forked from veracode/verademo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
114 lines (103 loc) · 4.7 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
//
// This is an example of using VeraDemo Java test application with the Veracode Static scanner.
//
pipeline {
agent any
environment {
VERACODE_APP_NAME = 'Verademo' // App Name in the Veracode Platform
}
stages{
stage ('environment verify') {
steps {
script {
if (isUnix() == true) {
sh 'pwd'
sh 'ls -la'
sh 'echo $PATH'
}
else {
bat 'dir'
bat 'echo %PATH%'
}
}
}
}
stage ('build') {
steps {
withMaven(maven:'maven-3') {
script {
if(isUnix() == true) {
sh 'mvn -f app clean package'
}
else {
bat 'mvn -f app clean package'
}
}
}
}
}
stage ('Veracode scan') {
steps {
script {
if(isUnix() == true) {
env.HOST_OS = 'Unix'
}
else {
env.HOST_OS = 'Windows'
}
}
echo 'Veracode scanning'
withCredentials([ usernamePassword (
credentialsId: 'veracode_login', usernameVariable: 'VERACODE_API_ID', passwordVariable: 'VERACODE_API_KEY') ]) {
// fire-and-forget
veracode applicationName: "${VERACODE_APP_NAME}", criticality: 'VeryHigh', debug: true, fileNamePattern: '', replacementPattern: '', sandboxName: '', scanExcludesPattern: '', scanIncludesPattern: '', scanName: 'Jenkins-${BUILD_NUMBER}', uploadExcludesPattern: '', uploadIncludesPattern: 'app/target/verademo.war', vid: "${VERACODE_API_ID}", vkey: "${VERACODE_API_KEY}"
// wait for scan to complete (timeout: x)
//veracode applicationName: '${VERACODE_APP_NAME}'', criticality: 'VeryHigh', debug: true, timeout: 20, fileNamePattern: '', pHost: '', pPassword: '', pUser: '', replacementPattern: '', sandboxName: '', scanExcludesPattern: '', scanIncludesPattern: '', scanName: "${BUILD_TAG}", uploadExcludesPattern: '', uploadIncludesPattern: 'target/verademo.war', vid: '${VERACODE_API_ID}', vkey: '${VERACODE_API_KEY}'
}
}
}
// the above steps are the bare minimum.
// below are some additional steps that are commonplace
stage ('Veracode SCA') {
steps {
echo 'Veracode SCA'
withCredentials([ string(credentialsId: 'SCA_Token', variable: 'SRCCLR_API_TOKEN')]) {
withMaven(maven:'maven-3') {
script {
if(isUnix() == true) {
sh "curl -sSL https://download.sourceclear.com/ci.sh | sh -s -- scan app"
// debug, no upload
//sh "curl -sSL https://download.sourceclear.com/ci.sh | DEBUG=1 sh -s -- scan --no-upload"
}
else {
powershell '''
Set-ExecutionPolicy AllSigned -Scope Process -Force
$ProgressPreference = "silentlyContinue"
iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1'))
srcclr scan app
'''
}
}
}
}
}
}
// Currently only works on *nix
stage ('Veracode container scan') {
steps {
echo 'Veracode container scanning'
withCredentials([ usernamePassword (
credentialsId: 'veracode_login', usernameVariable: 'VERACODE_API_KEY_ID', passwordVariable: 'VERACODE_API_KEY_SECRET') ]) {
script {
if(isUnix() == true) {
sh '''
curl -fsS https://tools.veracode.com/veracode-cli/install | sh
./veracode scan --type directory --source . --format table
'''
}
}
}
}
}
}
}