forked from OWASP/NodeGoat
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathJenkinsfile
118 lines (96 loc) · 3.51 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
pipeline {
agent any
tools {nodejs "node"}
environment {
SEMGREP_APP_TOKEN = credentials('semgrep-scan')
}
stages {
stage('Install Dependencies') {
steps {
echo 'Installing dependencies...'
// sh 'rm -r node_modules'
sh 'npm install'
}
}
stage('Semgrep Scan') {
steps {
sh '''
docker run \
-e SEMGREP_APP_TOKEN=$SEMGREP_APP_TOKEN \
-v "$(pwd):$(pwd)" --workdir $(pwd) \
returntocorp/semgrep semgrep ci --code --junit-xml-output semgrep-report.xml'''
sh 'exit 0'
}
post {
always {
junit allowEmptyResults: true, testResults: 'semgrep-report.xml', skipPublishingChecks: true
}
}
}
// Secret scannning
stage ('Trufflehog Scan') {
steps {
sh 'docker run gesellix/trufflehog --json https://github.com/shubnimkar/CI_CD_Devsecops.git > trufflehog.json'
script {
def jsonReport = readFile('trufflehog.json')
def htmlReport = """
<html>
<head>
<title>Trufflehog Scan Report</title>
</head>
<body>
<h1>Trufflehog Scan Report</h1>
<pre>${jsonReport}</pre>
</body>
</html>
"""
writeFile file: 'scanresults/trufflehog-report.html', text: htmlReport
}
archiveArtifacts artifacts: 'scanresults/trufflehog-report.html', allowEmptyArchive: true
}
}
stage('Snyk Scan') {
steps {
echo 'Snyk Scanning...'
snykSecurity(
snykInstallation: 'Snyk-Scan',
snykTokenId: 'Snyk-Scan',
severity: 'low',
failOnIssues: 'false'
)
}
}
stage('Deploy to DEV') {
steps {
echo 'Deploying...'
echo 'DEPLOY TO DEV WAS SUCCESSFUL!!!'
}
}
// stage('Dastardly Scan') {
// steps {
// echo 'Launch app...'
// sh 'docker-compose up --detach'
// echo 'Dastardly Scanning...'
// sh '''
// docker run --network host --user $(id -u) -v ${WORKSPACE}:${WORKSPACE}:rw \
// -e BURP_START_URL=http://localhost:4000 \
// -e BURP_REPORT_FILE_PATH=${WORKSPACE}/dastardly-report.xml \
// public.ecr.aws/portswigger/dastardly:latest \
// '''
// sh 'exit 0'
// echo 'Dastardly Scanning Completed.'
// }
// post {
// always {
// junit allowEmptyResults: true, testResults: 'dastardly-report.xml', skipPublishingChecks: true
// }
// }
// }
stage('Deploy to PROD') {
steps {
echo 'Deploying...'
echo 'DEPLOY TO PROD WAS SUCCESSFUL!!!'
}
}
}
}