-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
111 lines (97 loc) · 4.89 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
pipeline {
agent any
// Install the Jenkins tools you need for your project / environment
tools {
maven 'maven' // Refers to a global tool configuration for Maven called 'maven-3.8.3'
}
// Pull your Snyk token from a Jenkins encrypted credential
// (type "Secret text"... see https://jenkins.io/doc/book/using/using-credentials/#adding-new-global-credentials)
// and put it in temporary environment variable for the Snyk CLI to consume.
environment {
SNYK_TOKEN = credentials('SNYK_TOKEN')
}
stages {
stage('Initialize & Cleanup Workspace') {
steps {
echo 'Initialize & Cleanup Workspace'
sh 'ls -la'
sh 'rm -rf *'
sh 'rm -rf .git'
sh 'rm -rf .gitignore'
sh 'ls -la'
}
}
stage('Git Clone') {
steps {
git url: 'https://github.com/lmaeda/java-goofs.git'
//git url: 'https://github.com/lmaeda/BingAds-Java-SDK.git'
sh 'ls -la'
}
}
stage('Test Build Requirements') {
steps {
sh 'java -version'
sh 'mvn -v'
}
}
// Not required if just install the Snyk CLI on your Agent
stage('Download Snyk CLI') {
steps {
sh '''
latest_version=$(curl -LIs "https://github.com/snyk/snyk/releases/latest" | grep "^location" | sed s#.*tag/##g | tr -d "\r" | grep -v "^location")
echo "Latest Snyk CLI Version: ${latest_version}"
snyk_cli_dl_linux="https://github.com/snyk/snyk/releases/download/${latest_version}/snyk-linux"
echo "Download URL: ${snyk_cli_dl_linux}"
curl -Lo ./snyk "${snyk_cli_dl_linux}"
chmod +x snyk
ls -la
./snyk -v
'''
}
}
stage('Build') {
steps {
sh 'cd ./todolist-core/'
sh 'mvn -e -X package'
//sh './mvnw test -Dsnyk.skip'
}
}
// Run snyk test to check for vulnerabilities and fail the build if any are found
// Consider using --severity-threshold=<low|medium|high> for more granularity (see snyk help for more info).
stage('Snyk Test using Snyk CLI') {
steps {
//sh './snyk test --fail-on=upgradable --severity-threshold=critical --project-name=java-goofs --org=demo_high --target-reference=docker-tomcat'
sh './snyk test --fail-on=patchable --severity-threshold=critical --org=demo_high'
//sh './snyk test --fail-on=upgradable --severity-threshold=critical --project-name=BingAds-Java-SDK --org=demo_high --target-reference=main'
}
}
// Capture the dependency tree for ongoing monitoring in Snyk.
// This is typically done after deployment to some environment (ex staging, test, production, etc).
stage('Snyk Monitor using Snyk CLI') {
steps {
// Use your own Snyk Organization with --org=<your-org>
//sh './snyk monitor --fail-on=upgradable --severity-threshold=critical --project-name=java-goofs --org=demo_high --target-reference=docker-tomcat'
sh './snyk monitor --fail-on=patchable --severity-threshold=critical --remote-repo-url=TestSnykCSM_mvn_05 --org=demo_high'
//sh './snyk monitor --fail-on=upgradable --severity-threshold=critical --project-name=BingAds-Java-SDK --org=demo_high --target-reference=main'
}
}
// Capture the dependency tree for ongoing monitoring in Snyk.
// This is typically done after deployment to some environment (ex staging, test, production, etc).
stage('Snyk Container Test using Snyk CLI') {
steps {
// Use your own Snyk Organization with --org=<your-org>
//sh './snyk container test --severity-threshold=critical --project-name=java-goofs --fail-on=upgradable --org=luc.maeda javagoof:orig'
sh './snyk container test --severity-threshold=critical --project-name=snyk-demo-blueocean docker:dind'
}
}
// Capture the dependency tree for ongoing monitoring in Snyk.
// This is typically done after deployment to some environment (ex staging, test, production, etc).
stage('Snyk Container Monitor using Snyk CLI') {
steps {
// Use your own Snyk Organization with --org=<your-org>
//sh './snyk container monitor --severity-threshold=critical --project-name=java-goofs --fail-on=upgradable --org=luc.maeda javagoof:orig'
sh './snyk container monitor --severity-threshold=critical --project-name=snyk-demo-blueocean docker:dind'
}
}
}
}