Aaron VanSledright

Tag: coding

  • Custom Automated Code Scanning with AWS Bedrock and Claude Sonnet for Jenkins

    I run Jenkins in my home lab where I build and test various applications. I’m sure many of you already know this. I also use Jenkins professionally so its a great test bed for trying things out before implementing them for clients. Essentially my home lab is and will always be a sandbox.

    Anyway, I thought it would be fun to implement AI into a pipeline and have Claude scan my code bases for vulnerabilities before they are built and deployed.

    So, I first created a shared library this points to a private repository that I have on GitHub that contains all of the code.

    At the beginning of each of my pipelines I add one line to import the library like this:

    @Library('jenkins-shared-libraries') _

    Then I also created a Groovy file which defines all the prerequisites and builds the container in which our code scan runs

    def call() {
    node {
        stage('Amazon Bedrock Scan') {
            // 1. Prepare scripts from library resources
            def scriptContent = libraryResource 'scripts/orchestrator.py'
            def reqsContent = libraryResource 'scripts/requirements.txt'
            writeFile file: 'q_orchestrator.py', text: scriptContent
            writeFile file: 'requirements.txt', text: reqsContent

            // 2. Start the Docker container

            docker.image('python:3.13-slim').inside("-u 0:0") {
                
                // 3. Bind Credentials
                withCredentials([
                    [$class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'AWS_Q_CREDENTIALS'],
                    string(credentialsId: 'github-api-token', variable: 'GITHUB_TOKEN')
                ]) {
                    // 4. Get repo name from Jenkins environment
                    def repoUrl = env.GIT_URL ?: scm.userRemoteConfigs[0].url
                    def repoName = repoUrl.replaceAll(/.*github\.com[:\\/]/, '').replaceAll(/\.git$/, '')

                    echo "Scanning repository: ${repoName}"

                    // 5. THESE MUST LOG TO CONSOLE
                    sh """
                        echo "--- INSTALLING DEPENDENCIES ---"
                        apt-get update -qq && apt-get install -y -qq git > /dev/null 2>&1
                        pip install --quiet -r requirements.txt

                        echo "--- RUNNING ORCHESTRATOR FOR ${repoName} ---"
                        python3 q_orchestrator.py --repo "${repoName}"
                    """
                }
            }
        }
    }
}

    This spins up a container which runs on my Jenkins instance (yes, I know I should setup a different cluster for this) and runs the orchestrator.py file which contains all of my code.

    The code iterates through all of the code files, which I filtered based on extension so that we aren’t scanning or sending executable files or unnecessary files to Bedrock.

    Once Bedrock reviews all of the files then it will put all of the details into a pull request and write code change suggestions to the files. The pull request is then submitted to the repository for me to review. If the pull request is approved the cycle starts all over again!

    I’ve slowly been rolling this out to my pipelines and boy did I miss some very obvious things. I can’t wait to keep fixing things and improving not only my pipelines but my coding skills.

    If you have any interest in setting up something similar feel free to reach out!

  • Where Is It Five O’Clock Pt: 1

    I bought the domain whereisitfiveoclock.net a while back and have been sitting on it for quite some time. I had an idea to make a web application that would tell you where it is five o’clock. Yes, this is a drinking website.

    I saw this project as a way to learn more Python skills, as well as some more AWS skills, and boy, has it put me to the test. So I’m going to write this series of posts as a way to document my progress in building this application.

    Part One: Building The Application

    I know that I want to use Python because it is my language of choice. I then researched what libraries I could use to build the frontend with. I came across Flask as an option and decided to run with that. The next step I had to do was actually find out where it was 5PM.

    In my head, I came up with the process that if I could first get a list of all the timezone and identify the current time in them I could filter out which timezones it was 5PM. Once establishing where it was 5PM, I can then get that information to Flask and figure out a way to display it.

    Here is the function for identifying the current time in all timezones and then storing each key pair of {Timezone : Current_Time }

    def getTime():
    now_utc = datetime.now(timezone('UTC'))
    #print('UTC:', now_utc)
    timezones = pytz.all_timezones
    #get all current times and store them into a list
    tz_array = []
    for tz in timezones:
        current_time = now_utc.astimezone(timezone(tz))
        values = {tz: current_time.hour}
        tz_array.append(values)
        
    return tz_array

    Once everything was stored into tz_array I took that info and passed it through the following function to identify it was 5PM. I have another function that identifies everything that is NOT 5PM.

    def find5PM():
    its5pm = []
    for tz in tz_array:
        timezones = tz.items()
        for timezone, hour in timezones:
            if hour >= 17:
                its5pm.append(timezone)
    return its5pm

    I made a new list and stored just the timezone name into that list and return it.

    Once I had all these together I passed them through as variables to Flask. This is where I first started to struggle. In my original revisions of the functions, I was only returning one of the values rather than returning ALL of the values. This resulted in hours of struggling to identify the cause of the problem. Eventually, I had to start over and completely re-work the code until I ended up with what you see above.

    The code was finally functional and I was ready to deploy it to Amazon Web Services for public access. I will discuss my design and deployment in Part Two.

    http://whereisitfiveoclock.net