-
Notifications
You must be signed in to change notification settings - Fork 2
/
mycxsast.jenkinsfile
119 lines (113 loc) · 5.28 KB
/
mycxsast.jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
@Library('pipeline-library-demo') _
pipeline {
agent any
parameters {
string(name: 'CX_SERVER_URL', defaultValue: 'http://localhost', description: 'CxSAST URL')
string(name: 'CX_PROJECT_TEAM', defaultValue: 'CxServer', description: 'CxSAST Team')
string(name: 'CX_PROJECT_NAME', defaultValue: 'Bookstore_java@git', description: 'CxSAST Project name')
string(name: 'GIT_URL', defaultValue: 'http://localhost/Bonobo.Git.Server/BookStoreJava.git', description: 'GIT URL')
string(name: 'GIT_JENKINS_CREDS', defaultValue: 'Bonobo.Git.Server', description: 'GIT credentials in Jenkins Credentials')
}
stages {
stage('clean') {
steps {
deleteDir() /* Clean up our workspace */
}
}
stage('print') {
// Print build number and workspace
steps {
echo "Build ${BUILD_NUMBER} - in the Workspace of [${WORKSPACE}]!"
script {
if(isUnix()) {
sh "ls -lahR ${WORKSPACE} "
sh "cd ${WORKSPACE} "
} else {
bat "dir /s ${WORKSPACE} "
bat "cd ${WORKSPACE}"
}
}
}
}
stage('preparation') {
steps {
echo "Get some code from an SCM"
echo "[${params.GIT_URL}][${params.GIT_JENKINS_CREDS}]"
checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false,
extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${params.GIT_JENKINS_CREDS}",
url: "${params.GIT_URL}"]]])
}
}
stage('checkmarx') {
environment {
CX_CREDS = credentials('jenkins-checkmarx-cxsast-creds')
}
steps{
echo "Executing Checkmarx Jenkins Plugin to request a Scan..."
step([$class: 'CxScanBuilder', comment: '', excludeFolders: '', excludeOpenSourceFolders: '', exclusionsSetting: 'job',
filterPattern: '''!**/_cvs/**/*, !**/.svn/**/*, !**/.hg/**/*, !**/.git/**/*, !**/.bzr/**/*, !**/bin/**/*,
!**/obj/**/*, !**/backup/**/*, !**/.idea/**/*, !**/*.DS_Store, !**/*.ipr, !**/*.iws,
!**/*.bak, !**/*.tmp, !**/*.aac, !**/*.aif, !**/*.iff, !**/*.m3u, !**/*.mid, !**/*.mp3,
!**/*.mpa, !**/*.ra, !**/*.wav, !**/*.wma, !**/*.3g2, !**/*.3gp, !**/*.asf, !**/*.asx,
!**/*.avi, !**/*.flv, !**/*.mov, !**/*.mp4, !**/*.mpg, !**/*.rm, !**/*.swf, !**/*.vob,
!**/*.wmv, !**/*.bmp, !**/*.gif, !**/*.jpg, !**/*.png, !**/*.psd, !**/*.tif, !**/*.swf,
!**/*.jar, !**/*.zip, !**/*.rar, !**/*.exe, !**/*.dll, !**/*.pdb, !**/*.7z, !**/*.gz,
!**/*.tar.gz, !**/*.tar, !**/*.gz, !**/*.ahtm, !**/*.ahtml, !**/*.fhtml, !**/*.hdm,
!**/*.hdml, !**/*.hsql, !**/*.ht, !**/*.hta, !**/*.htc, !**/*.htd, !**/*.war, !**/*.ear,
!**/*.htmls, !**/*.ihtml, !**/*.mht, !**/*.mhtm, !**/*.mhtml, !**/*.ssi, !**/*.stm,
!**/*.stml, !**/*.ttml, !**/*.txn, !**/*.xhtm, !**/*.class, !**/*.iml, !Checkmarx/Reports/*.*''',
fullScanCycle: 10,
fullScansScheduled: true,
generatePdfReport: true,
generateXmlReport: true,
groupId: '00000000-1111-1111-b111-989c9070eb11',
includeOpenSourceFolders: '',
osaEnabled: false,
username: "${CX_CREDS_USR}",
password: "${CX_CREDS_PSW}",
preset: '36',
projectName: "${params.CX_PROJECT_NAME}",
serverUrl: "${params.CX_SERVER_URL}",
sourceEncoding: '1',
waitForResultsEnabled: true,
vulnerabilityThresholdEnabled: true,
vulnerabilityThresholdResult: 'UNSTABLE',
highThreshold: 1,
lowThreshold: 1,
mediumThreshold: 1,
generatePdfReport: false])
}
post {
unstable {
script {
echo "This will always run"
echo "Current build result: ${currentBuild.getCurrentResult()}"
def reportFileUrl = "${env.WORKSPACE}/Checkmarx/Reports/ScanReport.xml";
if ( fileExists(reportFileUrl) ) {
echo 'report exists'
def cxresults = parseXMLReport(reportFileUrl)
echo "highs: ${cxresults.highs}"
echo "mediums: ${cxresults.mediums}"
echo "lows: ${cxresults.lows}"
echo "infos: ${cxresults.infos}"
withEnv(['JIRA_SITE=LOCAL']) {
def testIssue = [fields: [ project: [id: '10300'],
summary: '[UNSTABLE] New CxScan Results exceeded threshold',
description: "Results highs: ${cxresults.highs}, mediums: ${cxresults.mediums}, lows: ${cxresults.lows}, infos: ${cxresults.infos}",
issuetype: [id: '10003']]]
response = jiraNewIssue issue: testIssue
echo response.successful.toString()
echo response.data.toString()
}
}
}
}
}
}
stage('Build') {
steps {
echo "Continue with your \'build\' step(s)..."
}
}
}
}