SCA stage

Selmouni-Abdelilah · Feb 23, 2024 · 6b5ef77 · 6b5ef77
1 parent 6c3b4f5
commit 6b5ef77
Showing 1 changed file with 33 additions and 22 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -48,6 +48,17 @@ pipeline{
                 }
             }
         }
+        stage('SCA') {  
+            steps {
+                    snykSecurity(
+	                    snykInstallation: 'Snyk',
+	                    snykTokenId: 'snykapitoken',
+	                    failOnIssues: false,
+	                    failOnError: false,
+	                    additionalArguments: '--all-projects --detection-depth=3'
+                    )
+		         }
+        }
         stage('Maven Test'){
             steps{
                 sh 'mvn test'
@@ -74,29 +85,29 @@ pipeline{
 	        sh 'docker push abdelilahone/jenkinsci:$BUILD_NUMBER'   
       }           
     }
-    stage("Docker image scanning"){
-            steps {
-                script{
-                // Install trivy
-                sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s  v0.44.1'
-                sh 'chmod +x ./bin/trivy'
-                sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
-                def dockerImageName = 'abdelilahone/jenkinsci:$BUILD_NUMBER'
-                // Scan all vuln levels
-                sh "./bin/trivy image --ignore-unfixed --scanners vuln --vuln-type os,library --format template --template @html.tpl -o trivy-scan.html ${dockerImageName}"      
-                    publishHTML target : [
-                        allowMissing: true,
-                        alwaysLinkToLastBuild: true,
-                        keepAll: true,
-                        reportDir: '.',
-                        reportFiles: 'trivy-scan.html',
-                        reportName: 'Trivy Scan',
-                        reportTitles: 'Trivy Scan'
-                    ]
+    // stage("Docker image scanning"){
+    //         steps {
+    //             script{
+    //             // Install trivy
+    //             sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s  v0.44.1'
+    //             sh 'chmod +x ./bin/trivy'
+    //             sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl'
+    //             def dockerImageName = 'abdelilahone/jenkinsci:$BUILD_NUMBER'
+    //             // Scan all vuln levels
+    //             sh "./bin/trivy image --ignore-unfixed --scanners vuln --vuln-type os,library --format template --template @html.tpl -o trivy-scan.html ${dockerImageName}"      
+    //                 publishHTML target : [
+    //                     allowMissing: true,
+    //                     alwaysLinkToLastBuild: true,
+    //                     keepAll: true,
+    //                     reportDir: '.',
+    //                     reportFiles: 'trivy-scan.html',
+    //                     reportName: 'Trivy Scan',
+    //                     reportTitles: 'Trivy Scan'
+    //                 ]
 
-                }
-            }
-        } 
+    //             }
+    //         }
+    //     } 
 
     }
 }