c..14388cb 100644 --- a/README.md +++ b/README.md @@ -291,6 +291,8 @@ workflows: ## Jenkins Example +Note: This assumes Node.js and npm are installed on the Jenkins agent. + ```groovy pipeline { agent any @@ -302,21 +304,6 @@ pipeline { } stages { - stage('Install Node.js') { - steps { - sh ''' - set -euo pipefail - - # install Node.js + npm (requires root, or passwordless sudo on the agent) - sudo -n apt-get update - sudo -n apt-get install -y nodejs npm - - node -v - npm -v - ''' - } - } - stage('Install safe-chain') { steps { sh ''' From bc4370348fac041b2ed331f42d31a5baf8d6cd56 Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Tue, 30 Dec 2025 11:19:00 -0800 Subject: [PATCH 3/3] Adapt per review --- README.md | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/README.md b/README.md index 14388cb..b62c4f2 100644 --- a/README.md +++ b/README.md @@ -315,20 +315,6 @@ pipeline { } } - stage('Verify safe-chain on PATH') { - steps { - sh ''' - set -euo pipefail - - command -v safe-chain - command -v npm - - # Test: npm should resolve to the safe-chain shim - test "$(command -v npm)" = "$HOME/.safe-chain/shims/npm" - ''' - } - } - stage('Install project dependencies etc...') { steps { sh '''