Skip to main content
Skip table of contents

Serverless Framework Integration

Overview

This topic describes how to use the Serverless Framework. The Serverless Framework is a widely-used tool to develop, deploy, test, secure, and monitor your Serverless applications.

Using the Serverless Framework Integration

To use the integration, do as follows:

NOTE: This example uses Jenkins.

  1. Create a Unified Agent configuration file, with relevant flags to scan the function type you selected (npm, mvn, etc.) and relevant flags for a Serverless scan. Ensure that you do not include:

    • The serverless.includes flag

    • If your file is stored publicly, do not include your API token

  2. Install this plugin: npm install serverless-mend.

  3. In the .yml file of the scanned serverless function, add the plugin and the path to the configuration file as so:

    CODE
     plugins:
             serverless-mend
            custom:
               mend:
                      pathToConfig: {path-to-configuration-file}  (NOTE: Mandatory parameter)
                      pathToJar:      {path-to-jar}  (NOTE: Mandatory parameter)
    
                     # optional parameters, must start with 'wss-' prefix; any valid CLI parameter of the UA can be entered here. for example:
                     wss-logLevel: { log level, for example, debug} (NOTE: Optional parameter)
                     wss-apiKey: {enter API key} (NOTE: Optional parameter)
  4. Deploy the serverless function: serverless deploy. The plugin will update the configuration file with the path to a .txt file containing the names of the functions found in the .yml file and will run the UA with this config file.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.