Using Shieldly with Jenkins
Run AI-Powered analysis of AWS IAM policies or CloudFormation/CDK output as a Jenkins pipeline stage using @shieldly/cli — no plugin to install, just Node.js on the agent and an sh step.
1. Store the API key
Manage Jenkins → Credentials → add a Secret text credential (e.g. ID shieldly-api-key) with your key from shieldly.io/app/api. No key stored yet? analyze-iam/analyze-cf still run in demo mode (rate-limited, no signup) to try this first.
2. Declarative pipeline stage
pipeline {
agent any
stages {
stage('Shieldly IAM Scan') {
steps {
withCredentials([string(credentialsId: 'shieldly-api-key', variable: 'SHIELDLY_API_KEY')]) {
sh 'npx @shieldly/cli analyze-iam ./iam-policy.json'
}
}
}
}
}analyze-iam exits non-zero on a Critical or High severity finding, which fails the stage (and the build) automatically.
Scanning CloudFormation / CDK instead
stage('Shieldly CloudFormation Scan') {
steps {
withCredentials([string(credentialsId: 'shieldly-api-key', variable: 'SHIELDLY_API_KEY')]) {
sh '''
npm install -g aws-cdk
cdk synth
npx @shieldly/cli analyze-cf cdk.out/
'''
}
}
}Scanning Terraform instead?
See Using Shieldly with Terraform for the extraction recipe — the resulting analyze-iam call drops into a Jenkins sh step exactly like the ones above.
Privacy
Shieldly does not log your policy or template input. Cache keys are one-way SHA-256 hashes.