Configure your Bamboo Repository

SourceClear Software Composition Analysis

Bamboo is an on-premise CI system, which means you must install cURL on your server prior to running a SourceClear scan. You can install cURL using SSH access to your server and following the steps outlined in the guide here. After installing the CLI tool, you will also need the path to the executable in order to allow Bamboo to run commands. In order to do so, access the server via ssh and run the command "which curl". This will output the path to the "curl" binary for later usage.

About this task

To scan with SourceClear, you must add post-build steps to your Bamboo plan:


  1. Navigate to the plan where you want to add SourceClear.
  2. From the Actions menu, click Configure Plan.
  3. Select the job where your code is built.
  4. In the Tasks section, select Add Task > Script.
  5. Modify the fields as follows:
    1. For Task Description enter SourceClear scan.
    2. Verify Interpreter is set to Shell.
    3. Verify Script location is set to Inline.
    4. For Script body enter curl -sSL | sh.
    5. Verify Argument is blank.
    6. For Environment variables:
      • If you did not set the SRCCLR_API_TOKEN_PASSWORD at the global or plan levels, enter SRCCLR_API_TOKEN=<token>.
      • If you set the token at the global level, enter: export SRCCLR_API_TOKEN=${bamboo.SRCCLR_API_TOKEN_PASSWORD}.
    7. Verify Working sub directory is blank, unless the configuration file such as the package.json, pom.xml, build.gradle, or requirements.txt is in a subdirectory. If it is in a subdirectory, specify the path to the subdirectory.
  6. Click Save.
  7. Drag the SourceClear scan command to the bottom of the task list directly above the final tasks section.
    Final tasks run even if a previous task fails. If you put the scan command before the final task it ensures that unnecessary scan attempts do not occur if the build fails.


The next time this plan is built, SourceClear runs a scan.