From 013ebe6edcdee30820a9b0087ce8f7189af0af3b Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 16:10:11 +0300 Subject: [PATCH 001/267] jenkins setup --- jenkins/Dockerfile | 12 ++++++++++++ jenkins/docker-compose.yml | 26 ++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 jenkins/Dockerfile create mode 100644 jenkins/docker-compose.yml diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile new file mode 100644 index 00000000..47a4af4c --- /dev/null +++ b/jenkins/Dockerfile @@ -0,0 +1,12 @@ +FROM jenkins/jenkins:2.462.2-jdk11 +USER root +RUN apt-get update && apt-get install -y lsb-release python3-pip +RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \ + https://download.docker.com/linux/debian/gpg +RUN echo "deb [arch=$(dpkg --print-architecture) \ + signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \ + https://download.docker.com/linux/debian \ + $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list +RUN apt-get update && apt-get install -y docker-ce-cli +USER jenkins +RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54" \ No newline at end of file diff --git a/jenkins/docker-compose.yml b/jenkins/docker-compose.yml new file mode 100644 index 00000000..43c3bc40 --- /dev/null +++ b/jenkins/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3' +services: + jenkins: + build: . # This will build the Docker image from the Dockerfile in the same directory + container_name: jenkins-blueocean + restart: on-failure + networks: + - jenkins + environment: + - DOCKER_HOST=tcp://docker:2376 # Docker host for communication + - DOCKER_CERT_PATH=/certs/client # Path to Docker certificates + - DOCKER_TLS_VERIFY=1 # Enable TLS verification + volumes: + - jenkins-data:/var/jenkins_home # Persistent Jenkins data + - jenkins-docker-certs:/certs/client:ro # Mount Docker client certs for TLS connection (read-only) + ports: + - "8080:8080" # Jenkins web UI + - "50000:50000" # Jenkins agent connections + +networks: + jenkins: + driver: bridge # Creates a custom bridge network called 'jenkins' + +volumes: + jenkins-data: # Persistent volume for Jenkins home directory + jenkins-docker-certs: # Volume for Docker TLS client certificates \ No newline at end of file From f91e50a585418835e09d4222dc033fabe209d774 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 16:47:38 +0300 Subject: [PATCH 002/267] fixed jenkins java version --- jenkins/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 47a4af4c..47ca0b40 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:2.462.2-jdk11 +FROM jenkins/jenkins:2.462.2-jdk17 USER root RUN apt-get update && apt-get install -y lsb-release python3-pip RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \ From 2a4f449d65a688b96e3b9bd77ed25cd39279a970 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 17:12:07 +0300 Subject: [PATCH 003/267] added pipeline jenkins file --- jenkins/Jenkinsfile | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 jenkins/Jenkinsfile diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile new file mode 100644 index 00000000..603a8722 --- /dev/null +++ b/jenkins/Jenkinsfile @@ -0,0 +1,26 @@ +pipeline { + agent any + + stages { + stage('Checkout') { + steps { + git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' + } + } + stage('Build') { + steps { + echo "Building" + } + } + stage("Test") { + steps { + echo "Testing" + } + } + stage("Deliver") { + steps { + echo "Deliver" + } + } + } +} \ No newline at end of file From 4debe1c222a846126e1fd064773668f7b67746f2 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 20:51:38 +0300 Subject: [PATCH 004/267] pipeline messages --- jenkins/Jenkinsfile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 603a8722..1fe1b380 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,4 +23,17 @@ pipeline { } } } + + post { + always { + echo 'Cleaning up...' + // Perform cleanup or archive reports + } + success { + echo 'Pipeline completed successfully.' + } + failure { + echo 'Pipeline failed. Please check the logs.' + } + } } \ No newline at end of file From 5882cad1ad04ebef1ef64d23afc60dca1aa6131f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 23:43:29 +0300 Subject: [PATCH 005/267] changes to jenkinsfile --- jenkins/Jenkinsfile | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1fe1b380..48019050 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -7,6 +7,25 @@ pipeline { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } + stage('TruffleHog Secret Scan') { + steps { + script { + echo "Running TruffleHog Scan" + // Get the current repository URL + def repoUrl = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + echo "Repository URL: ${repoUrl}" + + // This command runs TruffleHog in a Docker container, scanning the GitHub organization + // sh ''' + // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys --fail + // ''' + + sh ''' + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail + ''' + } + } + } stage('Build') { steps { echo "Building" From 54ac5eeff05f5e605417c961d4db965641d2ca65 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 23:44:11 +0300 Subject: [PATCH 006/267] test change --- jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 48019050..dd92cfa8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,6 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' + } } } From bbf57789626078b2e41fb401d83b047301587963 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 23:45:41 +0300 Subject: [PATCH 007/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dd92cfa8..73cfa1bf 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + echo "finished" } } } From be1bb13222e5dfb8595a797da2cb9c6092246807 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 9 Sep 2024 23:47:04 +0300 Subject: [PATCH 008/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 73cfa1bf..dd92cfa8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - echo "finished" + } } } From f2d05071a94f287cfa7eacee2a9675d57b9e0c68 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:04:06 +0300 Subject: [PATCH 009/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dd92cfa8..12a641fa 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 6f31cdf2d80114e7f6f1fbe4d56bcf82d9bd47e6 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:07:36 +0300 Subject: [PATCH 010/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 12a641fa..dd92cfa8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 980b38d5b9a0c0ca40c0e25afd1957804066deda Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:08:57 +0300 Subject: [PATCH 011/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dd92cfa8..12a641fa 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From da2efab72e9921e5d5d4b0cfadf1b1e3066aab92 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:09:37 +0300 Subject: [PATCH 012/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 12a641fa..dd92cfa8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 23cbb3ab5c88b2c4510dd9c7b96cd8d90d031f96 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:13:57 +0300 Subject: [PATCH 013/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dd92cfa8..12a641fa 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 96075512769f4e7890c515405bb3585eb91acf2a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:29:47 +0300 Subject: [PATCH 014/267] test 2 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 12a641fa..6842b131 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 5636e2c64b1fabd38710d3f9d7577c7efc5caff3 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:33:49 +0300 Subject: [PATCH 015/267] test3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 6842b131..dd92cfa8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From f0fb3b2a78e0d6b47fd9bf8b0a6a108c26579028 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:39:46 +0300 Subject: [PATCH 016/267] a --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dd92cfa8..12a641fa 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From ce6dc8f1fa026e6f80a9bd51722f69cc4fdcb40a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:40:22 +0300 Subject: [PATCH 017/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 12a641fa..dd92cfa8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 251e32a0cf96449b2059004cdfac59254a9a1d2f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:41:22 +0300 Subject: [PATCH 018/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dd92cfa8..12a641fa 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { sh ''' docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail ''' - + } } } From 617480a6238f4822491123927ed417c818702d59 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:45:01 +0300 Subject: [PATCH 019/267] test --- jenkins/Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 12a641fa..65d4df30 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -13,7 +13,9 @@ pipeline { echo "Running TruffleHog Scan" // Get the current repository URL def repoUrl = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + def branchName = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() echo "Repository URL: ${repoUrl}" + echo "Branch Name: ${branchName}" // This command runs TruffleHog in a Docker container, scanning the GitHub organization // sh ''' From bcf44faa10a61bbb75f5d8083e54c52e70b29db4 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 00:56:56 +0300 Subject: [PATCH 020/267] TEST --- jenkins/Jenkinsfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 65d4df30..3a4b477b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,10 +1,14 @@ pipeline { agent any - + environment { + REPO_URL = '' + CURR_BRANCH = '' + } stages { stage('Checkout') { steps { - git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' + env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + git env.REPO_URL } } stage('TruffleHog Secret Scan') { @@ -13,9 +17,10 @@ pipeline { echo "Running TruffleHog Scan" // Get the current repository URL def repoUrl = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - def branchName = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() + def currentBranch = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() echo "Repository URL: ${repoUrl}" echo "Branch Name: ${branchName}" + echo "Branch Name from env: ${env.BRANCH_NAME}" // This command runs TruffleHog in a Docker container, scanning the GitHub organization // sh ''' @@ -23,7 +28,7 @@ pipeline { // ''' sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${repoUrl} --fail + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${env.REPO_URL} --fail ''' } From c202c80cf6c61c5eb73cd8507e9126b8d650d5ff Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:01:31 +0300 Subject: [PATCH 021/267] a --- jenkins/Jenkinsfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3a4b477b..f6846574 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -7,8 +7,11 @@ pipeline { stages { stage('Checkout') { steps { - env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + script { + env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + } git env.REPO_URL + } } stage('TruffleHog Secret Scan') { From 5a2649d178bd44c56887faba03c40a17cdc1528b Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:03:47 +0300 Subject: [PATCH 022/267] a --- jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f6846574..55c4800f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -10,6 +10,7 @@ pipeline { script { env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() } + echo "${env.REPO_URL}" git env.REPO_URL } From 6e4c5fb422c33f2e24d0de9e7e2be3409e0c66d7 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:04:55 +0300 Subject: [PATCH 023/267] aaa --- jenkins/Jenkinsfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 55c4800f..997da797 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -8,10 +8,11 @@ pipeline { stage('Checkout') { steps { script { - env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + echo "${env.REPO_URL}" + git env.REPO_URL } - echo "${env.REPO_URL}" - git env.REPO_URL + } } From e28e7216825cc2bfe8b80da3cad9cc2602140314 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:07:52 +0300 Subject: [PATCH 024/267] a --- jenkins/Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 997da797..08964749 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -8,7 +8,8 @@ pipeline { stage('Checkout') { steps { script { - env.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + def REPO_URL = sh(script: 'git branch --show-current', returnStdout: true).trim() + echo "Branch Name from env: ${env.BRANCH_NAME}" echo "${env.REPO_URL}" git env.REPO_URL } From 6121a634dc4827de6daa2ef572afd448ce2093d9 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:25:53 +0300 Subject: [PATCH 025/267] A --- jenkins/Jenkinsfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 08964749..4ec2f594 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,6 +1,6 @@ pipeline { agent any - environment { + parameters { REPO_URL = '' CURR_BRANCH = '' } @@ -8,11 +8,11 @@ pipeline { stage('Checkout') { steps { script { - def REPO_URL = sh(script: 'git branch --show-current', returnStdout: true).trim() - echo "Branch Name from env: ${env.BRANCH_NAME}" - echo "${env.REPO_URL}" - git env.REPO_URL + params.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + params.CURR_BRANCH = sh(script: 'git branch --show-current', returnStdout: true).trim() + echo "REPO_URL : ${params.REPO_URL}" } + git branch: "${params.CURR_BRANCH}", url: "${params.REPO_URL}" } From 0d541d0be4c0d69a378f708f647a2a0482f75277 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:31:06 +0300 Subject: [PATCH 026/267] a --- jenkins/Jenkinsfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4ec2f594..428bc480 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,6 +1,6 @@ pipeline { agent any - parameters { + environment { REPO_URL = '' CURR_BRANCH = '' } @@ -8,11 +8,11 @@ pipeline { stage('Checkout') { steps { script { - params.REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - params.CURR_BRANCH = sh(script: 'git branch --show-current', returnStdout: true).trim() + REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + CURR_BRANCH = sh(script: 'git branch --show-current', returnStdout: true).trim() echo "REPO_URL : ${params.REPO_URL}" } - git branch: "${params.CURR_BRANCH}", url: "${params.REPO_URL}" + git branch: "$CURR_BRANCH", url: "$REPO_URL" } From dd00bd9f3d4d6a80136bf4917692f42b5f258435 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:31:44 +0300 Subject: [PATCH 027/267] a --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 428bc480..e901c275 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -10,7 +10,7 @@ pipeline { script { REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() CURR_BRANCH = sh(script: 'git branch --show-current', returnStdout: true).trim() - echo "REPO_URL : ${params.REPO_URL}" + echo "REPO_URL : $REPO_URL" } git branch: "$CURR_BRANCH", url: "$REPO_URL" From 6733d8295cc4b92cc5da2c76462fa5f6e754ee93 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:48:35 +0300 Subject: [PATCH 028/267] a --- jenkins/Jenkinsfile | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e901c275..b350f316 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -7,14 +7,7 @@ pipeline { stages { stage('Checkout') { steps { - script { - REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - CURR_BRANCH = sh(script: 'git branch --show-current', returnStdout: true).trim() - echo "REPO_URL : $REPO_URL" - } - git branch: "$CURR_BRANCH", url: "$REPO_URL" - - + echo "checkout" } } stage('TruffleHog Secret Scan') { @@ -22,11 +15,8 @@ pipeline { script { echo "Running TruffleHog Scan" // Get the current repository URL - def repoUrl = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - def currentBranch = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - echo "Repository URL: ${repoUrl}" - echo "Branch Name: ${branchName}" - echo "Branch Name from env: ${env.BRANCH_NAME}" + REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() // This command runs TruffleHog in a Docker container, scanning the GitHub organization // sh ''' @@ -34,7 +24,7 @@ pipeline { // ''' sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo ${env.REPO_URL} --fail + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo $REPO_URL --fail ''' } From 5b76ee7d6b8db59acb6aea9b0fdbbefa1095388c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 01:55:37 +0300 Subject: [PATCH 029/267] tried to make trufflehog run locally --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b350f316..4a3e5ee0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -24,7 +24,7 @@ pipeline { // ''' sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo $REPO_URL --fail + docker run --rm -it -v "$PWD" trufflesecurity/trufflehog:latest filesystem $PWD --fail ''' } From 1fe16d78ad71a924f355b95dcedb15401cb5d62d Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 02:16:47 +0300 Subject: [PATCH 030/267] added checkout scm stage --- jenkins/Jenkinsfile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4a3e5ee0..2b2d83f6 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -4,10 +4,15 @@ pipeline { REPO_URL = '' CURR_BRANCH = '' } + + def workspace=""; + stages { - stage('Checkout') { - steps { - echo "checkout" + stage ('Checkout SCM') + { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + checkout scm + workspace = pwd () } } stage('TruffleHog Secret Scan') { From 2a3be9e6dfb301672dc82c96ff32b1b5e5928af8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 02:20:16 +0300 Subject: [PATCH 031/267] fixed checkout stage --- jenkins/Jenkinsfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 2b2d83f6..112dee84 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -3,17 +3,22 @@ pipeline { environment { REPO_URL = '' CURR_BRANCH = '' + workspace = '' } - def workspace=""; - stages { stage ('Checkout SCM') { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - checkout scm - workspace = pwd () + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + checkout scm + workspace = pwd () + } + + } } + } stage('TruffleHog Secret Scan') { steps { From e4c07a801b9ddd4b4655c14b3a6419c0ff5b589b Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 20:48:46 +0300 Subject: [PATCH 032/267] docker trufflehog --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 112dee84..b152558b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -34,7 +34,7 @@ pipeline { // ''' sh ''' - docker run --rm -it -v "$PWD" trufflesecurity/trufflehog:latest filesystem $PWD --fail + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem $PWD --fail ''' } From 2c7bc59526cbb5cd11f71b5cb948ca314052b2f7 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 21:23:10 +0300 Subject: [PATCH 033/267] trufflehog git option --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b152558b..dbdfc1d9 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -34,7 +34,7 @@ pipeline { // ''' sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem $PWD --fail + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail ''' } From a4dd84d69504adc03a7f560345f8bee4cf84c05e Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 21:51:54 +0300 Subject: [PATCH 034/267] docker testing in container --- jenkins/Jenkinsfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index dbdfc1d9..f9a2c7df 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,8 +33,12 @@ pipeline { // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys --fail // ''' + // sh ''' + // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail + // ''' + sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail + docker ps ''' } From f7e37bd2d9c6d968dcba209ce077c095fb73f3dc Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 22:01:16 +0300 Subject: [PATCH 035/267] changed docker-compose to allow sockets --- jenkins/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/docker-compose.yml b/jenkins/docker-compose.yml index 43c3bc40..3c820cde 100644 --- a/jenkins/docker-compose.yml +++ b/jenkins/docker-compose.yml @@ -13,6 +13,7 @@ services: volumes: - jenkins-data:/var/jenkins_home # Persistent Jenkins data - jenkins-docker-certs:/certs/client:ro # Mount Docker client certs for TLS connection (read-only) + - /var/run/docker.sock:/var/run/docker.sock ports: - "8080:8080" # Jenkins web UI - "50000:50000" # Jenkins agent connections From 020b3464a80d32f66456c301952faba6a082c025 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Tue, 10 Sep 2024 22:38:17 +0300 Subject: [PATCH 036/267] test --- jenkins/docker-compose.