-
Notifications
You must be signed in to change notification settings - Fork 2
/
JenkinsFile
65 lines (59 loc) · 2.62 KB
/
JenkinsFile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/groovy
node {
def root = pwd()
def mvn = tool 'M3'
def projectId = "venicegeo:beachfront:beachfront-py"
def appvers = ""
def appName = ""
stage("Config") {
// clone the configuration repository and copy the current configuration
def configDir = "${root}/configuration"
def configFile = "${root}/config.json"
dir(configDir) {
git url: "${env.CONFIGURATION_URL}", credentialsId: "${env.CONFIGURATION_CREDS}"
sh "mv ${configDir}/${ENVIRONMENT}-config.json ${configFile}"
deleteDir()
}
// read the current configuration
def configJson = readJSON file: "${configFile}"
for (param in configJson.credparams + configJson.jobparams) {
env."${param.name}" = (param.type == "booleanParam") ? "${param.defaultvalue}".toBoolean() : "${param.defaultvalue}"
}
}
stage("Setup") {
deleteDir()
if(env.USE_GIT_CREDS.toBoolean()) {
git url: "${env.GIT_URL}", branch: "${env.GIT_BRANCH}", credentialsId: "${env.GITLAB_CREDS}"
} else {
git url: "${env.GIT_URL}", branch: "${env.GIT_BRANCH}"
}
appvers = sh(script: """git describe --long --tags --always | sed 's/\\./-/'g""", returnStdout: true).trim()
appName = "beachfront-py-${appvers}"
}
if(!env.SKIP_SCANS.toBoolean()) {
stage("Dependency Check") {
withCredentials([
[$class: 'StringBinding', credentialsId: "${env.THREADFIX_API_KEY}", variable: "THREADFIX_KEY"]
]) {
dir("beachfront") {
def depHome = tool 'owasp_dependency_check'
withEnv(["PATH+=${depHome}/bin"]) {
sh 'dependency-check.sh --project "beachfront-py" --scan "." --format "XML" --enableExperimental --disableBundleAudit'
sh "/bin/curl -v --insecure -H 'Accept: application/json' -X POST --form file=@dependency-check-report.xml ${env.THREADFIX_URL}/rest/latest/applications/${env.THREADFIX_ID}/upload?apiKey=${THREADFIX_KEY}"
}
}
}
}
stage("Fortify Scans") {
withCredentials([
[$class: 'StringBinding', credentialsId: "${env.THREADFIX_API_KEY}", variable: "THREADFIX_KEY"]
]) {
dir("beachfront") {
sh "/opt/hp_fortify_sca/bin/sourceanalyzer -b ${env.BUILD_NUMBER} ./{*.py,**/*.py} -exclude **/test/*"
sh "/opt/hp_fortify_sca/bin/sourceanalyzer -b ${env.BUILD_NUMBER} -scan -Xmx8G -f fortifyResults-${env.BUILD_NUMBER}.fpr"
sh "/bin/curl -v --insecure -H 'Accept: application/json' -X POST --form file=@fortifyResults-${env.BUILD_NUMBER}.fpr ${env.THREADFIX_URL}/rest/latest/applications/${THREADFIX_ID}/upload?apiKey=${THREADFIX_KEY}"
}
}
}
}
}