Aristiun Aribot

Aribot

Description

Aribot works with your DevOps teams and, thus, those working on the code base and the underlying infrastructure. It also provides deep security insights into Kubernetes clusters(AKS). It is available in Free and Paid usage and accessible on the GitHub Marketplace.

Below are the features summary and **onboarding links ** per lifecycle stage:

Pipeline security (Azure Devops, Github)

Streamlines security: automated reviews, CI/CD integration, Supply Chain standards, reporting, and language agnostic.

https://www.youtube.com/watch?v=RmRNerXjw4Q

Automated threat modeling

Automates threat modeling: traceable requirements, NIST 800 53 compliance, and IaC templates for cloud threats.

https://www.youtube.com/watch?v=qilq_nKpR9k

Platform security (Azure, AWS, Google)

Enhances cloud security: proactive detection, compliance measurement, continuous scanning, and seamless pipeline integration.

https://www.youtube.com/watch?v=3uHbNdtHrEA

Usage

  1. Prepare data for credentials
  2. Create credentials
  3. Install Plugin
  4. Configure plugin
  5. Run a Build
  6. Aribot Onboarding

1. Prepare credentials


Azure

Step 1 Sign in at Microsoft Azure

Step 2 Go to Azure App Registrations

assets/app_registrations.png

Step 3

  • Click new registration
  • Set the Name nd choose “Accounts in any organizational directory (Any Azure AD directory - Multitenant)” asSupported account type
  • Click Register

Step 4

  • Copy values of Application (Client) ID and Directory (Tenant) ID
  • Click to Add certificate or secret assets/credentials.png
  • In Client Secrets tab, click on New Client Secret
  • Fill Description and Expires fields.
  • Copy value of Value field assets/azure/secrets.png

Step 5

  • Go to account home

  • Navigate to your subscription

  • You need to assign 3 roles:

    • Policy Insights Data Writer
    • Resource Policy Contributor
    • Security Assessment Contributor
  • Go to Access Control and click Add under Role assignments assets/azure/iam.png

  • Choose the role Policy Insights Data Writer and click Next assets/azure/add_role.png

  • On Members tab, choose User, group, or service principle and then Select Members for choosing your application your registered earlier.

  • Click Next

  • Review and assign the role assets/azure/add_role_members.png

  • Repeat it for another two roles.

Step 6

  • You can use the Application ID, Tenant ID, Client ID, Client Secret to create credentials below
  • Subscription ID you can find on the Subscriptions page of the Azure portal
  • Resource group name should be target resource group from the Resource groups page

AWS

** Step 1** Go to AWS console -> Users

Step 2

  • Add new user by press button Add users
  • Set User name (in the input field)
  • Select AWS credential type, Set checkbox – assets/aws/cb.pngAccess key Programmatic access
  • Press Next: Permissions
  • At the permissions page choose tab
  • assets/aws/attach_policies.png
  • Press button Create policy On Create policy page choose JSON and paste content:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
               "lambda:CreateFunction",
               "config:GetAggregateConfigRuleComplianceSummary",
               "lambda:ListFunctions",
               "iam:PassRole",   
               "config:PutConfigRule",
               "lambda:GetFunction",
               "lambda:PublishLayerVersion",
               "config:StartConfigRulesEvaluation",
               "config:GetComplianceDetailsByResource",
               "lambda:UpdateFunctionCode",
               "config:GetComplianceDetailsByConfigRule",
               "lambda:AddPermission",
               "config:DescribeConfigRules",
               "lambda:DeleteFunction",
               "lambda:PublishVersion",
               "config:DeleteConfigRule"
            ],
            "Resource": "*"
      }
   ]
}
  • Press button Next: Tags
  • Set policy Name (in the input field)
  • Press button Create policy
  • Go back to Add User screen
  • Click refresh assets/aws/refresh.png User filter to find created Policy
  • Choose it (set checkbox) Policy name
  • Press button Next: Tags
  • Skip two screens by click Next
  • At the last screen, click Show the access secret
  • Copy values Access ID and Access secret

2. Create credentials

Create Azure Credentials

  • Go to Dashboard -> Manage Jenkins -> Plugins -> Installed plugins
  • Search for Azure Credentials and install this plugin (https://plugins.jenkins.io/azure-credentials/)
  • Go to Dashboard -> Manage Jenkins -> Manage Credentials -> System -> Global credentials
  • Click on + Add Credentials
  • Select Azure Credentials (Aribot) in the Kind dropdown
  • Enter credentials from the Prepare Azure credentials step above

Create AWS credentials

  • Go to Dashboard -> Manage Jenkins -> Plugins -> Installed plugins
  • Search for CloudBees AWS Credentials and install this plugin (https://plugins.jenkins.io/aws-credentials/)
  • Go to Dashboard -> Manage Jenkins -> Manage Credentials -> System -> Global credentials
  • Click on + Add Credentials
  • Select AWS Credentials in the Kind dropdown
  • Enter credentials from the Prepare AWS credentials step above

3. Install plugin

  • Go to Dashboard -> Manage Jenkins -> Plugins -> Installed plugins
  • Search for Aristiun Aribot and install

4. Configure plugin

  • Open you project
  • Go to Configure tab
  • In the Build Steps sections click on Add build step and choose Aristiun Aribot
  • Enter step name (optional)
  • Set previously created credentials for your target provider (AWS or Azure)
  • Click Save

5. Run a build

  • On the next build run go to the Console output
  • You should get onboarding link. Click it to proceed with registration or log in if you already have account to create new account for your Jenkins project. assets/console.png