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/jenkins/docker-compose.yml b/jenkins/docker-compose.yml index 3c820cde..e4ea727e 100644 --- a/jenkins/docker-compose.yml +++ b/jenkins/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3' services: jenkins: build: . # This will build the Docker image from the Dockerfile in the same directory @@ -6,10 +5,10 @@ services: restart: on-failure networks: - jenkins - environment: - - DOCKER_HOST=tcp://docker:2376 # Docker host for communication - - DOCKER_CERT_PATH=/certs/client # Path to Docker certificates - - DOCKER_TLS_VERIFY=1 # Enable TLS verification + # environment: + # # - DOCKER_HOST=tcp://docker:2376 # Docker host for communication + # # - DOCKER_CERT_PATH=/certs/client # Path to Docker certificates + # # - DOCKER_TLS_VERIFY=1 # Enable TLS verification volumes: - jenkins-data:/var/jenkins_home # Persistent Jenkins data - jenkins-docker-certs:/certs/client:ro # Mount Docker client certs for TLS connection (read-only) From d78dc7ce7f6368f90d6e07be3a3cd91de9ac9b3e Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Tue, 10 Sep 2024 23:14:28 +0300 Subject: [PATCH 037/267] TEST 2 --- jenkins/Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1fe1b380..1522b73d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,6 +27,7 @@ pipeline { post { always { echo 'Cleaning up...' + echo 'Cleaning up Continue...' // Perform cleanup or archive reports } success { @@ -36,4 +37,4 @@ pipeline { echo 'Pipeline failed. Please check the logs.' } } -} \ No newline at end of file +} From 879815fcd3bd942213696d356ca9d4348f43b49c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 00:39:21 +0300 Subject: [PATCH 038/267] added docker agent --- jenkins/Jenkinsfile | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f9a2c7df..e11ab354 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,12 +1,23 @@ pipeline { - agent any + agent { + docker { + image 'alpine:latest' // Use Alpine as the base container for the entire pipeline + args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers + } + } environment { REPO_URL = '' CURR_BRANCH = '' workspace = '' } - stages { + stage('Install Docker Client') { + steps { + sh ''' + apk add --no-cache docker-cli # Install Docker client in the Alpine container + ''' + } + } stage ('Checkout SCM') { steps { @@ -15,10 +26,8 @@ pipeline { checkout scm workspace = pwd () } - - } + } } - } stage('TruffleHog Secret Scan') { steps { From 6cc26f9cc119dcdfac175938ef752d77add04cf0 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 00:41:42 +0300 Subject: [PATCH 039/267] removed mount socket --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e11ab354..198b4e37 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -2,7 +2,7 @@ pipeline { agent { docker { image 'alpine:latest' // Use Alpine as the base container for the entire pipeline - args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers + // args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers } } environment { From f9e618dac14bd17749795e789e1bb4b440968e83 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 01:12:56 +0300 Subject: [PATCH 040/267] added docker agent node --- jenkins/Jenkinsfile | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 198b4e37..caba0d70 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,8 +1,7 @@ pipeline { agent { - docker { - image 'alpine:latest' // Use Alpine as the base container for the entire pipeline - // args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers + node { + label 'docker-agent-alpine' } } environment { @@ -11,13 +10,13 @@ pipeline { workspace = '' } stages { - stage('Install Docker Client') { - steps { - sh ''' - apk add --no-cache docker-cli # Install Docker client in the Alpine container - ''' - } - } + // stage('Install Docker Client') { + // steps { + // sh ''' + // apk add --no-cache docker-cli # Install Docker client in the Alpine container + // ''' + // } + // } stage ('Checkout SCM') { steps { From 5b8dd81db714a78f1f33ac1e10a27d67d44d1898 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 01:36:51 +0300 Subject: [PATCH 041/267] fix agent label (?) --- jenkins/Jenkinsfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index caba0d70..b3c7ba15 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,8 +1,6 @@ pipeline { agent { - node { - label 'docker-agent-alpine' - } + label 'docker-agent-alpine' } environment { REPO_URL = '' From 3b25c82d67aff92020f75e8622301fe283b15875 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 02:22:09 +0300 Subject: [PATCH 042/267] test docker --- jenkins/Jenkinsfile | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b3c7ba15..7b0f2b79 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,6 +1,10 @@ pipeline { agent { - label 'docker-agent-alpine' + // label 'docker-agent-alpine' + docker { + image 'alpine:latest' // Use the official Alpine image + args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers + } } environment { REPO_URL = '' @@ -8,13 +12,16 @@ pipeline { workspace = '' } stages { - // stage('Install Docker Client') { - // steps { - // sh ''' - // apk add --no-cache docker-cli # Install Docker client in the Alpine container - // ''' - // } - // } + stage('Install Docker Client') { + steps { + sh 'docker ps' + sh ''' + apk add --no-cache docker-cli # Install Docker client in the Alpine container + ''' + + sh 'docker ps' + } + } stage ('Checkout SCM') { steps { From b5462ed2448c4e0bb6d60c787cf5c5d02c6d608d Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 02:23:30 +0300 Subject: [PATCH 043/267] test 2 agent --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 7b0f2b79..62562476 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,6 +1,6 @@ pipeline { agent { - // label 'docker-agent-alpine' + label 'docker-agent-alpine' docker { image 'alpine:latest' // Use the official Alpine image args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers From 9613e4c2975069ba76cb5b9b01d0799f5e5b402b Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 02:36:01 +0300 Subject: [PATCH 044/267] added jenkins user to docker group --- jenkins/Dockerfile | 5 +++++ jenkins/Jenkinsfile | 6 +----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 47ca0b40..91ef8016 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -8,5 +8,10 @@ RUN echo "deb [arch=$(dpkg --print-architecture) \ https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli + + +# Add Jenkins user to Docker group to allow Jenkins to run Docker commands +RUN groupadd -g 999 docker && usermod -aG docker jenkins + USER jenkins RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54" \ No newline at end of file diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 62562476..07952a11 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,10 +1,6 @@ pipeline { agent { - label 'docker-agent-alpine' - docker { - image 'alpine:latest' // Use the official Alpine image - args '-v /var/run/docker.sock:/var/run/docker.sock' // Mount Docker socket for sibling containers - } + label 'docker-agent-alpine' } environment { REPO_URL = '' From 8b610b4bfe9faa6469ac40e7a615f8566a4c3ab0 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:05:38 +0300 Subject: [PATCH 045/267] fixed docker problem + added trufflehog to scan the repo --- jenkins/Dockerfile | 5 ----- jenkins/Jenkinsfile | 29 +++++++++++++---------------- jenkins/docker-compose.yml | 1 - 3 files changed, 13 insertions(+), 22 deletions(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 91ef8016..47ca0b40 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -8,10 +8,5 @@ RUN echo "deb [arch=$(dpkg --print-architecture) \ https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli - - -# Add Jenkins user to Docker group to allow Jenkins to run Docker commands -RUN groupadd -g 999 docker && usermod -aG docker jenkins - USER jenkins RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54" \ No newline at end of file diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 07952a11..22dd242c 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,23 +1,11 @@ pipeline { - agent { - label 'docker-agent-alpine' - } + agent any environment { REPO_URL = '' CURR_BRANCH = '' workspace = '' } stages { - stage('Install Docker Client') { - steps { - sh 'docker ps' - sh ''' - apk add --no-cache docker-cli # Install Docker client in the Alpine container - ''' - - sh 'docker ps' - } - } stage ('Checkout SCM') { steps { @@ -45,11 +33,20 @@ pipeline { // sh ''' // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail // ''' - + rm trufflehog || true sh ''' - docker ps + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --fail > trufflehog ''' - + cat trufflehog + def truffle = readFile "trufflehog" + + if (truffle.length() == 0) { + echo "Good to go" + } + else { + echo "Warning! Secrets are committed into your git repository." + throw new Exception("Secrets might be committed into your git repo") + } } } } diff --git a/jenkins/docker-compose.yml b/jenkins/docker-compose.yml index e4ea727e..8becff84 100644 --- a/jenkins/docker-compose.yml +++ b/jenkins/docker-compose.yml @@ -16,7 +16,6 @@ services: ports: - "8080:8080" # Jenkins web UI - "50000:50000" # Jenkins agent connections - networks: jenkins: driver: bridge # Creates a custom bridge network called 'jenkins' From aebc17d814dd1f23c761143a6f63eaf397736896 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:07:03 +0300 Subject: [PATCH 046/267] test commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 22dd242c..30aa31a4 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,7 +39,7 @@ pipeline { ''' cat trufflehog def truffle = readFile "trufflehog" - + if (truffle.length() == 0) { echo "Good to go" } From 9d64909adcde02feac804e31b8e52fdbb1a8ba99 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:18:19 +0300 Subject: [PATCH 047/267] fixed trufflehog --- jenkins/Jenkinsfile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 30aa31a4..860e2c91 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -20,7 +20,7 @@ pipeline { stage('TruffleHog Secret Scan') { steps { script { - echo "Running TruffleHog Scan" + echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() @@ -33,15 +33,18 @@ pipeline { // sh ''' // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail // ''' - rm trufflehog || true + + } + script { + echo "Running Trufflehog Scan" + sh 'rm -f trufflehog' sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --fail > trufflehog + docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd --fail > trufflehog ''' - cat trufflehog def truffle = readFile "trufflehog" if (truffle.length() == 0) { - echo "Good to go" + echo "Good to go. No secrets found" } else { echo "Warning! Secrets are committed into your git repository." From ce9c25f3e72c464d4f10e81da8fd2e1a0942fc34 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:20:56 +0300 Subject: [PATCH 048/267] removed -it tag on trufflehog --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 860e2c91..514b5f92 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,7 +39,7 @@ pipeline { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' sh ''' - docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd --fail > trufflehog + docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd --fail > trufflehog ''' def truffle = readFile "trufflehog" From 0aaa1d512608fae69f4376bf30fd0d7ee1c6fd5c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:28:00 +0300 Subject: [PATCH 049/267] check if pipelines triggers on commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 514b5f92..3a861edf 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -41,7 +41,7 @@ pipeline { sh ''' docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd --fail > trufflehog ''' - def truffle = readFile "trufflehog" + def truffle = readFile "trufflehog" if (truffle.length() == 0) { echo "Good to go. No secrets found" From d4495063312606cc4a2ba7dd23dde1e7b0655a51 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:39:08 +0300 Subject: [PATCH 050/267] added forgotten password keys.txt --- jenkins/Jenkinsfile | 2 +- jenkins/keys.txt | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 jenkins/keys.txt diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3a861edf..26a6de5f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,7 +39,7 @@ pipeline { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' sh ''' - docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd --fail > trufflehog + docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd > trufflehog ''' def truffle = readFile "trufflehog" diff --git a/jenkins/keys.txt b/jenkins/keys.txt new file mode 100644 index 00000000..866bd4d6 --- /dev/null +++ b/jenkins/keys.txt @@ -0,0 +1,44 @@ +Basic auth: + +https://admin:admin@the-internet.herokuapp.com/basic_auth + +Private key: +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAjNIZuun +xgLkM8KuzfmQuRAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDe3Al0EMPz +utVNk5DixaYrGMK56RqUoqGBinke6SWVWmqom1lBcJWzor6HlnMRPPr7YCEsJKL4IpuVwu +inRa5kdtNTyM7yyQTSR2xXCS0fUItNuq8pUktsH8VUggpMeew8hJv7rFA7tnIg3UXCl6iF +OLZKbDA5aa24idpcD8b1I9/RzTOB1fu0of5xd9vgODzGw5JvHQSJ0FaA42aNBMGwrDhDB3 +sgnRNdWf6NNIh8KpXXMKJADf3klsyn6He8L2bPMp8a4wwys2YB35p5zQ0JURovsdewlOxH +NT7eP19eVf4dCreibxUmRUaob5DEoHEk8WrxjKWIYUuLeD6AfcW6oXyRU2Yy8Vrt6SqFl5 +WAi47VMFTkDZYS/eCvG53q9UBHpCj7Qvb0vSkCZXBvBIhlw193F3PX4WvO1IXsMwvQ1D1X +lmomsItbqM0cJyKw6LU18QWiBHvE7BqcphaoL5E08W2ATTSRIMCp6rt4rptM7KyGK8rc6W +UYrCnWt6KlCA8AAAWQXk+lVx6bH5itIKKYmQr6cR/5xtZ2GHAxnYtvlW3xnGhU0MHv+lJ2 +uoWlT2RXE5pdMUQj7rNWAMqkwifSKZs9wBfYeo1TaFDmC3nW7yHSN3XTuO78mPIW5JyvmE +Rj5qjsUn7fNmzECoAxnVERhwnF3KqUBEPzIAc6/7v/na9NTiiGaJPco9lvCoPWbVLN08WG +SuyU+0x5zc3ebzuPcYqu5/c5nmiGxhALrIhjIS0OV1mtAAFhvdMjMIHOijOzSKVCC7rRk5 +kG9EMLNvOn/DUVSRHamw5gs2V3V+Zq2g5nYWfgq8aDSTB8XlIzOj1cz3HwfN6pfSNQ/3Qe +wOQfWfTWdO+JSL8aoBN5Wg8tDbgmvmbFrINsJfFfSm0wZgcHhC7Ul4U3v4c8PoNdK9HXwi +TKKzJ9nxLYb+vDh50cnkseu2gt0KwVpjIorxEqeK755mKPao3JmOMr6uFTQsb+g+ZNgPwl +nRHA4Igx+zADFj3twldnKIiRpBQ5J4acur3uQ+saanBTXgul1TiFiUGT2cnz+IiCsdPovg +TAMt868W5LmzpfH4Cy54JtaRC4/UuMnkTGbWgutVDnWj2stOAzsQ1YmhH5igUmc94mUL+W +8vQDCKpeI8n+quDS9zxTvy4L4H5Iz7OZlh0h6N13BDvCYXKcNF/ugkfxZbu8mZsZQQzXNR +wOrEtKoHc4AnXYNzsuHEoEyLyJxGfFRDSTLbyN9wFOS/c0k9Gjte+kQRZjBVGORE5sN6X3 +akUnTF76RhbEc+LamrwM1h5340bwosRbR8I+UrsQdFfJBEj1ZSyMRJlMkFUNi6blt7bhyx +ea+Pm2A614nlYUBjw2KKzzn8N/0H2NpJjIptvDsbrx3BS/rKwOeJwavRrGnIlEzuAag4vx +Zb2TPVta45uz7fQP5IBl83b0BJKI5Zv/fniUeLI78W/UsZqb64YQbfRyBzFtI1T/SsCi0B +e0EyKMzbxtSceT1Mb8eJiVIq04Xpwez9fIUt5rSedZD8KPq8P6s0cGsR7Qmw6eXZ/dBR/a +s5vPhfIUmQawmnwAVuWNRdQQ79jUBSn5M+ZRVVTgEG+vFyvxr/bZqOo1JCoq5BmQhLWGRJ +Dk9TolbeFIVFrkuXkcu99a079ux7XSkON64oPzHrcsEzjPA1GPqs9CGBSO16wq/nI3zg+E +kcOCaurc9yHJJPwduem0+8WLX3WoGNfQRKurtQze2ppy8KarEtDhDd96sKkhYaqOg3GOX8 +Yx827L4vuWSJSIqKuO2kH6kOCMUNO16piv0z/8u3CJxOGh9+4FZIop81fiFTKLhV3/gwLm +fzFY++KIZrLfZcUjzd80NNEja69F452Eb9HrI5BurN/PznDEi9bzM598Y7beyl4/kd4R2e +S7SW9/LOrGw5UgxtiU+kV8nPz1PdgxO4sRlnntSBEwkQBzMkLOpq2h2BuJ2TlMP/TWuwLQ +sDkv1Yk1pD0roGmtMzbujnURGxqRJ8gUmuIot4hpfyRSssvnRQQZ3lQCQCwHiE+HJxXWf5 +c58zOMjW7o21tI8e13uUnbRoQVJM9XYqk1usPXIkYPYL9uOw3AW/Zn+cnDrsXvTK9ZxgGD +/90b1BNwVqMlUK+QggHNwl5qD8eoXK5cDvav66te+E+V7FYFQ06w3tytRVz8SjoaiChN02 +muIjvl6G7Hoj1hObM2t/ZheN1EShS11z868hhS6Mx7GvIdtkXuvdiBYMiBLOshJQxB8Mzx +iug9W+Di3upLf0UMC1TqADGphsIHRU7RbmHQ8Rwp7dogswmDfpRSapPt9p0D+6Ad5VBzi3 +f3BPXj76UBLMEJCrZR1P28vnAA7AyNHaLvMPlWDMG5v3V/UV+ugyFcoBAOyjiQgYST8F3e +Hx7UPVlTK8dyvk1Z+Yw0nrfNClI= +-----END OPENSSH PRIVATE KEY----- From b9cc8a785844d4a87ea3cd639f9a08cbdb653d25 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:51:19 +0300 Subject: [PATCH 051/267] test key detection --- jenkins/Jenkinsfile | 3 ++- jenkins/keys.