Spectral for Google Cloud Build

Integrating with Google Cloud Build is as simple as downloading Spectral and running a scan in your test or build scripts.

First, grab your DSN from the SpectralOps platform, and store it as SPECTRAL_DSN in Secret Manager.

Here's an example run of Spectral on Google Cloud Build:

cloudbuild.yaml

steps:

- name: gcr.io/cloud-builders/gcloud

id: Spectral

entrypoint: bash

args:

- -c

- |

curl -L "https://get.spectralops.io/latest/x/sh?dsn=$$SPECTRAL_DSN" | sh

$HOME/.spectral/spectral scan

secretEnv: ['SPECTRAL_DSN']

availableSecrets:

secretManager:

- versionName: projects/PROJECT_ID/secrets/SPECTRAL_DSN/versions/latest

env: SPECTRAL_DSN

tip

We cryptographically sign our binaries. However, you might prefer downloading the Spectral binary and storing it in your own artifact store periodically, then, you can pull from your own store in your CI workflows.

With Spectral integrated, your builds should now look like this:

tip

Use spectral scan --ok if you wouldn't like to break builds. It's common to use this mode when you're ramping up your discovery of issues, or when you have a different kind of security workflow.