Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents
  2. Integrating iCR Into Your CI/CD Workflows
  3. Jenkins Workflow
  4. Configuring the plugin

Creating a Personal Access Token

PreviousConfiguring the pluginNextCopying Your Repository's URL

Last updated 6 months ago

When a User is connecting to iCR using a standard browser, they first login to their Cloud-Based Version Control System (VCS). GitHub, GitLab and BitBucket are currently supported. Once logged into the VCS, a token, created by the VCS, is saved in the browser and then shared with iCR which can then access the User’s repositories.

When operating within a CI/CD framework, a similar token needs to be provided so that iCR is authorized to access that User’s repository. GitHub and GitLab use a Personal Access Token (PAT) to accomplish this while BitBucket employs an App Password.

We’ll use GitHub to show how this is done for our example. and the are documented separately.

As described in the Private Platform User Guide, login to GitHub and go to Settings->Developer Settings where you will see these options. In this case, we will select

Clicking on that brings you to the page where existing tokens are displayed, and new ones can be generated:

Note that the text on this page clearly states that tokens are used to access the GitHub API which is what iCR uses to retrieve repository and branch information. To create a new token, click on Generate new token. That brings you to following page.

You may name the token anything you like to remind you what it is being used for. You can set a finite expiration date or make it last forever. In our example, we limited it to 90 days.

Setting the scope is important to enable iCR to be able to fetch the required contents of your repositories. Select both the repo (which is automatically selected by default) and workflow options.

Scrolling down the page further, select the notifications option as well to make sure that events from GitHub will be issued.

Finally, click on Generate Token to create the new personal access token.

A new token has been created. This value needs to be copied and saved as future views of this page will not reveal the token again. So, record it now as it is needed for Field 2 in the Jenkins configuration form as defined earlier.

Creating a token for GitLab
Bitbucket App Password