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 26a6de5f..f4355f47 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,7 +39,8 @@ pipeline { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' sh ''' - docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd > trufflehog + docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest \ + git file:///pwd --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" diff --git a/jenkins/keys.txt b/jenkins/keys.txt index 866bd4d6..8919d781 100644 --- a/jenkins/keys.txt +++ b/jenkins/keys.txt @@ -1,5 +1,5 @@ Basic auth: - + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 42f824fff2d2c0e15ff0263f2bd9a0d4cbc9b611 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:56:06 +0300 Subject: [PATCH 052/267] test --- jenkins/Jenkinsfile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f4355f47..ba449472 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -17,6 +17,20 @@ pipeline { } } } + stage('Check Git Status') { + steps { + script { + // Ensure we are in a Git repository + sh 'git status' + + // List files staged for commit + sh 'git diff --name-only --cached' + + // List all files changed since the last commit + sh 'git diff HEAD --name-only' + } + } + } stage('TruffleHog Secret Scan') { steps { script { From 6e85263c99ac90170daf4fda4bb09ed6c0f91af3 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 21:59:08 +0300 Subject: [PATCH 053/267] tests to check git status --- jenkins/Jenkinsfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index ba449472..9b806c4b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -52,6 +52,9 @@ pipeline { script { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' + + sh 'git status' + sh ''' docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest \ git file:///pwd --since-commit HEAD --no-verification --fail > trufflehog From e5130cd014349b0f1784693d64cadbc691f133e6 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:01:01 +0300 Subject: [PATCH 054/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9b806c4b..09f709d2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -47,7 +47,7 @@ pipeline { // sh ''' // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail // ''' - + } script { echo "Running Trufflehog Scan" From d34c99f9b63747c999d5d08a57b20e5901bae583 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:11:05 +0300 Subject: [PATCH 055/267] a --- jenkins/Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 09f709d2..e67ac587 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,6 +39,8 @@ pipeline { REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() + sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() + // This command runs TruffleHog in a Docker container, scanning the GitHub organization // sh ''' // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys --fail From b6dbc5e3f844da108588965ec7b71a78a7967560 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:15:59 +0300 Subject: [PATCH 056/267] a --- jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e67ac587..c8220b39 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,6 +30,7 @@ pipeline { sh 'git diff HEAD --name-only' } } + echo workspace } stage('TruffleHog Secret Scan') { steps { From bac3d12e575825cd9a01dec642a86f88362e339b Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:16:34 +0300 Subject: [PATCH 057/267] a --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c8220b39..d8351453 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -29,8 +29,8 @@ pipeline { // List all files changed since the last commit sh 'git diff HEAD --name-only' } - } - echo workspace + echo workspace + } } stage('TruffleHog Secret Scan') { steps { From 1a536edf4679fb71581bbb9f4b853a00cdda2802 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:18:50 +0300 Subject: [PATCH 058/267] a --- jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d8351453..17001bd2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,6 +30,7 @@ pipeline { sh 'git diff HEAD --name-only' } echo workspace + echo pwd } } stage('TruffleHog Secret Scan') { From 271928562784f39ac18dae3c755b0e65b18560ea Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:20:08 +0300 Subject: [PATCH 059/267] fixed workspace in git --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 17001bd2..a410ea4b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -60,8 +60,8 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest \ - git file:///pwd --since-commit HEAD --no-verification --fail > trufflehog + docker run --rm -v "$workspace:/workspace" trufflesecurity/trufflehog:latest \ + git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From 00cddef14d9a77a6ef34d6cd1ef46f0768284689 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:25:10 +0300 Subject: [PATCH 060/267] test with workspace --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a410ea4b..b915e535 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "$workspace:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From 99b42dc53c0591343ed338995fe82cf0d4a7c397 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:29:29 +0300 Subject: [PATCH 061/267] fix --- jenkins/Jenkinsfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b915e535..279db1b0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -3,7 +3,7 @@ pipeline { environment { REPO_URL = '' CURR_BRANCH = '' - workspace = '' + WORKSPACE = '' } stages { stage ('Checkout SCM') @@ -12,7 +12,7 @@ pipeline { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { checkout scm - workspace = pwd () + WORKSPACE = pwd () } } } @@ -29,7 +29,7 @@ pipeline { // List all files changed since the last commit sh 'git diff HEAD --name-only' } - echo workspace + echo WORKSPACE echo pwd } } @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "${env.WORKSPACE}:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From 9833b5f6ba38a673242cb5934e33ffee5669967a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:31:42 +0300 Subject: [PATCH 062/267] fix 2 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 279db1b0..570deab9 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "${env.WORKSPACE}:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "$WORKSPACE:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From 94c5a878a4926a322c2335c8d689f304100ed570 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:37:54 +0300 Subject: [PATCH 063/267] a --- jenkins/Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 570deab9..b9394ac9 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -3,7 +3,7 @@ pipeline { environment { REPO_URL = '' CURR_BRANCH = '' - WORKSPACE = '' + workspace = '' } stages { stage ('Checkout SCM') @@ -12,7 +12,7 @@ pipeline { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { checkout scm - WORKSPACE = pwd () + workspace = pwd () } } } @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "$WORKSPACE:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "${env.workspace}:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From afeeb575d7b265c56a9a3b6d1b4f4fa36cf4dbcc Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:38:58 +0300 Subject: [PATCH 064/267] fix --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b9394ac9..7acdf775 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -29,7 +29,7 @@ pipeline { // List all files changed since the last commit sh 'git diff HEAD --name-only' } - echo WORKSPACE + echo workspace echo pwd } } From 87770524d66296dc54b3d1f2dc92740f71d017fe Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:41:32 +0300 Subject: [PATCH 065/267] fix --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 7acdf775..a410ea4b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "${env.workspace}:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "$workspace:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From a59d15c0ec6d9982a60ce1ff6833b1901d49472c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:43:48 +0300 Subject: [PATCH 066/267] a --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a410ea4b..4662d2f8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "$workspace:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "\$workspace:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From 4e85175b0139db3c366eeec8c1ef31c24a67cf87 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:49:09 +0300 Subject: [PATCH 067/267] fix ? --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4662d2f8..84246cf1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -60,7 +60,7 @@ pipeline { sh 'git status' sh ''' - docker run --rm -v "\$workspace:/workspace" trufflesecurity/trufflehog:latest \ + docker run --rm -v "\${env.workspace}:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog ''' def truffle = readFile "trufflehog" From 23a6cb9c2ee10f40dfe540006dd24f7a52979aaa Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:52:21 +0300 Subject: [PATCH 068/267] final fix ? --- jenkins/Jenkinsfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 84246cf1..5160aa2f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -59,10 +59,9 @@ pipeline { sh 'git status' - sh ''' - docker run --rm -v "\${env.workspace}:/workspace" trufflesecurity/trufflehog:latest \ + sh """ docker run --rm -v "\${env.workspace}:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog - ''' + """ def truffle = readFile "trufflehog" if (truffle.length() == 0) { From 16fdfda65888123170cdf4aa3b72548cf09d1157 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:54:11 +0300 Subject: [PATCH 069/267] a --- jenkins/Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5160aa2f..33832f80 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -59,7 +59,8 @@ pipeline { sh 'git status' - sh """ docker run --rm -v "\${env.workspace}:/workspace" trufflesecurity/trufflehog:latest \ + sh """ + docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog """ def truffle = readFile "trufflehog" From 8d6b44368f24321539e8efb22372f8652b3d85c4 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 22:56:20 +0300 Subject: [PATCH 070/267] test key trufflehog detection --- jenkins/keys.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys.txt b/jenkins/keys.txt index 8919d781..866bd4d6 100644 --- a/jenkins/keys.txt +++ b/jenkins/keys.txt @@ -1,5 +1,5 @@ Basic auth: - + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From dca6f6ba33d820c53723f9f458042f3ed8a48abb Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:08:57 +0300 Subject: [PATCH 071/267] TEST 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1522b73d..88bb84f4 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { post { always { echo 'Cleaning up...' - echo 'Cleaning up Continue...' + echo 'Cleaning up Continue 2...' // Perform cleanup or archive reports } success { From d57c42c7b8f34827ab1a879efc8ec0846cbab466 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:11:38 +0300 Subject: [PATCH 072/267] TEST 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 88bb84f4..b7976d61 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { post { always { - echo 'Cleaning up...' + echo 'Cleaning up...22' echo 'Cleaning up Continue 2...' // Perform cleanup or archive reports } From 7a960c2bf673f683139f16d3463ad3f112910b97 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:16:34 +0300 Subject: [PATCH 073/267] TEST 3 --- jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b7976d61..62180d02 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,6 +15,7 @@ pipeline { stage("Test") { steps { echo "Testing" + echo "Testing2" } } stage("Deliver") { From 09645f48fa595f4b8b48a23b4ae3466dd2631fb8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:22:02 +0300 Subject: [PATCH 074/267] TEST 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 62180d02..3017dbe2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage("Test") { steps { echo "Testing" - echo "Testing2" + echo "Testing3" } } stage("Deliver") { From f495f926dc733cbe7dad50d52d5f4f0aace72402 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:22:59 +0300 Subject: [PATCH 075/267] TEST 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3017dbe2..a68c9af7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage("Test") { steps { echo "Testing" - echo "Testing3" + echo "Testing4" } } stage("Deliver") { From 2d3d89aad4f6d99c3c97b494ee183b8f33254ba6 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:43:45 +0300 Subject: [PATCH 076/267] TEST 5 --- jenkins/Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a68c9af7..cf7918b1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -5,6 +5,8 @@ pipeline { stage('Checkout') { steps { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' + echo "Repository checked out successfully" + } } stage('Build') { From 5368da0b306eeb8f8f11706d79cd85c6920d27cb Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Wed, 11 Sep 2024 23:47:44 +0300 Subject: [PATCH 077/267] TEST 5 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index cf7918b1..221b7f47 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -5,7 +5,7 @@ pipeline { stage('Checkout') { steps { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' - echo "Repository checked out successfully" + echo "Repository checked out successfully3" } } From 18c24a4f951fcb8b222c92463bcb226fc514e51a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 23:52:59 +0300 Subject: [PATCH 078/267] a --- jenkins/keys.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys.txt b/jenkins/keys.txt index 866bd4d6..8919d781 100644 --- a/jenkins/keys.txt +++ b/jenkins/keys.txt @@ -1,5 +1,5 @@ Basic auth: - + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 2ffe40ecac79ea049c0273cae8f7ed417609d63f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 23:54:48 +0300 Subject: [PATCH 079/267] test key detection commit --- jenkins/keys.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys.txt b/jenkins/keys.txt index 8919d781..8254e9af 100644 --- a/jenkins/keys.txt +++ b/jenkins/keys.txt @@ -1,5 +1,5 @@ Basic auth: - + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 8b5d3fe2a73dc7880041b5a2a9fc74154cb43bad Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Wed, 11 Sep 2024 23:57:19 +0300 Subject: [PATCH 080/267] new commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 33832f80..9a78fa96 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -64,7 +64,7 @@ pipeline { git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog """ def truffle = readFile "trufflehog" - + if (truffle.length() == 0) { echo "Good to go. No secrets found" } From e0f8e848ac84efee45f728666db529ce5edc3c51 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:06:37 +0300 Subject: [PATCH 081/267] TEST Semgrep --- jenkins/Jenkinsfile | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 221b7f47..d75b1a60 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -5,10 +5,19 @@ pipeline { stage('Checkout') { steps { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' - echo "Repository checked out successfully3" - } } + stage('Install Semgrep') { + steps { + sh 'pip install semgrep' + } + } + stage('Run Semgrep') { + steps { + echo "Running Semgrep Static Analysis" + sh 'semgrep --config p/ci' + } + } stage('Build') { steps { echo "Building" @@ -17,7 +26,6 @@ pipeline { stage("Test") { steps { echo "Testing" - echo "Testing4" } } stage("Deliver") { @@ -29,8 +37,7 @@ pipeline { post { always { - echo 'Cleaning up...22' - echo 'Cleaning up Continue 2...' + echo 'Cleaning up...' // Perform cleanup or archive reports } success { From 475619251c5fba5f26c75ef9a347aad4c1dca397 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:07:37 +0300 Subject: [PATCH 082/267] TEST Semgrep --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d75b1a60..18c46350 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Install Semgrep') { steps { - sh 'pip install semgrep' + sh 'docker pull returntocorp/semgrep' } } stage('Run Semgrep') { From a8db43978b543bc512666d443a9d8d5c6f2e83c7 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:11:23 +0300 Subject: [PATCH 083/267] TEST Semgrep --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 18c46350..51ce9f09 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Run Semgrep') { steps { echo "Running Semgrep Static Analysis" - sh 'semgrep --config p/ci' + sh 'docker run --rm -v $PWD:/src returntocorp/semgrep --config p/ci --error' } } stage('Build') { From 8b904e39a33b7e2030be0691093518fc1123bd14 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:15:29 +0300 Subject: [PATCH 084/267] TEST Semgrep --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 51ce9f09..9c69a5b1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Run Semgrep') { steps { echo "Running Semgrep Static Analysis" - sh 'docker run --rm -v $PWD:/src returntocorp/semgrep --config p/ci --error' + sh 'docker run returntocorp/semgrep' } } stage('Build') { From 134bdf5b3cba1468a52fbaa34ba47f5bb43c87aa Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:18:18 +0300 Subject: [PATCH 085/267] TEST Semgrep --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9c69a5b1..943c9f95 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Run Semgrep') { steps { echo "Running Semgrep Static Analysis" - sh 'docker run returntocorp/semgrep' + sh 'dockersh 'docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep --config p/ci --error' run returntocorp/semgrep' } } stage('Build') { From 0a4e94759cd0d3f5bfdef0834adb3f24ff772c7f Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:19:58 +0300 Subject: [PATCH 086/267] TEST Semgrep --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 943c9f95..6efa800f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Run Semgrep') { steps { echo "Running Semgrep Static Analysis" - sh 'dockersh 'docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep --config p/ci --error' run returntocorp/semgrep' + sh 'docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep --config p/ci --error' } } stage('Build') { From 5c2b49683e8990985d2dc654e7b20cf2bb956738 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:21:20 +0300 Subject: [PATCH 087/267] TEST Semgrep --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 6efa800f..963716ca 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Run Semgrep') { steps { echo "Running Semgrep Static Analysis" - sh 'docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep --config p/ci --error' + sh 'docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep semgrep --config p/ci --error' } } stage('Build') { From 460e2efe6dac78ad34a116d92ebfb82cb1954032 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 00:23:39 +0300 Subject: [PATCH 088/267] TEST Semgrep --- jenkins/Jenkinsfile | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 963716ca..e613061e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -12,12 +12,27 @@ pipeline { sh 'docker pull returntocorp/semgrep' } } - stage('Run Semgrep') { - steps { - echo "Running Semgrep Static Analysis" - sh 'docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep semgrep --config p/ci --error' - } - } + stage('Run Semgrep on changed files') { + steps { + echo "Running Semgrep Static Analysis on changed files" + + script { + // Λαμβάνουμε τα τροποποιημένα αρχεία από το τελευταίο commit + def changedFiles = sh(script: "git diff --name-only HEAD~1 HEAD", returnStdout: true).trim() + + if (changedFiles) { + echo "Files changed in the last commit: ${changedFiles}" + + // Εκτέλεση Semgrep μόνο στα αλλαγμένα αρχεία + sh """ + docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep semgrep --config p/ci --error ${changedFiles} + """ + } else { + echo "No files changed in the last commit." + } + } + } + } stage('Build') { steps { echo "Building" From 3043078d103de414e6635691a23adb3d9f1713d3 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 00:40:11 +0300 Subject: [PATCH 089/267] finished trufflehog hopefully --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9a78fa96..d3d2cb66 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -61,7 +61,7 @@ pipeline { sh """ docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git file:///workspace --since-commit HEAD --no-verification --fail > trufflehog + git file:///workspace --since-commit HEAD --branch ${CURR_BRANCH} --no-verification --fail > trufflehog """ def truffle = readFile "trufflehog" From 4aa13517f89127fb347fbec71944a73b376b41a8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 00:47:17 +0300 Subject: [PATCH 090/267] finished trufflehog --- jenkins/Jenkinsfile | 59 +++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 34 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d3d2cb66..43d68320 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -35,42 +35,33 @@ pipeline { } stage('TruffleHog Secret Scan') { steps { - script { - echo "Getting git repo info" - // Get the current repository URL - REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - - sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() - - // This command runs TruffleHog in a Docker container, scanning the GitHub organization - // sh ''' - // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys --fail - // ''' - - // sh ''' - // docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git $PWD --fail - // ''' - - } - script { - echo "Running Trufflehog Scan" - sh 'rm -f trufflehog' - - sh 'git status' + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + echo "Getting git repo info" + // Get the current repository URL + REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - sh """ - docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git file:///workspace --since-commit HEAD --branch ${CURR_BRANCH} --no-verification --fail > trufflehog - """ - def truffle = readFile "trufflehog" - - if (truffle.length() == 0) { - echo "Good to go. No secrets found" + sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() + } - else { - echo "Warning! Secrets are committed into your git repository." - throw new Exception("Secrets might be committed into your git repo") + script { + echo "Running Trufflehog Scan" + sh 'rm -f trufflehog' + + sh """ + docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ + git file:///workspace --since-commit HEAD --branch ${CURR_BRANCH} --no-verification --fail > trufflehog + """ + def truffle = readFile "trufflehog" + + if (truffle.length() == 0) { + echo "Good to go. No secrets found" + } + else { + echo "Warning! Secrets are committed into your git repository." + throw new Exception("Secrets might be committed into your git repo") + } } } } From 52c175ac5c787a74e8a54e976b0193901fa6bf33 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 00:47:50 +0300 Subject: [PATCH 091/267] final test commit (?) --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 43d68320..27f1dcc1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -43,7 +43,7 @@ pipeline { CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() - + } script { echo "Running Trufflehog Scan" From 4108222aa9b6ae0ed399a91c7855b89a37154eab Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 00:52:41 +0300 Subject: [PATCH 092/267] final final trufflehog --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 27f1dcc1..ab13562a 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -51,7 +51,7 @@ pipeline { sh """ docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git file:///workspace --since-commit HEAD --branch ${CURR_BRANCH} --no-verification --fail > trufflehog + git ${REPO_URL} --branch ${CURR_BRANCH} --no-verification --fail > trufflehog """ def truffle = readFile "trufflehog" From df1c7e775e6050c6b661846081631b5e0107e94f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 00:53:03 +0300 Subject: [PATCH 093/267] final final test commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index ab13562a..d2ef17ef 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -43,7 +43,7 @@ pipeline { CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() - + } script { echo "Running Trufflehog Scan" From c968df100cc6bcd442559fac72cdd95204d774a0 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 01:08:09 +0300 Subject: [PATCH 094/267] final commit ??? --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d2ef17ef..a87dd1cd 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -51,7 +51,7 @@ pipeline { sh """ docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git ${REPO_URL} --branch ${CURR_BRANCH} --no-verification --fail > trufflehog + git ${REPO_URL} --branch ${CURR_BRANCH} --no-verification > trufflehog """ def truffle = readFile "trufflehog" From 7bd84649f0aa677405c65ba68e68dcd983f40a4a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 01:27:13 +0300 Subject: [PATCH 095/267] truly final commit --- jenkins/Jenkinsfile | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a87dd1cd..4c5f3ee2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -17,34 +17,21 @@ pipeline { } } } - stage('Check Git Status') { + stage('Setting Environment Variables') { steps { script { - // Ensure we are in a Git repository - sh 'git status' - - // List files staged for commit - sh 'git diff --name-only --cached' - - // List all files changed since the last commit - sh 'git diff HEAD --name-only' - } - echo workspace - echo pwd - } - } - stage('TruffleHog Secret Scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() - + sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() } + } + } + stage('TruffleHog Secret Scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' From 7c168744281b8170e5df0c7a98c20e5af2420469 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 01:43:52 +0300 Subject: [PATCH 096/267] removed commented lines on docker compose --- jenkins/docker-compose.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/jenkins/docker-compose.yml b/jenkins/docker-compose.yml index 8becff84..26a6b0df 100644 --- a/jenkins/docker-compose.yml +++ b/jenkins/docker-compose.yml @@ -5,10 +5,6 @@ services: restart: on-failure networks: - jenkins - # environment: - # # - DOCKER_HOST=tcp://docker:2376 # Docker host for communication - # # - DOCKER_CERT_PATH=/certs/client # Path to Docker certificates - # # - DOCKER_TLS_VERIFY=1 # Enable TLS verification volumes: - jenkins-data:/var/jenkins_home # Persistent Jenkins data - jenkins-docker-certs:/certs/client:ro # Mount Docker client certs for TLS connection (read-only) From 01107e15f81468fcddac675f70fee1807826879c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 01:48:54 +0300 Subject: [PATCH 097/267] keys copy for testing --- jenkins/keys copy.txt | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 jenkins/keys copy.txt diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt new file mode 100644 index 00000000..8254e9af --- /dev/null +++ b/jenkins/keys copy.txt @@ -0,0 +1,44 @@ +Basic auth: + +https://admin:admin@the-internet.herokuapp.com/basic_auth + +Private key: +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAjNIZuun +xgLkM8KuzfmQuRAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDe3Al0EMPz +utVNk5DixaYrGMK56RqUoqGBinke6SWVWmqom1lBcJWzor6HlnMRPPr7YCEsJKL4IpuVwu +inRa5kdtNTyM7yyQTSR2xXCS0fUItNuq8pUktsH8VUggpMeew8hJv7rFA7tnIg3UXCl6iF +OLZKbDA5aa24idpcD8b1I9/RzTOB1fu0of5xd9vgODzGw5JvHQSJ0FaA42aNBMGwrDhDB3 +sgnRNdWf6NNIh8KpXXMKJADf3klsyn6He8L2bPMp8a4wwys2YB35p5zQ0JURovsdewlOxH +NT7eP19eVf4dCreibxUmRUaob5DEoHEk8WrxjKWIYUuLeD6AfcW6oXyRU2Yy8Vrt6SqFl5 +WAi47VMFTkDZYS/eCvG53q9UBHpCj7Qvb0vSkCZXBvBIhlw193F3PX4WvO1IXsMwvQ1D1X +lmomsItbqM0cJyKw6LU18QWiBHvE7BqcphaoL5E08W2ATTSRIMCp6rt4rptM7KyGK8rc6W +UYrCnWt6KlCA8AAAWQXk+lVx6bH5itIKKYmQr6cR/5xtZ2GHAxnYtvlW3xnGhU0MHv+lJ2 +uoWlT2RXE5pdMUQj7rNWAMqkwifSKZs9wBfYeo1TaFDmC3nW7yHSN3XTuO78mPIW5JyvmE +Rj5qjsUn7fNmzECoAxnVERhwnF3KqUBEPzIAc6/7v/na9NTiiGaJPco9lvCoPWbVLN08WG +SuyU+0x5zc3ebzuPcYqu5/c5nmiGxhALrIhjIS0OV1mtAAFhvdMjMIHOijOzSKVCC7rRk5 +kG9EMLNvOn/DUVSRHamw5gs2V3V+Zq2g5nYWfgq8aDSTB8XlIzOj1cz3HwfN6pfSNQ/3Qe +wOQfWfTWdO+JSL8aoBN5Wg8tDbgmvmbFrINsJfFfSm0wZgcHhC7Ul4U3v4c8PoNdK9HXwi +TKKzJ9nxLYb+vDh50cnkseu2gt0KwVpjIorxEqeK755mKPao3JmOMr6uFTQsb+g+ZNgPwl +nRHA4Igx+zADFj3twldnKIiRpBQ5J4acur3uQ+saanBTXgul1TiFiUGT2cnz+IiCsdPovg +TAMt868W5LmzpfH4Cy54JtaRC4/UuMnkTGbWgutVDnWj2stOAzsQ1YmhH5igUmc94mUL+W +8vQDCKpeI8n+quDS9zxTvy4L4H5Iz7OZlh0h6N13BDvCYXKcNF/ugkfxZbu8mZsZQQzXNR +wOrEtKoHc4AnXYNzsuHEoEyLyJxGfFRDSTLbyN9wFOS/c0k9Gjte+kQRZjBVGORE5sN6X3 +akUnTF76RhbEc+LamrwM1h5340bwosRbR8I+UrsQdFfJBEj1ZSyMRJlMkFUNi6blt7bhyx +ea+Pm2A614nlYUBjw2KKzzn8N/0H2NpJjIptvDsbrx3BS/rKwOeJwavRrGnIlEzuAag4vx +Zb2TPVta45uz7fQP5IBl83b0BJKI5Zv/fniUeLI78W/UsZqb64YQbfRyBzFtI1T/SsCi0B +e0EyKMzbxtSceT1Mb8eJiVIq04Xpwez9fIUt5rSedZD8KPq8P6s0cGsR7Qmw6eXZ/dBR/a +s5vPhfIUmQawmnwAVuWNRdQQ79jUBSn5M+ZRVVTgEG+vFyvxr/bZqOo1JCoq5BmQhLWGRJ +Dk9TolbeFIVFrkuXkcu99a079ux7XSkON64oPzHrcsEzjPA1GPqs9CGBSO16wq/nI3zg+E +kcOCaurc9yHJJPwduem0+8WLX3WoGNfQRKurtQze2ppy8KarEtDhDd96sKkhYaqOg3GOX8 +Yx827L4vuWSJSIqKuO2kH6kOCMUNO16piv0z/8u3CJxOGh9+4FZIop81fiFTKLhV3/gwLm +fzFY++KIZrLfZcUjzd80NNEja69F452Eb9HrI5BurN/PznDEi9bzM598Y7beyl4/kd4R2e +S7SW9/LOrGw5UgxtiU+kV8nPz1PdgxO4sRlnntSBEwkQBzMkLOpq2h2BuJ2TlMP/TWuwLQ +sDkv1Yk1pD0roGmtMzbujnURGxqRJ8gUmuIot4hpfyRSssvnRQQZ3lQCQCwHiE+HJxXWf5 +c58zOMjW7o21tI8e13uUnbRoQVJM9XYqk1usPXIkYPYL9uOw3AW/Zn+cnDrsXvTK9ZxgGD +/90b1BNwVqMlUK+QggHNwl5qD8eoXK5cDvav66te+E+V7FYFQ06w3tytRVz8SjoaiChN02 +muIjvl6G7Hoj1hObM2t/ZheN1EShS11z868hhS6Mx7GvIdtkXuvdiBYMiBLOshJQxB8Mzx +iug9W+Di3upLf0UMC1TqADGphsIHRU7RbmHQ8Rwp7dogswmDfpRSapPt9p0D+6Ad5VBzi3 +f3BPXj76UBLMEJCrZR1P28vnAA7AyNHaLvMPlWDMG5v3V/UV+ugyFcoBAOyjiQgYST8F3e +Hx7UPVlTK8dyvk1Z+Yw0nrfNClI= +-----END OPENSSH PRIVATE KEY----- From fbacd4f9510c32d7e7426fae4ca17ed0a1d7b630 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 04:00:03 +0300 Subject: [PATCH 098/267] jenkinsfile --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4c5f3ee2..1165e213 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,7 @@ pipeline { sh """ docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git ${REPO_URL} --branch ${CURR_BRANCH} --no-verification > trufflehog + git ${REPO_URL} --branch ${CURR_BRANCH} > trufflehog """ def truffle = readFile "trufflehog" From f9b188ab6029dc05984263c8714a9352ecc22c3e Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 18:18:34 +0300 Subject: [PATCH 099/267] a --- jenkins/Jenkinsfile | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1165e213..b6c1599e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,6 +33,26 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { + + def stagedFiles = sh(script: 'git diff --staged --name-only', returnStdout: true).trim() + + if(stagedFiles) { + echo "Running TruffleHog scan on the following files: ${stagedFiles}" + + sh 'rm -f trufflehog_results.txt' + + // Loop through the staged files and run TruffleHog on each + for (file in stagedFiles.split('\n')) { + echo "Scanning file: ${file}" + + // Run TruffleHog scan on each staged file using filesystem scan + sh """ + docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ + filesystem --path /workspace/${file} >> trufflehog_results.txt + """ + } + } + echo "Running Trufflehog Scan" sh 'rm -f trufflehog' From 3329ca6ca6e40931483bd24e28c75c04a3c0d16f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 20:29:13 +0300 Subject: [PATCH 100/267] fixed some things --- jenkins/Dockerfile | 2 +- jenkins/Jenkinsfile | 17 ----------------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 47ca0b40..7b57312f 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -9,4 +9,4 @@ RUN echo "deb [arch=$(dpkg --print-architecture) \ $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli USER jenkins -RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54" \ No newline at end of file +RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54 build-token-root:151.va_e52fe3215fc" \ No newline at end of file diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b6c1599e..4533ef1b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -35,23 +35,6 @@ pipeline { script { def stagedFiles = sh(script: 'git diff --staged --name-only', returnStdout: true).trim() - - if(stagedFiles) { - echo "Running TruffleHog scan on the following files: ${stagedFiles}" - - sh 'rm -f trufflehog_results.txt' - - // Loop through the staged files and run TruffleHog on each - for (file in stagedFiles.split('\n')) { - echo "Scanning file: ${file}" - - // Run TruffleHog scan on each staged file using filesystem scan - sh """ - docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - filesystem --path /workspace/${file} >> trufflehog_results.txt - """ - } - } echo "Running Trufflehog Scan" sh 'rm -f trufflehog' From 09a72381665e8cd5fa6d1c17d26fb9d49e2baf79 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 20:41:58 +0300 Subject: [PATCH 101/267] a --- jenkins/Jenkinsfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4533ef1b..3b690b30 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,16 +33,20 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { - - def stagedFiles = sh(script: 'git diff --staged --name-only', returnStdout: true).trim() - echo "Running Trufflehog Scan" sh 'rm -f trufflehog' + // sh """ + // docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ + // git ${REPO_URL} --since-commit HEAD^ --branch ${CURR_BRANCH} > trufflehog + // """ + sh """ docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git ${REPO_URL} --branch ${CURR_BRANCH} > trufflehog + git file:///workspace --since-commit HEAD^ --branch ${CURR_BRANCH} > trufflehog """ + + def truffle = readFile "trufflehog" if (truffle.length() == 0) { From e2fb99c44b45bac01da0188cc402e59ac53ca292 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:16:28 +0300 Subject: [PATCH 102/267] trufflehog with local commits --- jenkins/Jenkinsfile | 23 +++++++++++++++-------- jenkins/keys copy.txt | 2 +- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3b690b30..2ee18ead 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -4,6 +4,7 @@ pipeline { REPO_URL = '' CURR_BRANCH = '' workspace = '' + relativeWorkspacePath = '' } stages { stage ('Checkout SCM') @@ -20,13 +21,19 @@ pipeline { stage('Setting Environment Variables') { steps { script { - echo "Getting git repo info" - // Get the current repository URL - REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() + echo "Getting git repo info" + // Get the current repository URL + REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() - } + sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() + } + script { + // Replace the /var/jenkins_home prefix to make it relative + relativeWorkspacePath = workspace.replace("/var/jenkins_home", "") + + echo "Relative Workspace Path: ${relativeWorkspacePath}" + } } } stage('TruffleHog Secret Scan') { @@ -42,8 +49,8 @@ pipeline { // """ sh """ - docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - git file:///workspace --since-commit HEAD^ --branch ${CURR_BRANCH} > trufflehog + docker run --rm -v jenkins_jenkins-data:/data trufflesecurity/trufflehog:latest \ + git file:///data${relativeWorkspacePath} --since-commit HEAD^ --branch HEAD """ diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 8254e9af..866bd4d6 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: - + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From f8e62563738eca8a1407fc4ef9d03ea5eacd4025 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:21:07 +0300 Subject: [PATCH 103/267] changed key file to check if pipeline works --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 866bd4d6..886533c0 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: - +a https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 91cfabd641f92676a1991de6c47a7b263cbf4dcf Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:23:20 +0300 Subject: [PATCH 104/267] fixed some issues --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 2ee18ead..b3dd995e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -50,7 +50,7 @@ pipeline { sh """ docker run --rm -v jenkins_jenkins-data:/data trufflesecurity/trufflehog:latest \ - git file:///data${relativeWorkspacePath} --since-commit HEAD^ --branch HEAD + git file:///data${relativeWorkspacePath} --since-commit HEAD^ --branch ${CURR_BRANCH} > trufflehog """ From e77b2b27f656d34c9ae3edac53a038de7c1f048b Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:23:46 +0300 Subject: [PATCH 105/267] change in key.txt to check if pipeline works --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 886533c0..866bd4d6 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: -a + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 198a67d52e968786f6327c548b88a981686ec5f5 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 21:42:35 +0300 Subject: [PATCH 106/267] TEST Sonarqube --- jenkins/Jenkinsfile | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e613061e..08b31400 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -7,35 +7,9 @@ pipeline { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } - stage('Install Semgrep') { - steps { - sh 'docker pull returntocorp/semgrep' - } - } - stage('Run Semgrep on changed files') { - steps { - echo "Running Semgrep Static Analysis on changed files" - - script { - // Λαμβάνουμε τα τροποποιημένα αρχεία από το τελευταίο commit - def changedFiles = sh(script: "git diff --name-only HEAD~1 HEAD", returnStdout: true).trim() - - if (changedFiles) { - echo "Files changed in the last commit: ${changedFiles}" - - // Εκτέλεση Semgrep μόνο στα αλλαγμένα αρχεία - sh """ - docker run --rm -v ${WORKSPACE}:/src returntocorp/semgrep semgrep --config p/ci --error ${changedFiles} - """ - } else { - echo "No files changed in the last commit." - } - } - } - } - stage('Build') { + stage('Build') { steps { - echo "Building" + echo "Building2" } } stage("Test") { From 92ba5645cd391e1078c40a6e22ec6e894fb30f63 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 21:43:55 +0300 Subject: [PATCH 107/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 08b31400..b23b19d8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building2" + echo "Building3" } } stage("Test") { From 3cc30aa9610fb79183e02f1a207345d2c211ad89 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 21:46:35 +0300 Subject: [PATCH 108/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b23b19d8..c3fe25e5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building3" + echo "Building..." } } stage("Test") { From bbb7ea9c4c375fad42eee1c96b9274471a11cdbc Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:46:39 +0300 Subject: [PATCH 109/267] a --- jenkins/Jenkinsfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b3dd995e..14ee61e5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -21,6 +21,13 @@ pipeline { stage('Setting Environment Variables') { steps { script { + + def gitStatus = sh(script: 'git status', returnStdout: true).trim() + + // Echo the result of git status + echo "Git Status:\n${gitStatus}" + + echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() From a1aa721b9a316e3759553bc44a030dbd2e706808 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:49:03 +0300 Subject: [PATCH 110/267] a --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 866bd4d6..98670d74 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: - +test https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 976bacfe6882e53303e65a163dfc7188ffb78e84 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 21:58:42 +0300 Subject: [PATCH 111/267] a --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 98670d74..e92d6620 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: -test +test https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From a945abbd26087a0ebd0e553b48e881341c7bb47f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:00:26 +0300 Subject: [PATCH 112/267] try with HEAD --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 14ee61e5..07d57706 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -57,7 +57,7 @@ pipeline { sh """ docker run --rm -v jenkins_jenkins-data:/data trufflesecurity/trufflehog:latest \ - git file:///data${relativeWorkspacePath} --since-commit HEAD^ --branch ${CURR_BRANCH} > trufflehog + git file:///data${relativeWorkspacePath} --since-commit HEAD --branch ${CURR_BRANCH} > trufflehog """ From 04eb122eb17069accc8b47d4fe4e3989ec8564a1 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:02:54 +0300 Subject: [PATCH 113/267] test commit for secret scanning --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index e92d6620..59d74245 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: -test +test https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From d487b55a6d730bf6f2b97228553888d295ea66d6 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:05:40 +0300 Subject: [PATCH 114/267] change 2 --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 59d74245..3e8e8a7e 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: -test +https://admin:admin@the-internet.herokuapp.com/basic_auth https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 9303d82668b10a9969ed5ed9d1bc012398aa17c8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:09:42 +0300 Subject: [PATCH 115/267] without branch option --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 07d57706..c2d2245d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -57,7 +57,7 @@ pipeline { sh """ docker run --rm -v jenkins_jenkins-data:/data trufflesecurity/trufflehog:latest \ - git file:///data${relativeWorkspacePath} --since-commit HEAD --branch ${CURR_BRANCH} > trufflehog + git file:///data${relativeWorkspacePath} --since-commit HEAD > trufflehog """ From aa4089b711b5ac9991877abab0164c570e3bb50e Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:11:46 +0300 Subject: [PATCH 116/267] a --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 3e8e8a7e..866bd4d6 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: -https://admin:admin@the-internet.herokuapp.com/basic_auth + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From c1d543cf0357eab15f6a0f7e9dd9f9a1dbf52129 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:19:03 +0300 Subject: [PATCH 117/267] tried something else --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c2d2245d..5e87eaf2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -57,10 +57,10 @@ pipeline { sh """ docker run --rm -v jenkins_jenkins-data:/data trufflesecurity/trufflehog:latest \ - git file:///data${relativeWorkspacePath} --since-commit HEAD > trufflehog + git file:///data${relativeWorkspacePath} --since-commit HEAD^..HEAD > trufflehog """ - + def truffle = readFile "trufflehog" if (truffle.length() == 0) { From 181e849ce3690db29c912cf7c1ca794de4a57cf2 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 22:20:45 +0300 Subject: [PATCH 118/267] test --- jenkins/keys.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys.txt b/jenkins/keys.txt index 8254e9af..3e8e8a7e 100644 --- a/jenkins/keys.txt +++ b/jenkins/keys.txt @@ -1,5 +1,5 @@ Basic auth: - +https://admin:admin@the-internet.herokuapp.com/basic_auth https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From aa121efe39687023f3dbb6fbf06a04cf9cc6dc16 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 22:31:12 +0300 Subject: [PATCH 119/267] TEST Sonarqube --- jenkins/Jenkinsfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c3fe25e5..a4ef02cb 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -12,6 +12,14 @@ pipeline { echo "Building..." } } + stage('Scan') { + steps { + withSonarQubeEnv(installationName: 'sonarQube1') { + sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.9.2155:sonar' + } + } + } + stage("Test") { steps { echo "Testing" From 84fc5e48dff2148077fc2acc30af0ab83b706893 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 22:32:11 +0300 Subject: [PATCH 120/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a4ef02cb..e4a792e5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Scan') { steps { withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.9.2155:sonar' + sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.9:sonar' } } } From 682ba0c489e1f36e367701dc10a9d7b8ec05b0fc Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 22:33:05 +0300 Subject: [PATCH 121/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e4a792e5..5a700fa0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Scan') { steps { withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.9:sonar' + sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar' } } } From 07487bc5f7e33faf1c212998845b0e355170ead8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 22:40:25 +0300 Subject: [PATCH 122/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5a700fa0..69b455f1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building..." + echo "Building...." } } stage('Scan') { From 9f65073293ffb23d68c6d33d79333faa7bbcbf4e Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 23:08:41 +0300 Subject: [PATCH 123/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 69b455f1..5a700fa0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building...." + echo "Building..." } } stage('Scan') { From c5faad9f8faf2f9ba1b2e146a49ecaffb5300a57 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Thu, 12 Sep 2024 23:11:41 +0300 Subject: [PATCH 124/267] a --- jenkins/Jenkinsfile | 5 ++++- jenkins/keys copy.txt | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5e87eaf2..5198e2da 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,5 +1,8 @@ pipeline { agent any + parameters { + string(name: 'FILES_TO_SCAN', defaultValue: '.', description: 'Files or directories to scan') + } environment { REPO_URL = '' CURR_BRANCH = '' @@ -60,7 +63,7 @@ pipeline { git file:///data${relativeWorkspacePath} --since-commit HEAD^..HEAD > trufflehog """ - + def truffle = readFile "trufflehog" if (truffle.length() == 0) { diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 866bd4d6..98670d74 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: - +test https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From f875f60b7eebf341bf2ffffe2466495a1659fa2b Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 23:15:05 +0300 Subject: [PATCH 125/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5a700fa0..69b455f1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building..." + echo "Building...." } } stage('Scan') { From acaa37b523855f30336cf11af2dcaa4e7550b2d4 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 23:17:30 +0300 Subject: [PATCH 126/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 69b455f1..40a2bd22 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building...." + echo "Building....." } } stage('Scan') { From 4ed6adf42e5c03e8e599bf9edcfd1c8d72bbf833 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 23:51:53 +0300 Subject: [PATCH 127/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 40a2bd22..69b455f1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building....." + echo "Building...." } } stage('Scan') { From 48bd90f9b75277ba448fe26523d72195d5086cf2 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Thu, 12 Sep 2024 23:59:01 +0300 Subject: [PATCH 128/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 69b455f1..40a2bd22 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building...." + echo "Building....." } } stage('Scan') { From a22126180b55361f13d261446d83208a70fc4cb8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Fri, 13 Sep 2024 00:11:33 +0300 Subject: [PATCH 129/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 40a2bd22..c1e40a2e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building....." + echo "Building......" } } stage('Scan') { From 3773d88fa7439cbb0b754d1b8ad4412a7eef26a9 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Fri, 13 Sep 2024 01:20:33 +0300 Subject: [PATCH 130/267] fixed jenkinsfile --- jenkins/Jenkinsfile | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5198e2da..7aba0d40 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,8 +1,5 @@ pipeline { agent any - parameters { - string(name: 'FILES_TO_SCAN', defaultValue: '.', description: 'Files or directories to scan') - } environment { REPO_URL = '' CURR_BRANCH = '' @@ -25,24 +22,11 @@ pipeline { steps { script { - def gitStatus = sh(script: 'git status', returnStdout: true).trim() - - // Echo the result of git status - echo "Git Status:\n${gitStatus}" - - echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - - sh(script: 'git rev-parse --show-toplevel', returnStdout: true).trim() - } - script { - // Replace the /var/jenkins_home prefix to make it relative - relativeWorkspacePath = workspace.replace("/var/jenkins_home", "") - - echo "Relative Workspace Path: ${relativeWorkspacePath}" + } } } @@ -53,16 +37,9 @@ pipeline { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' - // sh """ - // docker run --rm -v "${workspace}:/workspace" trufflesecurity/trufflehog:latest \ - // git ${REPO_URL} --since-commit HEAD^ --branch ${CURR_BRANCH} > trufflehog - // """ - sh """ - docker run --rm -v jenkins_jenkins-data:/data trufflesecurity/trufflehog:latest \ - git file:///data${relativeWorkspacePath} --since-commit HEAD^..HEAD > trufflehog + docker run --rm -v trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD > trufflehog """ - def truffle = readFile "trufflehog" From b2536c21c08f50572828509b0d42e969ac185bfc Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Fri, 13 Sep 2024 01:21:30 +0300 Subject: [PATCH 131/267] test commit --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 98670d74..866bd4d6 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: -test + https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 8c81ac907a1a81b9039446f8c9b5ed13eb7ce8c8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Fri, 13 Sep 2024 01:22:31 +0300 Subject: [PATCH 132/267] fixed? --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 7aba0d40..c586306d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,7 @@ pipeline { sh 'rm -f trufflehog' sh """ - docker run --rm -v trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD > trufflehog + docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD > trufflehog """ def truffle = readFile "trufflehog" From 70ec886d1aec7d1cabe8a8ec1bb76b55b98fc28a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Fri, 13 Sep 2024 01:24:42 +0300 Subject: [PATCH 133/267] test --- jenkins/keys copy.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/keys copy.txt b/jenkins/keys copy.txt index 866bd4d6..98670d74 100644 --- a/jenkins/keys copy.txt +++ b/jenkins/keys copy.txt @@ -1,5 +1,5 @@ Basic auth: - +test https://admin:admin@the-internet.herokuapp.com/basic_auth Private key: From 5fd9d075cbce9387d672cca55539cb57e7502d03 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Fri, 13 Sep 2024 01:26:22 +0300 Subject: [PATCH 134/267] final commit on secrets --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c586306d..205f1682 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,7 @@ pipeline { sh 'rm -f trufflehog' sh """ - docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD > trufflehog + docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog """ def truffle = readFile "trufflehog" From 82aee748442291bbcc9c6419fcafe5a4e8f441ad Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Fri, 13 Sep 2024 22:36:56 +0300 Subject: [PATCH 135/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c1e40a2e..40a2bd22 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building......" + echo "Building....." } } stage('Scan') { From 8c2ef17ec548ee5db498d254fcb3ab57c79d44c4 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Fri, 13 Sep 2024 22:38:36 +0300 Subject: [PATCH 136/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 40a2bd22..69b455f1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building....." + echo "Building...." } } stage('Scan') { From 97c119cc14080ef6d5fc1f3f4765c83646baeeef Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Fri, 13 Sep 2024 22:41:04 +0300 Subject: [PATCH 137/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 69b455f1..5a700fa0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building...." + echo "Building..." } } stage('Scan') { From 5c8fd830f49ab74684eaf86b922984e0c310cfaa Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Fri, 13 Sep 2024 22:50:57 +0300 Subject: [PATCH 138/267] TEST Sonarqube --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5a700fa0..40a2bd22 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building..." + echo "Building....." } } stage('Scan') { From 3e6573887931afda7fee93c7b652f82bed240f47 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 00:26:15 +0300 Subject: [PATCH 139/267] TEST Sonarqube --- jenkins/Jenkinsfile | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 40a2bd22..3165b4c9 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,31 +1,42 @@ pipeline { agent any + environment { + // Ρύθμιση των μεταβλητών περιβάλλοντος για SonarQube + SONAR_HOST_URL = 'http://192.168.2.11:9000' + SONAR_LOGIN = 'jenkins-sonar2' + } + stages { stage('Checkout') { steps { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } - stage('Build') { + stage('Build') { steps { echo "Building....." + sh './mvnw clean install' } } - stage('Scan') { - steps { - withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar' + stage('SonarQube Scan') { + steps { + withSonarQubeEnv('sonarQube1') { + sh """ + ./mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar \ + -Dsonar.projectKey=my_project_key \ + -Dsonar.host.url=${SONAR_HOST_URL} \ + -Dsonar.login=${SONAR_LOGIN} + """ } - } + } } - - stage("Test") { + stage('Test') { steps { echo "Testing" } } - stage("Deliver") { + stage('Deliver') { steps { echo "Deliver" } @@ -35,7 +46,6 @@ pipeline { post { always { echo 'Cleaning up...' - // Perform cleanup or archive reports } success { echo 'Pipeline completed successfully.' From e9574aef87a6f13b7215a249c505c134628c2c8f Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 00:35:42 +0300 Subject: [PATCH 140/267] TEST Sonarqube --- jenkins/Jenkinsfile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3165b4c9..d1dc6580 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -4,7 +4,6 @@ pipeline { environment { // Ρύθμιση των μεταβλητών περιβάλλοντος για SonarQube SONAR_HOST_URL = 'http://192.168.2.11:9000' - SONAR_LOGIN = 'jenkins-sonar2' } stages { @@ -21,13 +20,15 @@ pipeline { } stage('SonarQube Scan') { steps { - withSonarQubeEnv('sonarQube1') { - sh """ - ./mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar \ - -Dsonar.projectKey=my_project_key \ - -Dsonar.host.url=${SONAR_HOST_URL} \ - -Dsonar.login=${SONAR_LOGIN} - """ + withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_LOGIN')]) { + withSonarQubeEnv('jenkins-sonar2') { + sh """ + ./mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar \ + -Dsonar.projectKey=my_project_key \ + -Dsonar.host.url=${SONAR_HOST_URL} \ + -Dsonar.login=${SONAR_LOGIN} + """ + } } } } From 18b457e06ab890f8cd7f0420e202961673e885a7 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 00:38:39 +0300 Subject: [PATCH 141/267] TEST Sonarqube --- jenkins/Jenkinsfile | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d1dc6580..c1e40a2e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,43 +1,31 @@ pipeline { agent any - environment { - // Ρύθμιση των μεταβλητών περιβάλλοντος για SonarQube - SONAR_HOST_URL = 'http://192.168.2.11:9000' - } - stages { stage('Checkout') { steps { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } - stage('Build') { + stage('Build') { steps { - echo "Building....." - sh './mvnw clean install' + echo "Building......" } } - stage('SonarQube Scan') { - steps { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_LOGIN')]) { - withSonarQubeEnv('jenkins-sonar2') { - sh """ - ./mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar \ - -Dsonar.projectKey=my_project_key \ - -Dsonar.host.url=${SONAR_HOST_URL} \ - -Dsonar.login=${SONAR_LOGIN} - """ - } + stage('Scan') { + steps { + withSonarQubeEnv(installationName: 'sonarQube1') { + sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar' } - } + } } - stage('Test') { + + stage("Test") { steps { echo "Testing" } } - stage('Deliver') { + stage("Deliver") { steps { echo "Deliver" } @@ -47,6 +35,7 @@ pipeline { post { always { echo 'Cleaning up...' + // Perform cleanup or archive reports } success { echo 'Pipeline completed successfully.' From 31e9c9188b08b81366c61de58540f40fc11797e6 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 00:39:48 +0300 Subject: [PATCH 142/267] TEST Sonarqube --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c1e40a2e..abf320c6 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { } stage('Build') { steps { - echo "Building......" + echo "Building....." } } stage('Scan') { @@ -44,4 +44,4 @@ pipeline { echo 'Pipeline failed. Please check the logs.' } } -} +} \ No newline at end of file From e45ee75896714db59739e9df246a2e7c461b90bc Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 00:45:35 +0300 Subject: [PATCH 143/267] TEST Sonarqube --- jenkins/Jenkinsfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index abf320c6..e7407877 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -13,13 +13,15 @@ pipeline { } } stage('Scan') { - steps { + steps { withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar' + sh './mvnw clean compile' // Compile the code first + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan } - } + } } + stage("Test") { steps { echo "Testing" From 783d0360dfd2d6fc1b898241a2ebbe7c6d84df75 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 00:57:46 +0300 Subject: [PATCH 144/267] Add a static code error --- .../com/scalesec/vulnado/LoginController.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/main/java/com/scalesec/vulnado/LoginController.java b/src/main/java/com/scalesec/vulnado/LoginController.java index e0676c15..4dd41e50 100644 --- a/src/main/java/com/scalesec/vulnado/LoginController.java +++ b/src/main/java/com/scalesec/vulnado/LoginController.java @@ -29,6 +29,24 @@ LoginResponse login(@RequestBody LoginRequest input) { class LoginRequest implements Serializable { public String username; public String password; + public void exampleMethod() { + int x = 10; + if (x == 10) { + return; + } + // Κώδικας που δεν θα εκτελεστεί ποτέ + System.out.println("This will never be printed"); + } + public void exampleMethod2() { + int x = 10; + if (x == 10) { + return; + } + // Κώδικας που δεν θα εκτελεστεί ποτέ + System.out.println("This will never be printed"); + } + + } class LoginResponse implements Serializable { From 2baecd13e6af2408138d2f00538de5a11b304db6 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 01:05:07 +0300 Subject: [PATCH 145/267] Add a static code error 2 --- src/main/java/com/scalesec/vulnado/LoginController.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/com/scalesec/vulnado/LoginController.java b/src/main/java/com/scalesec/vulnado/LoginController.java index 4dd41e50..dcbd86bf 100644 --- a/src/main/java/com/scalesec/vulnado/LoginController.java +++ b/src/main/java/com/scalesec/vulnado/LoginController.java @@ -27,6 +27,7 @@ LoginResponse login(@RequestBody LoginRequest input) { } class LoginRequest implements Serializable { + int unusedVariable = 10; public String username; public String password; public void exampleMethod() { @@ -34,6 +35,7 @@ public void exampleMethod() { if (x == 10) { return; } + return; // Κώδικας που δεν θα εκτελεστεί ποτέ System.out.println("This will never be printed"); } @@ -42,6 +44,7 @@ public void exampleMethod2() { if (x == 10) { return; } + return; // Κώδικας που δεν θα εκτελεστεί ποτέ System.out.println("This will never be printed"); } From e6550c1b4ce0c1bc0ff23491f9e276000b289238 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 01:15:53 +0300 Subject: [PATCH 146/267] Add a static code error 2 --- src/main/java/com/scalesec/vulnado/LoginController.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/LoginController.java b/src/main/java/com/scalesec/vulnado/LoginController.java index dcbd86bf..c651ed97 100644 --- a/src/main/java/com/scalesec/vulnado/LoginController.java +++ b/src/main/java/com/scalesec/vulnado/LoginController.java @@ -27,7 +27,6 @@ LoginResponse login(@RequestBody LoginRequest input) { } class LoginRequest implements Serializable { - int unusedVariable = 10; public String username; public String password; public void exampleMethod() { @@ -44,7 +43,6 @@ public void exampleMethod2() { if (x == 10) { return; } - return; // Κώδικας που δεν θα εκτελεστεί ποτέ System.out.println("This will never be printed"); } From 16de43bef120f7a6c830a4fd20c8f463951c74b2 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 11:45:59 +0300 Subject: [PATCH 147/267] Add a static code error 2 --- jenkins/Jenkinsfile | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e7407877..bb6893e7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -12,11 +12,17 @@ pipeline { echo "Building....." } } - stage('Scan') { + stage('Scan') { steps { - withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean compile' // Compile the code first - sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + script { + if (env.BRANCH_NAME == 'code-checking') { + withSonarQubeEnv('sonarQube1') { // Replace with your SonarQube installation name + sh './mvnw clean compile' // Compile the code first + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + } + } else { + echo "Skipping SonarQube scan as this is not the 'code-checking' branch." + } } } } From 8cf879229742d5a499c4f4f99abac229dfee450c Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 11:50:32 +0300 Subject: [PATCH 148/267] Add a static code error 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index bb6893e7..142e0ff5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -4,7 +4,7 @@ pipeline { stages { stage('Checkout') { steps { - git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' + git branch:'code-checking', url:'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } stage('Build') { From 671382e74f165dbb898187378099675d62b6ffa3 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 11:52:05 +0300 Subject: [PATCH 149/267] Add a static code error 4 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 142e0ff5..bb6893e7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -4,7 +4,7 @@ pipeline { stages { stage('Checkout') { steps { - git branch:'code-checking', url:'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' + git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } stage('Build') { From 022dc5a52444dd9a74c0f04dfb3026629bf04215 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 11:56:30 +0300 Subject: [PATCH 150/267] Add a static code error 4 --- jenkins/Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index bb6893e7..3bccaa39 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -12,7 +12,8 @@ pipeline { echo "Building....." } } - stage('Scan') { + + stage('Scan') { steps { script { if (env.BRANCH_NAME == 'code-checking') { From 51a5ef2918f18ff1113d99d7d4211cb89e5e0714 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:00:27 +0300 Subject: [PATCH 151/267] Add a static code error 6 --- jenkins/Jenkinsfile | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3bccaa39..8c37b70a 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -16,19 +16,18 @@ pipeline { stage('Scan') { steps { script { - if (env.BRANCH_NAME == 'code-checking') { - withSonarQubeEnv('sonarQube1') { // Replace with your SonarQube installation name - sh './mvnw clean compile' // Compile the code first - sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan - } - } else { - echo "Skipping SonarQube scan as this is not the 'code-checking' branch." + echo "${env.BRANCH_NAME}" + def sonarProjectKey = "my-project-${env.BRANCH_NAME}" // Ορισμός δυναμικού projectKey ανάλογα με το branch + withSonarQubeEnv('sonarQube1') { + sh './mvnw clean compile' // Compile the code first + sh "./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.projectKey=${sonarProjectKey} -Dsonar.java.binaries=target/classes" // Run the SonarQube scan } } } } + stage("Test") { steps { echo "Testing" From 778c1877f76943d98dcd757d566a138daf545ad3 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:02:28 +0300 Subject: [PATCH 152/267] Add a static code error 6 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 8c37b70a..05b8c8ac 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -16,7 +16,7 @@ pipeline { stage('Scan') { steps { script { - echo "${env.BRANCH_NAME}" + echo "The current branch is: ${env.BRANCH_NAME}" def sonarProjectKey = "my-project-${env.BRANCH_NAME}" // Ορισμός δυναμικού projectKey ανάλογα με το branch withSonarQubeEnv('sonarQube1') { sh './mvnw clean compile' // Compile the code first From ac795b582cfef62e6409d8fb635c06939bf050d3 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:03:50 +0300 Subject: [PATCH 153/267] Add a static code error 6 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 05b8c8ac..a006ba00 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -16,7 +16,7 @@ pipeline { stage('Scan') { steps { script { - echo "The current branch is: ${env.BRANCH_NAME}" + echo "The current branch is: ${env.GIT_BRANCH}" def sonarProjectKey = "my-project-${env.BRANCH_NAME}" // Ορισμός δυναμικού projectKey ανάλογα με το branch withSonarQubeEnv('sonarQube1') { sh './mvnw clean compile' // Compile the code first From 4db3cb078dabc2f7ecb5bc3b38022cc2c5c2ee61 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:05:17 +0300 Subject: [PATCH 154/267] Add a static code error 7 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a006ba00..34645340 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -17,7 +17,7 @@ pipeline { steps { script { echo "The current branch is: ${env.GIT_BRANCH}" - def sonarProjectKey = "my-project-${env.BRANCH_NAME}" // Ορισμός δυναμικού projectKey ανάλογα με το branch + def sonarProjectKey = "my-project-${env.GIT_BRANCH}" // Ορισμός δυναμικού projectKey ανάλογα με το branch withSonarQubeEnv('sonarQube1') { sh './mvnw clean compile' // Compile the code first sh "./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.projectKey=${sonarProjectKey} -Dsonar.java.binaries=target/classes" // Run the SonarQube scan From 3e6585d3bea6041f37bdc9eab1d1086a2b20876b Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:06:53 +0300 Subject: [PATCH 155/267] Add a static code error 7 --- jenkins/Jenkinsfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 34645340..a3b456d5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -16,8 +16,8 @@ pipeline { stage('Scan') { steps { script { - echo "The current branch is: ${env.GIT_BRANCH}" - def sonarProjectKey = "my-project-${env.GIT_BRANCH}" // Ορισμός δυναμικού projectKey ανάλογα με το branch + // Αντικαθιστούμε το "/" με "-" + def sonarProjectKey = "my-project-origin-${env.BRANCH_NAME.replaceAll('/', '-')}" withSonarQubeEnv('sonarQube1') { sh './mvnw clean compile' // Compile the code first sh "./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.projectKey=${sonarProjectKey} -Dsonar.java.binaries=target/classes" // Run the SonarQube scan @@ -28,6 +28,7 @@ pipeline { + stage("Test") { steps { echo "Testing" From 73701934a4492e5e6b013ed6534748ddded16cb9 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:17:45 +0300 Subject: [PATCH 156/267] Add a static code error 7 --- jenkins/Jenkinsfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a3b456d5..34645340 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -16,8 +16,8 @@ pipeline { stage('Scan') { steps { script { - // Αντικαθιστούμε το "/" με "-" - def sonarProjectKey = "my-project-origin-${env.BRANCH_NAME.replaceAll('/', '-')}" + echo "The current branch is: ${env.GIT_BRANCH}" + def sonarProjectKey = "my-project-${env.GIT_BRANCH}" // Ορισμός δυναμικού projectKey ανάλογα με το branch withSonarQubeEnv('sonarQube1') { sh './mvnw clean compile' // Compile the code first sh "./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.projectKey=${sonarProjectKey} -Dsonar.java.binaries=target/classes" // Run the SonarQube scan @@ -28,7 +28,6 @@ pipeline { - stage("Test") { steps { echo "Testing" From 8ed0de5b08d52dc249b553236946f944e53a4767 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:22:49 +0300 Subject: [PATCH 157/267] Add a static code error 7 --- jenkins/Jenkinsfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 34645340..f8c709f7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -7,6 +7,11 @@ pipeline { git 'https://github.com/a-efstathiou/DevSecOps-pipeline-vulnado.git' } } + stage('Checkout2') { + steps { + checkout scm + } + } stage('Build') { steps { echo "Building....." From baec11b6297585b359468670cb576260990b2d53 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:33:34 +0300 Subject: [PATCH 158/267] Add a static code error 7 --- src/main/java/com/scalesec/vulnado/LoginController.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/LoginController.java b/src/main/java/com/scalesec/vulnado/LoginController.java index c651ed97..011d7ad6 100644 --- a/src/main/java/com/scalesec/vulnado/LoginController.java +++ b/src/main/java/com/scalesec/vulnado/LoginController.java @@ -36,15 +36,14 @@ public void exampleMethod() { } return; // Κώδικας που δεν θα εκτελεστεί ποτέ - System.out.println("This will never be printed"); + //System.out.println("This will never be printed"); } public void exampleMethod2() { int x = 10; if (x == 10) { return; } - // Κώδικας που δεν θα εκτελεστεί ποτέ - System.out.println("This will never be printed"); + return; } From 5f4b70eedb0c8cf9237b5bdf9f0382b3359bddf6 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:43:01 +0300 Subject: [PATCH 159/267] Add a static code error 88 --- jenkins/Jenkinsfile | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f8c709f7..497439c9 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -19,16 +19,12 @@ pipeline { } stage('Scan') { - steps { - script { - echo "The current branch is: ${env.GIT_BRANCH}" - def sonarProjectKey = "my-project-${env.GIT_BRANCH}" // Ορισμός δυναμικού projectKey ανάλογα με το branch - withSonarQubeEnv('sonarQube1') { - sh './mvnw clean compile' // Compile the code first - sh "./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.projectKey=${sonarProjectKey} -Dsonar.java.binaries=target/classes" // Run the SonarQube scan - } - } - } + steps { + withSonarQubeEnv(installationName: 'sonarQube1') { + sh './mvnw clean compile' // Compile the code first + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + } + } } From 071a2d46c739bb86303b425422c193638fdc2071 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 12:44:50 +0300 Subject: [PATCH 160/267] Add a static code error 88 --- src/main/java/com/scalesec/vulnado/LoginController.