-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathJenkinsfile
87 lines (87 loc) · 2.5 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
pipeline {
options {
disableConcurrentBuilds()
buildDiscarder(logRotator(numToKeepStr: '30', artifactNumToKeepStr: '30'))
}
agent any
environment {
CURRENT_IP = 'docker.for.mac.localhost'
}
stages {
stage('Show runtime version') {
steps {
sh 'java -version'
sh './mvnw --version'
sh 'printenv| sort'
}
}
stage('mvn cleanup') {
steps {
sh './mvnw clean'
}
}
stage('Unit Tests') {
steps {
sh './mvnw test'
}
}
stage('dependency check') {
steps {
sh './mvnw dependency-check:check'
}
}
stage('package') {
steps {
sh './mvnw -DskipTests package'
}
}
stage('artifact upload') {
steps {
echo 'dont upload that shit'
}
}
stage('docker build') {
steps {
sh "docker build . -t cy4n/broken:${env.GIT_COMMIT}"
}
}
stage('docker push') {
steps {
echo 'dont upload that shit'
}
}
stage('container security scan') {
steps {
script {
// you can start clair and clair-DB containers here if you only want to start them on demand
try {
sh "clair-scanner -c http://${CURRENT_IP}:6060 --ip ${CURRENT_IP} -r clair-report.json -l clair.log -w clair-whitelist.yml cy4n/broken:${env.GIT_COMMIT}"
}
catch (exc) {
currentBuild.result = 'UNSTABLE'
}
}
}
}
stage('api security scan') {
steps {
sh "docker run -d -p10000:8080 --name 'sut' cy4n/broken:${env.GIT_COMMIT}"
sleep 20
script {
try {
sh "docker run -t owasp/zap2docker-weekly zap-baseline.py -t http://${CURRENT_IP}:10000"
}
catch (exc) {
currentBuild.result = 'UNSTABLE'
}
}
}
}
stage('docker cleanup') {
steps {
sh 'docker stop sut'
sh 'docker container rm sut'
}
}
}
}