Jenkins Pipeline
This page explains how you can integrate HoundDog.ai's code scanner with Jenkins Pipeline.
Prerequisites
Your Jenkins agent(s) must have to the following:
- Docker Engine version 20.x or later
- Git version 2.x
- Minimum 2 GBs of memory allocated to Docker
- Public internet access for both the host and the guest containers
Defining the Required Pipeline Variables
First, follow the steps in API Keys to generate a HoundDog.ai API key. Then follow the steps in the Jenkins documentation to create a secret text credential named hounddog-api-key
using the value of your new key. Here is an example screenshot:

Defining the Scan Step in Jenkinsfile
Next, add a new step in the Jenkinsfile
file at the root of your repository. Here is an example which scans your repository and uploads the results to HoundDog.ai Cloud Platform:
pipeline {
agent any
stages {
stage('Run HoundDog.ai Scan') {
environment {
HOUNDDOG_API_KEY = credentials('hounddog-api-key')
}
steps {
sh '''
docker run --pull=always --rm -t -v .:/data \
-e HOUNDDOG_API_KEY=$HOUNDDOG_API_KEY \
hounddogai/hounddog hounddog scan
'''
}
}
}
}
Blocking the Pipeline Upon Detecting Vulnerabilities
HoundDog.ai's code scanner exits with return code 0 (success) by default. To halt the pipeline upon detecting vulnerabilities, provide the --fail-severity-threshold
option to the hounddog scan
command:
pipeline {
agent any
stages {
stage('Run HoundDog.ai Scan') {
environment {
HOUNDDOG_API_KEY = credentials('hounddog-api-key')
}
steps {
sh '''
docker run --pull=always --rm -t -v .:/data \
-e HOUNDDOG_API_KEY=$HOUNDDOG_API_KEY \
hounddogai/hounddog hounddog scan \
--fail-severity-threshold=medium
'''
}
}
}
}
To view all available command-line options for the hounddog scan
command, see Scanner Configuration.