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/scalesec/vulnado/LoginController.java b/src/main/java/com/scalesec/vulnado/LoginController.java index 011d7ad6..b72dda9b 100644 --- a/src/main/java/com/scalesec/vulnado/LoginController.java +++ b/src/main/java/com/scalesec/vulnado/LoginController.java @@ -44,6 +44,7 @@ public void exampleMethod2() { return; } return; + System.out.println("TEEEEEEEEEEEEST"); } From 82d43853b8d3d1f65aa9cc0585baa234ad55af21 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 19:21:46 +0300 Subject: [PATCH 161/267] Add a static code error 88 Test --- .../com/scalesec/vulnado/LoginController.java | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/LoginController.java b/src/main/java/com/scalesec/vulnado/LoginController.java index b72dda9b..5090d441 100644 --- a/src/main/java/com/scalesec/vulnado/LoginController.java +++ b/src/main/java/com/scalesec/vulnado/LoginController.java @@ -29,24 +29,6 @@ LoginResponse login(@RequestBody LoginRequest input) { class LoginRequest implements Serializable { public String username; public String password; - public void exampleMethod() { - int x = 10; - if (x == 10) { - return; - } - return; - // Κώδικας που δεν θα εκτελεστεί ποτέ - //System.out.println("This will never be printed"); - } - public void exampleMethod2() { - int x = 10; - if (x == 10) { - return; - } - return; - System.out.println("TEEEEEEEEEEEEST"); - } - } From d0f34fe85401e1878b032e86a63868171d123214 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 19:27:01 +0300 Subject: [PATCH 162/267] Add static code analyzer test to Comment class --- .../java/com/scalesec/vulnado/Comment.java | 84 +++++++++++++------ 1 file changed, 59 insertions(+), 25 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 4a85fc8f..1216ec94 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -18,7 +18,12 @@ public Comment(String id, String username, String body, Timestamp created_on) { this.created_on = created_on; } + // Δημιουργία comment με πιθανές ευπάθειες public static Comment create(String username, String body){ + if (username == null || body == null || username.isEmpty() || body.isEmpty()) { + throw new IllegalArgumentException("Username and body must not be null or empty"); // Βασική επικύρωση + } + long time = new Date().getTime(); Timestamp timestamp = new Timestamp(time); Comment comment = new Comment(UUID.randomUUID().toString(), username, body, timestamp); @@ -28,20 +33,25 @@ public static Comment create(String username, String body){ } else { throw new BadRequest("Unable to save comment"); } - } catch (Exception e) { - throw new ServerError(e.getMessage()); + } catch (SQLException e) { // Εξαίρεση για SQL exceptions + e.printStackTrace(); // Κακή πρακτική - εκτύπωση του stacktrace + throw new ServerError("Database error occurred: " + e.getMessage()); // Κακή πρακτική, διαρροή πληροφοριών προς τον χρήστη } } + // Fetch all comments με κακή διαχείριση resources και χρήση raw SQL query public static List fetch_all() { Statement stmt = null; - List comments = new ArrayList(); + ResultSet rs = null; + List comments = new ArrayList<>(); + Connection cxn = null; try { - Connection cxn = Postgres.connection(); + cxn = Postgres.connection(); stmt = cxn.createStatement(); - String query = "select * from comments;"; - ResultSet rs = stmt.executeQuery(query); + String query = "SELECT * FROM comments;"; + rs = stmt.executeQuery(query); // Ενδεχόμενο SQL Injection + while (rs.next()) { String id = rs.getString("id"); String username = rs.getString("username"); @@ -50,37 +60,61 @@ public static List fetch_all() { Comment c = new Comment(id, username, body, created_on); comments.add(c); } - cxn.close(); - } catch (Exception e) { - e.printStackTrace(); - System.err.println(e.getClass().getName()+": "+e.getMessage()); + } catch (SQLException e) { + e.printStackTrace(); // Κακή πρακτική - διαρροή ευαίσθητων πληροφοριών + System.err.println(e.getClass().getName() + ": " + e.getMessage()); } finally { - return comments; + try { + if (rs != null) rs.close(); // Κακή διαχείριση πόρων, πρέπει να κλείνουμε το ResultSet + if (stmt != null) stmt.close(); // Κακή διαχείριση πόρων + if (cxn != null) cxn.close(); // Πρέπει πάντα να κλείνουμε την σύνδεση + } catch (SQLException e) { + e.printStackTrace(); + } } + return comments; } + // Διαγραφή comment με ενδεχόμενο SQL injection λόγω μη σωστής διαχείρισης PreparedStatement public static Boolean delete(String id) { + Connection con = null; + PreparedStatement pStatement = null; try { - String sql = "DELETE FROM comments where id = ?"; - Connection con = Postgres.connection(); - PreparedStatement pStatement = con.prepareStatement(sql); + String sql = "DELETE FROM comments WHERE id = ?"; + con = Postgres.connection(); + pStatement = con.prepareStatement(sql); pStatement.setString(1, id); - return 1 == pStatement.executeUpdate(); - } catch(Exception e) { - e.printStackTrace(); + int affectedRows = pStatement.executeUpdate(); // Έλεγχος πόσες γραμμές επηρεάστηκαν + return affectedRows == 1; + } catch(SQLException e) { + e.printStackTrace(); // Διαρροή πληροφοριών } finally { - return false; + try { + if (pStatement != null) pStatement.close(); + if (con != null) con.close(); // Πρέπει πάντα να κλείνουμε την σύνδεση + } catch (SQLException e) { + e.printStackTrace(); + } } + return false; // Ακόμη και σε περίπτωση σφάλματος επιστρέφει false } + // Commit με μη ασφαλή χρήση SQL queries private Boolean commit() throws SQLException { String sql = "INSERT INTO comments (id, username, body, created_on) VALUES (?,?,?,?)"; - Connection con = Postgres.connection(); - PreparedStatement pStatement = con.prepareStatement(sql); - pStatement.setString(1, this.id); - pStatement.setString(2, this.username); - pStatement.setString(3, this.body); - pStatement.setTimestamp(4, this.created_on); - return 1 == pStatement.executeUpdate(); + Connection con = null; + PreparedStatement pStatement = null; + try { + con = Postgres.connection(); + pStatement = con.prepareStatement(sql); + pStatement.setString(1, this.id); + pStatement.setString(2, this.username); + pStatement.setString(3, this.body); + pStatement.setTimestamp(4, this.created_on); + return pStatement.executeUpdate() == 1; + } finally { + if (pStatement != null) pStatement.close(); // Πρέπει να κλείσουμε το PreparedStatement + if (con != null) con.close(); // Πρέπει να κλείσουμε την σύνδεση + } } } From c01f4c7c5e86f1871a2f84b53463065543beace2 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 23:33:20 +0300 Subject: [PATCH 163/267] Add static code analyzer test to Comment class 2 --- .../java/com/scalesec/vulnado/Comment.java | 102 +++++++----------- 1 file changed, 41 insertions(+), 61 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 1216ec94..23fdd386 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -18,12 +18,31 @@ public Comment(String id, String username, String body, Timestamp created_on) { this.created_on = created_on; } - // Δημιουργία comment με πιθανές ευπάθειες - public static Comment create(String username, String body){ - if (username == null || body == null || username.isEmpty() || body.isEmpty()) { - throw new IllegalArgumentException("Username and body must not be null or empty"); // Βασική επικύρωση + + //SQL INJECTION HERE + private Boolean commit() throws SQLException { + String sql = "INSERT INTO comments (id, username, body, created_on) VALUES (this.id,this.username,this.body,this.created_on)"; + Connection con = Postgres.connection(); + Statement statement = con.createStatement(); + return 1 == statement.executeUpdate(sql); + } + public void process(int value) { + if (value > 0) { + if (value < 10) { + System.out.println("Small value"); + } else { + System.out.println("Medium value"); + } + } else { + if (value == 0) { + System.out.println("Zero"); + } else { + System.out.println("Negative value"); + } } + } + public static Comment create(String username, String body){ long time = new Date().getTime(); Timestamp timestamp = new Timestamp(time); Comment comment = new Comment(UUID.randomUUID().toString(), username, body, timestamp); @@ -33,25 +52,20 @@ public static Comment create(String username, String body){ } else { throw new BadRequest("Unable to save comment"); } - } catch (SQLException e) { // Εξαίρεση για SQL exceptions - e.printStackTrace(); // Κακή πρακτική - εκτύπωση του stacktrace - throw new ServerError("Database error occurred: " + e.getMessage()); // Κακή πρακτική, διαρροή πληροφοριών προς τον χρήστη + } catch (Exception e) { + throw new ServerError(e.getMessage()); } } - // Fetch all comments με κακή διαχείριση resources και χρήση raw SQL query public static List fetch_all() { Statement stmt = null; - ResultSet rs = null; - List comments = new ArrayList<>(); - Connection cxn = null; + List comments = new ArrayList(); try { - cxn = Postgres.connection(); + Connection cxn = Postgres.connection(); stmt = cxn.createStatement(); - String query = "SELECT * FROM comments;"; - rs = stmt.executeQuery(query); // Ενδεχόμενο SQL Injection - + String query = "select * from comments;"; + ResultSet rs = stmt.executeQuery(query); while (rs.next()) { String id = rs.getString("id"); String username = rs.getString("username"); @@ -60,61 +74,27 @@ public static List fetch_all() { Comment c = new Comment(id, username, body, created_on); comments.add(c); } - } catch (SQLException e) { - e.printStackTrace(); // Κακή πρακτική - διαρροή ευαίσθητων πληροφοριών - System.err.println(e.getClass().getName() + ": " + e.getMessage()); + cxn.close(); + } catch (Exception e) { + e.printStackTrace(); + System.err.println(e.getClass().getName()+": "+e.getMessage()); } finally { - try { - if (rs != null) rs.close(); // Κακή διαχείριση πόρων, πρέπει να κλείνουμε το ResultSet - if (stmt != null) stmt.close(); // Κακή διαχείριση πόρων - if (cxn != null) cxn.close(); // Πρέπει πάντα να κλείνουμε την σύνδεση - } catch (SQLException e) { - e.printStackTrace(); - } + return comments; } - return comments; } - // Διαγραφή comment με ενδεχόμενο SQL injection λόγω μη σωστής διαχείρισης PreparedStatement public static Boolean delete(String id) { - Connection con = null; - PreparedStatement pStatement = null; try { - String sql = "DELETE FROM comments WHERE id = ?"; - con = Postgres.connection(); - pStatement = con.prepareStatement(sql); + String sql = "DELETE FROM comments where id = ?"; + Connection con = Postgres.connection(); + PreparedStatement pStatement = con.prepareStatement(sql); pStatement.setString(1, id); - int affectedRows = pStatement.executeUpdate(); // Έλεγχος πόσες γραμμές επηρεάστηκαν - return affectedRows == 1; - } catch(SQLException e) { - e.printStackTrace(); // Διαρροή πληροφοριών + return 1 == pStatement.executeUpdate(); + } catch(Exception e) { + e.printStackTrace(); } finally { - try { - if (pStatement != null) pStatement.close(); - if (con != null) con.close(); // Πρέπει πάντα να κλείνουμε την σύνδεση - } catch (SQLException e) { - e.printStackTrace(); - } + return false; } - return false; // Ακόμη και σε περίπτωση σφάλματος επιστρέφει false } - // Commit με μη ασφαλή χρήση SQL queries - private Boolean commit() throws SQLException { - String sql = "INSERT INTO comments (id, username, body, created_on) VALUES (?,?,?,?)"; - Connection con = null; - PreparedStatement pStatement = null; - try { - con = Postgres.connection(); - pStatement = con.prepareStatement(sql); - pStatement.setString(1, this.id); - pStatement.setString(2, this.username); - pStatement.setString(3, this.body); - pStatement.setTimestamp(4, this.created_on); - return pStatement.executeUpdate() == 1; - } finally { - if (pStatement != null) pStatement.close(); // Πρέπει να κλείσουμε το PreparedStatement - if (con != null) con.close(); // Πρέπει να κλείσουμε την σύνδεση - } - } } From 17eeb83209e5a648ae1d54192d83631b6695e29b Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 23:39:48 +0300 Subject: [PATCH 164/267] Add static code analyzer test to Comment class 2 --- .../java/com/scalesec/vulnado/Comment.java | 27 ++++++------------- 1 file changed, 8 insertions(+), 19 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 23fdd386..78cbd4d8 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -19,27 +19,16 @@ public Comment(String id, String username, String body, Timestamp created_on) { } - //SQL INJECTION HERE + //Try - Catch error here private Boolean commit() throws SQLException { - String sql = "INSERT INTO comments (id, username, body, created_on) VALUES (this.id,this.username,this.body,this.created_on)"; + String sql = "INSERT INTO comments (id, username, body, created_on) VALUES (?,?,?,?)"; Connection con = Postgres.connection(); - Statement statement = con.createStatement(); - return 1 == statement.executeUpdate(sql); - } - public void process(int value) { - if (value > 0) { - if (value < 10) { - System.out.println("Small value"); - } else { - System.out.println("Medium value"); - } - } else { - if (value == 0) { - System.out.println("Zero"); - } else { - System.out.println("Negative value"); - } - } + PreparedStatement pStatement = con.prepareStatement(sql); + pStatement.setString(1, this.id); + pStatement.setString(2, this.username); + pStatement.setString(3, this.body); + pStatement.setTimestamp(4, this.created_on); + return 1 == pStatement.executeUpdate(); } public static Comment create(String username, String body){ From 38433865895d8085a640e8552450cfde3bc709a2 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sat, 14 Sep 2024 23:49:07 +0300 Subject: [PATCH 165/267] Add static code analyzer test to Comment class 3 --- .../java/com/scalesec/vulnado/Comment.java | 60 ++++++++++++++----- 1 file changed, 46 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 78cbd4d8..8ea8c7b8 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -18,8 +18,37 @@ public Comment(String id, String username, String body, Timestamp created_on) { this.created_on = created_on; } + //SQL INJECTION HERE ! Identified by SonarQube + public List findUserComments(String username) { + Statement statement = null; + ResultSet rs = null; + List comments = new ArrayList<>(); + Connection con = null; - //Try - Catch error here + try { + con = Postgres.connection(); + statement = con.createStatement(); + + // SQL INJECTION + String query = "SELECT * FROM comments WHERE username = '" + username + "';"; + rs = statement.executeQuery(query); + + while (rs.next()) { + String id = rs.getString("id"); + String body = rs.getString("body"); + Timestamp created_on = rs.getTimestamp("created_on"); + Comment c = new Comment(id, username, body, created_on); + comments.add(c); + } + } catch (SQLException e) { + e.printStackTrace(); + } + return comments; + } + + + + //Try - Catch Should be here ! Identified by SonarQube private Boolean commit() throws SQLException { String sql = "INSERT INTO comments (id, username, body, created_on) VALUES (?,?,?,?)"; Connection con = Postgres.connection(); @@ -31,6 +60,22 @@ private Boolean commit() throws SQLException { return 1 == pStatement.executeUpdate(); } + + //finally must not have return ! Identified by SonarQube + public static Boolean delete(String id) { + try { + String sql = "DELETE FROM comments where id = ?"; + Connection con = Postgres.connection(); + PreparedStatement pStatement = con.prepareStatement(sql); + pStatement.setString(1, id); + return 1 == pStatement.executeUpdate(); + } catch(Exception e) { + e.printStackTrace(); + } finally { + return false; + } + } + public static Comment create(String username, String body){ long time = new Date().getTime(); Timestamp timestamp = new Timestamp(time); @@ -72,18 +117,5 @@ public static List fetch_all() { } } - public static Boolean delete(String id) { - try { - String sql = "DELETE FROM comments where id = ?"; - Connection con = Postgres.connection(); - PreparedStatement pStatement = con.prepareStatement(sql); - pStatement.setString(1, id); - return 1 == pStatement.executeUpdate(); - } catch(Exception e) { - e.printStackTrace(); - } finally { - return false; - } - } } From 34444289d9d4c240bb1fb44d1a9431b65465aca9 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 00:02:25 +0300 Subject: [PATCH 166/267] Add static code analyzer test to Comment class 3 --- src/main/java/com/scalesec/vulnado/Comment.java | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 8ea8c7b8..b48a0085 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -40,11 +40,26 @@ public List findUserComments(String username) { Comment c = new Comment(id, username, body, created_on); comments.add(c); } - } catch (SQLException e) { + } catch (SQLException e) { //Not enough catch-Exception. Does not catch all the cases. e.printStackTrace(); } return comments; } + public void process(int value) { + if (value > 0) { + if (value < 10) { + System.out.println("Small value"); + } else { + System.out.println("Medium value"); + } + } else { + if (value == 0) { + System.out.println("Zero"); + } else { + System.out.println("Negative value"); + } + } + } From 950860c5ed13be1f3524e9bb004ba24c1838fa2b Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 01:57:37 +0300 Subject: [PATCH 167/267] Add lINTERS test to Comment class 5 --- src/main/java/com/scalesec/vulnado/Comment.