Appcanary + Continuous Integration
One neat way to use Appcanary is in tandem with your continuous integration service. This way, you can automatically keep Appcanary up to date or cause builds with security vulnerabilities to fail before your code gets deployed.
Here we'll show you how to integrate Appcanary with CircleCI but the same principle should apply to any other continuous integration service you might use.
1. Set up the Appcanary gem
We're going to assume a Rails app here. In your Gemfile, add the line:
bundle install to update packages.
Next, create a file at
config/initializers/appcanary.rb and add the following line:
Appcanary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"
Great! Time to test that it works. In a terminal, type:
APPCANARY_API_KEY=<YOUR_TOKEN_HERE> \ bundle exec rake appcanary:check
If that command exits without any errors, you're good to go!
2. Set up CircleCI
Now let's create a
circle.yml file. You can configure Appcanary to do either (or both!) of the following:
- Fail the build if a dependency has a security vulnerability
- Create or update a monitor, which will notify if you it becomes vulnerable in the future
To fail the build if there are vulnerabilities, add the following:
test: # [ ... other dependency bits elided ... ] post: - bundle exec rake appcanary:check
To update a monitor on every build, add the following instead:
test: # [ ... other dependency bits elided ... ] post: - bundle exec rake appcanary:update_monitor
3. Configure API key
Finally, go to your project's settings page and add your Appcanary API key to your build's environment variables:
And you're done. Rejoice!