forked from Bezpieczny-Kod/abcd-student
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
68 lines (68 loc) · 2.35 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
pipeline {
agent any
options {
skipDefaultCheckout(true)
timestamps()
ansiColor("xterm")
}
stages {
stage('Code checkout from GitHub') {
steps {
script {
cleanWs()
git credentialsId: 'GitHub_PAT', url: 'https://github.com/lolszowy/abcd-student.git', branch: 'main'
}
}
}
stage('Run Juice Shop') {
steps {
echo 'Run Juice Shop'
sh '''
docker run --name juice-shop -d --rm -p 3000:3000 bkimminich/juice-shop
sleep 5
'''
}
}
stage('[ZAP] Baseline passive-scan') {
steps {
sh 'mkdir -p ${WORKSPACE}/results/'
sh '''
pwd
ls -la
docker run --name zap \
--add-host=host.docker.internal:host-gateway \
-v /home/lolszowy/git/abcd/abcd-student/plan-testow-zap/:/zap/wrk/:rw \
-t ghcr.io/zaproxy/zaproxy:stable bash -c \
"mkdir /zap/wrk/reports; zap.sh -cmd -addonupdate; zap.sh -cmd -addoninstall communityScripts -addoninstall pscanrulesAlpha -addoninstall pscanrulesBeta -autorun /zap/wrk/passive_scan.yaml"
'''
}
}
}
post {
success {
sh '''
docker cp zap:/zap/wrk/reports/zap_html_report.html ${WORKSPACE}/results/zap_html_report.html
docker cp zap:/zap/wrk/reports/zap_xml_report.xml ${WORKSPACE}/results/zap_xml_report.xml
'''
archiveArtifacts artifacts: "results/zap_html_report.html", allowEmptyArchive: true
defectDojoPublisher(artifact: '${WORKSPACE}/results/zap_xml_report.xml',
productName: 'Juice Shop',
scanType: 'ZAP Scan',
engagementName: '[email protected]'
)
sh '''
docker stop zap juice-shop || true
docker rm zap juice-shop || true
'''
}
failure {
sh '''
docker stop zap juice-shop || true
docker rm zap juice-shop || true
'''
}
}
}
// OSV Scan
// Semgrep JSON Report
// Trufflehog Scan