-
Notifications
You must be signed in to change notification settings - Fork 1
/
FullPipeline-WIP
83 lines (75 loc) · 2.75 KB
/
FullPipeline-WIP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
pipeline {
agent none
environment {
sonar_key = credentials('sonar-project-key')
}
stages {
stage('Pull from Github') {
agent any
steps {
git url: 'https://github.com/asankov/webgoat.git', branch: 'main'
}
}
stage('SAST') {
agent any
steps {
sh '/var/jenkins_home/tools/hudson.plugins.sonar.SonarRunnerInstallation/sonar/bin/sonar-scanner -X -Dsonar.host.url=http://sonarqube:9000 -Dsonar.projectKey=${sonar_key} -Dsonar.projectName=webgoat -Dsonar.language=java -Dsonar.projectVersion=1.0 -Dsonar.java.binaries=**/target/classes -Dsonar.exclusions=**/*.ts -Dsonar.projectBaseDir=/var/jenkins_home/workspace/webgoat-no-tools'
// sh 'export SONAR_TOKEN=${sonar_key}'
// sh '/root/.sonar/sonar-scanner-4.7.0.2747-linux/bin/sonar-scanner \
// -Dsonar.organization=svetlomirbalevski \
// -Dsonar.projectKey=SvetlomirBalevski_WebGoat \
// -Dsonar.projectKey=${sonar_key} \
// -Dsonar.java.binaries=. \
// -Dsonar.exclusions=**/*.ts \
// -Dsonar.projectBaseDir=/var/jenkins_home/workspace/webgoat -Dsonar.sources=. \
// -Dsonar.host.url=https://sonarcloud.io'
}
}
stage('SCA') {
agent any
steps{
dependencyCheck additionalArguments: '''
-o "./"
-s "./"
-f "ALL"
--prettyPrint''', odcInstallation: 'dependency-check'
dependencyCheckPublisher (
pattern: 'dependency-check-report.xml'
)
}
}
stage('Build') {
agent {
docker {
image 'maven:3.9.0-eclipse-temurin-17'
args '-v /root/.m2:/root/.m2'
}
}
steps {
sh 'mvn -B -DskipTests clean package'
}
}
stage('Docker Build and Push') {
agent any
environment {
DOCKER_HUB_PASSWORD = credentials('DOCKER_HUB_PASSWORD')
}
steps {
sh 'docker build -t <docker_hub_username>/webgoat .'
sh 'docker login -u <docker_hub_username> -p ${DOCKER_HUB_PASSWORD}'
sh 'docker push <docker_hub_username>/webgoat'
}
}
stage('Docker Scan') {
agent {
docker {
image 'asankov/grype-opa:0.1'
args '-v /root/.m2:/root/.m2'
}
}
steps {
sh 'grype asankov/webgoat'
}
}
}
}