-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathJenkins_Pipeline_and_SCA.groovy
65 lines (57 loc) · 2.18 KB
/
Jenkins_Pipeline_and_SCA.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
/*
* Normal Jenkinsfile that will build and do Policy and SCA scans
*/
pipeline {
agent any
environment {
VERACODE_APP_NAME = 'VeraDemo' // App Name in the Veracode Platform
}
// this is optional on Linux, if jenkins does not have access to your locally installed docker
//tools {
// these match up with 'Manage Jenkins -> Global Tool Config'
//'org.jenkinsci.plugins.docker.commons.tools.DockerTool' 'docker-latest'
//}
options {
// only keep the last x build logs and artifacts (for space saving)
buildDiscarder(logRotator(numToKeepStr: '20', artifactNumToKeepStr: '20'))
}
stages {
stage ('build') {
steps {
withMaven(maven:'maven-3') {
script {
dir('app') {
sh 'mvn clean package'
}
}
}
}
}
stage ('Pipeline Scan') {
steps {
echo 'Pipeline Scan'
withCredentials([ usernamePassword (
credentialsId: 'veracode_login', usernameVariable: 'VERACODE_API_ID', passwordVariable: 'VERACODE_API_KEY') ]) {
sh 'curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip'
unzip zipFile: 'pipeline-scan-LATEST.zip'
sh 'java -jar pipeline-scan.jar -vid ${VERACODE_API_ID} -vkey ${VERACODE_API_KEY} -f app/target/verademo.war || true'
}
}
}
stage ('Veracode SCA') {
steps {
echo 'Veracode SCA'
withCredentials([ string(credentialsId: 'SCA_Token', variable: 'SRCCLR_API_TOKEN')]) {
withMaven(maven:'maven-3') {
script {
sh '''
export SCAN_DIR="./app"
curl -sSL https://download.sourceclear.com/ci.sh | bash -s scan --allow-dirty --update-advisor
'''
}
}
}
}
}
}
}