Using Shieldly with Jenkins

Run AI-Powered analysis of AWS IAM policies or CloudFormation/CDK output as a Jenkins pipeline stage using @shieldly/cli — no plugin to install, just Node.js on the agent and an sh step.

1. Store the API key

Manage Jenkins → Credentials → add a Secret text credential (e.g. ID shieldly-api-key) with your key from shieldly.io/app/api. No key stored yet? analyze-iam/analyze-cf still run in demo mode (rate-limited, no signup) to try this first.

2. Declarative pipeline stage

pipeline {
  agent any
  stages {
    stage('Shieldly IAM Scan') {
      steps {
        withCredentials([string(credentialsId: 'shieldly-api-key', variable: 'SHIELDLY_API_KEY')]) {
          sh 'npx @shieldly/cli analyze-iam ./iam-policy.json'
        }
      }
    }
  }
}

analyze-iam exits non-zero on a Critical or High severity finding, which fails the stage (and the build) automatically.

Scanning CloudFormation / CDK instead

stage('Shieldly CloudFormation Scan') {
  steps {
    withCredentials([string(credentialsId: 'shieldly-api-key', variable: 'SHIELDLY_API_KEY')]) {
      sh '''
        npm install -g aws-cdk
        cdk synth
        npx @shieldly/cli analyze-cf cdk.out/
      '''
    }
  }
}

Scanning Terraform instead?

See Using Shieldly with Terraform for the extraction recipe — the resulting analyze-iam call drops into a Jenkins sh step exactly like the ones above.

Privacy

Shieldly does not log your policy or template input. Cache keys are one-way SHA-256 hashes.