-
Notifications
You must be signed in to change notification settings - Fork 15
Jenkins Freestyle
florykiank edited this page Jul 30, 2019
·
1 revision
- Create freestyle Jenkins job
- Built
Reapsaw
container - Update next parameters in script:
CX_PROJECT # Project name in Checkmarx
CX_URL # Checkmarx (e.g. https://checkmarx.com)
CX_USER # username
CX_PASSWORD # password
RP_URL # Report Portal
RP_TOKEN # API token
Information how to do it can be found by the links below:
Please find below example how to get Reapsaw
results against https://github.com/appsecco/dvna
in Jenkins:
# Make sure you already build container `docker build -t sast .`
# The TOOLS is a list of scanning tools
# will be cx by default, Snyk can be used as a dependency scanner. In order to use it, please set SNYK_TOKEN
TOOLS="cx"
# The CX_USER is a name of application user for automated scns
CX_URL="PLEASE_PASTE_CX_URL"
CX_USER="PLEASE_PASTE_CX_USERID"
CX_PASSWORD="PLEASE_PASTE_CX_PASSWORD"
# The CX_PATH contain paths to be excluded from Checkmarx scan (Coma separated list e.g. code,some/other/code)
CX_PATH="docs,terraform,tests"
RP_URL="PLEASE_PASTE_REPORT_PORTAL_URL"
# The RP_TOKEN used to send results in aggregation storage
RP_TOKEN="PLEASE_PASTE_RP_TOKEN"
# PRJ is a Checkmarx project name
PRJ="demo_sast"
# Clear Jenkins job WORKSPACE
rm -rf $WORKSPACE/*
# Clone repository
mkdir code
# clone code base in `code` folder
git clone https://github.com/appsecco/dvna $WORKSPACE/code -b master
# create folder for reports
mkdir -p code/reports
# Stop container if in run state
if docker stop $PRJ ; then
echo 'stopping sast container'
else
echo 'starting sast..'
fi
# Remove container if in run state
if docker rm $PRJ ; then
echo 'removing sast container'
else
echo 'starting sast..'
fi
docker run -d -t --entrypoint=cat \
-e TASKS=$TOOLS \
-e CX_URL=$CX_URL \
-e CX_USER=$CX_USER \
-e CX_PASSWORD=$CX_PASSWORD \
-e CX_PROJECT=$PRJ \
-e RP_PROJECT=$PRJ \
-e cx_path="$CX_PATH" \
--name $PRJ sast:latest
# copy code base from workspace inside container
docker cp "$WORKSPACE/code/." $PRJ:/code
# print working dir files for the scan inside container
docker exec -t demo_sast ls -la
# start scan
docker exec -t demo_sast scan
# generate reports locally - without sending in RP
docker exec -t demo_sast generate_reports -r=false
# review results
docker exec -t demo_sast ls reports
# review results : json
docker exec -t demo_sast cat reports/json_report.json
# generate html report
docker exec -i demo_sast junit2html /code/reports/junit_report.xml /code/reports/report.html
# send results in ReportPortal
docker exec -t -e REPORT_PORTAL_URL=$RP_URL -e RP_TOKEN=$RP_TOKEN -e RP_PROJECT=$PRJ -e RP_LAUNCH_NAME=$PRJ demo_sast generate_reports
# stop sast container
docker stop $PRJ
# remove sast container
docker rm $PRJ