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index b48a0085..22126734 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -17,6 +17,14 @@ public Comment(String id, String username, String body, Timestamp created_on) { this.body = body; this.created_on = created_on; } + public void unusedVariableMethod() { + int unused = 10; // Η μεταβλητή "unused" δεν χρησιμοποιείται ποτέ. + System.out.println("Hello, world!"); + } + public void TESTnusedVariableMethod() { + int unused = 10; // Η μεταβλητή "unused" δεν χρησιμοποιείται ποτέ. + System.out.println("Hello, world!"); + } //SQL INJECTION HERE ! Identified by SonarQube public List findUserComments(String username) { From 3359dce7e34d6c936f3afa46f5c0cf004a4abd08 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 02:08:06 +0300 Subject: [PATCH 168/267] Add lINTERS test to Comment class 6 --- .../java/com/scalesec/vulnado/Comment.java | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 22126734..03efc0d4 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -17,13 +17,29 @@ public Comment(String id, String username, String body, Timestamp created_on) { this.body = body; this.created_on = created_on; } + //Linter unusedVariable inside ! Identified by SonarQube public void unusedVariableMethod() { - int unused = 10; // Η μεταβλητή "unused" δεν χρησιμοποιείται ποτέ. - System.out.println("Hello, world!"); + int unused = 10; + System.out.println("One useless comment!"); } - public void TESTnusedVariableMethod() { - int unused = 10; // Η μεταβλητή "unused" δεν χρησιμοποιείται ποτέ. - System.out.println("Hello, world!"); + //Linter - Incorrect method name ! Identified by SonarQube + public void FalseNameMethod() { + System.out.println("There are many comments in the DB"); + } + + ////Linter - Same body methods ! Identified by SonarQube + public void testMethod() { + System.out.println("There are many comments in the DB"); + } + + ////Linter - Empty classes ! Identified by SonarQube + class CommentImages + { + + } + ////Linter - Long line ! Identified by SonarQube + public void longLineMethod() { + System.out.println("The first patented printing mechanism for applying a marking medium to a recording medium or more particularly an electrostatic inking apparatus and a method for electrostatically depositing ink on controlled areas of a receiving medium, was in 1962 by C. R. Winston, Teletype Corporation, using continuous inkjet printing. The ink was a red stamp-pad ink manufactured by Phillips Process Company of Rochester, NY under the name Clear Print. This patent (US3060429) led to the Teletype Inktronic Printer product delivered to customers in late 1966."); } //SQL INJECTION HERE ! Identified by SonarQube From d913f6661e72b179a4fab5161c815ee5cca4d41c Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 02:15:30 +0300 Subject: [PATCH 169/267] Add lINTERS test to Comment class 6 --- src/main/java/com/scalesec/vulnado/Comment.java | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 03efc0d4..9a9914bd 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -27,20 +27,17 @@ public void FalseNameMethod() { System.out.println("There are many comments in the DB"); } - ////Linter - Same body methods ! Identified by SonarQube - public void testMethod() { - System.out.println("There are many comments in the DB"); - } ////Linter - Empty classes ! Identified by SonarQube class CommentImages { } - ////Linter - Long line ! Identified by SonarQube - public void longLineMethod() { - System.out.println("The first patented printing mechanism for applying a marking medium to a recording medium or more particularly an electrostatic inking apparatus and a method for electrostatically depositing ink on controlled areas of a receiving medium, was in 1962 by C. R. Winston, Teletype Corporation, using continuous inkjet printing. The ink was a red stamp-pad ink manufactured by Phillips Process Company of Rochester, NY under the name Clear Print. This patent (US3060429) led to the Teletype Inktronic Printer product delivered to customers in late 1966."); - } + + class comment_InnerClass{ + + } + //SQL INJECTION HERE ! Identified by SonarQube public List findUserComments(String username) { From eb48b5fe5033a2594abb931c667b6fff57810145 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 02:15:49 +0300 Subject: [PATCH 170/267] Add lINTERS test to Comment class 6 --- src/main/java/com/scalesec/vulnado/Comment.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 9a9914bd..40b8441e 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -31,12 +31,12 @@ public void FalseNameMethod() { ////Linter - Empty classes ! Identified by SonarQube class CommentImages { + class comment_InnerClass{ + } } - class comment_InnerClass{ - } //SQL INJECTION HERE ! Identified by SonarQube From 434a5e419c46827c749e9eaa6fcd74d3b56518a4 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 02:23:05 +0300 Subject: [PATCH 171/267] Add lINTERS test to Comment class 6 --- src/main/java/com/scalesec/vulnado/Comment.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/Comment.java b/src/main/java/com/scalesec/vulnado/Comment.java index 40b8441e..c2cb480d 100644 --- a/src/main/java/com/scalesec/vulnado/Comment.java +++ b/src/main/java/com/scalesec/vulnado/Comment.java @@ -28,11 +28,11 @@ public void FalseNameMethod() { } - ////Linter - Empty classes ! Identified by SonarQube + ////Linter - False name - classes ! Identified by SonarQube class CommentImages { class comment_InnerClass{ - + //empty class also... } } From 3f8d571ca13ebfcc5ae924a97e5151ff42a30aab Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 14:15:53 +0300 Subject: [PATCH 172/267] Add lINTERS test to Comment class 7 --- jenkins/Jenkinsfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 497439c9..e2ec65b1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -18,7 +18,7 @@ pipeline { } } - stage('Scan') { + stage(' Sonar Cube Scan') { steps { withSonarQubeEnv(installationName: 'sonarQube1') { sh './mvnw clean compile' // Compile the code first @@ -26,6 +26,14 @@ pipeline { } } } + stage('Pull Docker Image') { + steps { + script { + // Pull the Nmap Docker image + sh 'docker pull instrumentisto/nmap' + } + } + } From 76c6cb94fb130cd1ef85cbc6fb950baa2300a487 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 14:18:36 +0300 Subject: [PATCH 173/267] Add lINTERS test to Comment class 7 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e2ec65b1..bf8fdaec 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { steps { script { // Pull the Nmap Docker image - sh 'docker pull instrumentisto/nmap' + sh 'docker' } } } From 5d393e6dfe53708be03f545f9d95e2a3744acafa Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 14:59:53 +0300 Subject: [PATCH 174/267] Add lINTERS test to Comment class 7 --- jenkins/Jenkinsfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index bf8fdaec..ce0464eb 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -26,6 +26,15 @@ pipeline { } } } + stage('Install Nmap') { + steps { + script { + sh ''' + echo "Installing Nmap..." + sudo apt-get update && sudo apt-get install -y nmap + ''' + } + } stage('Pull Docker Image') { steps { script { From 3f4e6b550cea20fbf2a03fb6ded435524ab4de9b Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:01:12 +0300 Subject: [PATCH 175/267] Add lINTERS test to Comment class 7 --- jenkins/Jenkinsfile | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index ce0464eb..1240895f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -26,15 +26,7 @@ pipeline { } } } - stage('Install Nmap') { - steps { - script { - sh ''' - echo "Installing Nmap..." - sudo apt-get update && sudo apt-get install -y nmap - ''' - } - } + stage('Pull Docker Image') { steps { script { From 7b777abe48285e913587cb43bc501ead95240e64 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:03:50 +0300 Subject: [PATCH 176/267] Add nmap 1 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1240895f..c3031895 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -31,7 +31,7 @@ pipeline { steps { script { // Pull the Nmap Docker image - sh 'docker' + sh 'nmap' } } } From 116565e8825153466a41d1038c4f6185bbf3d6d7 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:07:14 +0300 Subject: [PATCH 177/267] Add nmap 2 --- jenkins/Jenkinsfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c3031895..4ddcdce4 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,11 +27,13 @@ pipeline { } } - stage('Pull Docker Image') { + stage('NMAP') { steps { script { - // Pull the Nmap Docker image - sh 'nmap' + sh ''' + echo "Installing Nmap..." + sudo apt-get update && sudo apt-get install -y nmap + ''' } } } From 369e3d00ca08353d1e4b16561ab3d3f4f8c67174 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:11:16 +0300 Subject: [PATCH 178/267] Add nmap 2 --- jenkins/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 47ca0b40..8cc7b6a8 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -8,5 +8,8 @@ RUN echo "deb [arch=$(dpkg --print-architecture) \ https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli +RUN apt-get update && \ + apt-get install -y nmap && \ + apt-get clean USER jenkins RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54" \ No newline at end of file From 5622dfa4ba318d23cbf0afe063b984a6c36d5a6a Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:13:01 +0300 Subject: [PATCH 179/267] Add nmap 2 --- jenkins/Jenkinsfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4ddcdce4..9c77acdf 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,10 +30,7 @@ pipeline { stage('NMAP') { steps { script { - sh ''' - echo "Installing Nmap..." - sudo apt-get update && sudo apt-get install -y nmap - ''' + sh 'nmap' } } } From acd8ccc52e4c6e25a8037eb7503c707be4087f61 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:24:02 +0300 Subject: [PATCH 180/267] Add nmap 2 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9c77acdf..0d55edd1 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { stage('NMAP') { steps { script { - sh 'nmap' + sh 'docker' } } } From 04969e002522e8e46a29ee5dba489ea0f66af803 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:25:48 +0300 Subject: [PATCH 181/267] Add nmap 2 --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 0d55edd1..f474948c 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,8 +30,8 @@ pipeline { stage('NMAP') { steps { script { - sh 'docker' - } + docker run --rm --network="host" instrumentisto/nmap nmap -sV -p 1-65535 localhost + } } } From 1ae407c735baff43d5fdb6e0fa88f55a29af28d2 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:27:33 +0300 Subject: [PATCH 182/267] Add nmap 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f474948c..8497b23d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { stage('NMAP') { steps { script { - docker run --rm --network="host" instrumentisto/nmap nmap -sV -p 1-65535 localhost + docker run --rm instrumentisto/nmap nmap -sV -p 1-65535 172.17.0.1 } } } From 895771b683877fa5155f452e9ce394caac42caa0 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:28:34 +0300 Subject: [PATCH 183/267] Add nmap 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 8497b23d..2d647af2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { stage('NMAP') { steps { script { - docker run --rm instrumentisto/nmap nmap -sV -p 1-65535 172.17.0.1 + docker run --rm instrumentisto/nmap nmap -sV -p 1-65535 "172.17.0.1" } } } From 251e071c895cf25161b8e55bd1003da27e830fd8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 15:53:46 +0300 Subject: [PATCH 184/267] Add nmap 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 2d647af2..d07ed461 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { stage('NMAP') { steps { script { - docker run --rm instrumentisto/nmap nmap -sV -p 1-65535 "172.17.0.1" + apt-get install nmap } } } From 296ad44752dccdaef2d697596df9f6b113b19fcc Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 16:07:01 +0300 Subject: [PATCH 185/267] Add nmap 3 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d07ed461..498c5a38 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { stage('NMAP') { steps { script { - apt-get install nmap + sh 'nmap' } } } From 3c4fe5bcdd7fce80ef7d656151dbc895a796dc07 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 16:07:12 +0300 Subject: [PATCH 186/267] Add nmap 3 --- jenkins/Dockerfile | 4 +--- jenkins/nmap/Dockerfile | 9 +++++++++ 2 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 jenkins/nmap/Dockerfile diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 8cc7b6a8..ad45a4a4 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -8,8 +8,6 @@ RUN echo "deb [arch=$(dpkg --print-architecture) \ https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli -RUN apt-get update && \ - apt-get install -y nmap && \ - apt-get clean +RUN apt-get install nmap USER jenkins RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54" \ No newline at end of file diff --git a/jenkins/nmap/Dockerfile b/jenkins/nmap/Dockerfile new file mode 100644 index 00000000..2b837734 --- /dev/null +++ b/jenkins/nmap/Dockerfile @@ -0,0 +1,9 @@ +FROM cgr.dev/chainguard/python:latest-dev +USER root +WORKDIR /nmap +RUN apk add --no-cache git + +RUN git clone --depth 1 https://github.com/nmap/nmap.git + +RUN adduser -D nmapuser +USER nmapuser From 0ff43833ce2acf960d3b468fbd38576e45cad159 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 17:32:48 +0300 Subject: [PATCH 187/267] Add nmap 4 --- jenkins/Jenkinsfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 498c5a38..bf7105f7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,16 +27,16 @@ pipeline { } } - stage('NMAP') { + stage('Nmap Scan') { steps { script { - sh 'nmap' + docker.image('nmap-image').inside { + sh 'nmap -v -A scanme.nmap.org' } + } } } - - stage("Test") { steps { echo "Testing" From 0d4f06f48902d2dfb69a6112ea876ec873eefa61 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 17:34:46 +0300 Subject: [PATCH 188/267] Add nmap 4 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index bf7105f7..a4aba203 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -31,7 +31,7 @@ pipeline { steps { script { docker.image('nmap-image').inside { - sh 'nmap -v -A scanme.nmap.org' + sh 'nmap' } } } From 4d9143e3ffc44be77f238c9060effd802140e3ad Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 17:38:18 +0300 Subject: [PATCH 189/267] Add nmap 4 --- jenkins/nmap/Dockerfile | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/jenkins/nmap/Dockerfile b/jenkins/nmap/Dockerfile index 2b837734..e01449dd 100644 --- a/jenkins/nmap/Dockerfile +++ b/jenkins/nmap/Dockerfile @@ -1,9 +1,3 @@ -FROM cgr.dev/chainguard/python:latest-dev -USER root -WORKDIR /nmap -RUN apk add --no-cache git - -RUN git clone --depth 1 https://github.com/nmap/nmap.git - -RUN adduser -D nmapuser -USER nmapuser +FROM alpine:latest +RUN apk update && apk add nmap +ENTRYPOINT ["nmap"] From 176694075c4543f74995141ad3b109a9da827f17 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 17:38:26 +0300 Subject: [PATCH 190/267] Add nmap 4 --- jenkins/Jenkinsfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index a4aba203..09e2cda8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -30,9 +30,10 @@ pipeline { stage('Nmap Scan') { steps { script { - docker.image('nmap-image').inside { - sh 'nmap' - } + docker.image('instrumentisto/nmap').inside { + // Run the Nmap command (change the target as needed) + sh 'nmap -sP 192.168.1.1/24' + } } } } From 20d500caa8610379989605b8e1c4f56ee3f7b64d Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 17:58:23 +0300 Subject: [PATCH 191/267] Add nmap 5 --- jenkins/Jenkinsfile | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 09e2cda8..9a904249 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,16 +27,23 @@ pipeline { } } - stage('Nmap Scan') { + stage('Build Docker Image') { steps { script { - docker.image('instrumentisto/nmap').inside { - // Run the Nmap command (change the target as needed) - sh 'nmap -sP 192.168.1.1/24' - } + docker.build('myjenkins-nmap') } } } + stage('Run Nmap') { + agent { + docker { + image 'myjenkins-nmap' + } + } + steps { + sh 'nmap -v scanme.nmap.org' + } + } stage("Test") { steps { From 50449c1242172f27620087990bccc415bd15a596 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:01:36 +0300 Subject: [PATCH 192/267] Add nmap 5 --- jenkins/Jenkinsfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9a904249..0e059afd 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -29,9 +29,7 @@ pipeline { stage('Build Docker Image') { steps { - script { - docker.build('myjenkins-nmap') - } + sh 'docker --version' } } stage('Run Nmap') { From c07ca010cbae59bc54f4f2c3ee76fb62b77e56f8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:35:44 +0300 Subject: [PATCH 193/267] Add nmap 5 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 0e059afd..293ae335 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -35,7 +35,7 @@ pipeline { stage('Run Nmap') { agent { docker { - image 'myjenkins-nmap' + sh 'docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v' } } steps { From 1fb3906818772da999b6bff34d31b02e3430f393 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:37:52 +0300 Subject: [PATCH 194/267] Add nmap 5 --- jenkins/Jenkinsfile | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 293ae335..6af6b09f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -32,14 +32,10 @@ pipeline { sh 'docker --version' } } + stage('Run Nmap') { - agent { - docker { - sh 'docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v' - } - } steps { - sh 'nmap -v scanme.nmap.org' + sh 'docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v' } } From f958c59ea5b679be27b2efb9ecfc1fc328e1935b Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:39:22 +0300 Subject: [PATCH 195/267] Add nmap 67 --- jenkins/Jenkinsfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 6af6b09f..7bba2a39 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -35,7 +35,9 @@ pipeline { stage('Run Nmap') { steps { - sh 'docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v' + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v + """ } } From 601313924575a5402d7b4947b5e053a1e6989cb6 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:41:31 +0300 Subject: [PATCH 196/267] Add nmap 677 --- jenkins/Jenkinsfile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 7bba2a39..ae1a3ae7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,17 +27,13 @@ pipeline { } } - stage('Build Docker Image') { - steps { - sh 'docker --version' - } - } - - stage('Run Nmap') { + stage('Run Nmap') { steps { + script { sh """ docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v """ + } } } From ec673ec7b1b40e9dd8666e0ba63b72c69edb356a Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:43:14 +0300 Subject: [PATCH 197/267] Add nmap 6734 --- jenkins/Jenkinsfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index ae1a3ae7..e3a30b4c 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,16 +27,14 @@ pipeline { } } - stage('Run Nmap') { + stage('Build Docker Image') { steps { - script { - sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v - """ - } + sh 'docker --version' } } + + stage("Test") { steps { echo "Testing" From eade09ba2687f587dc44efcd8df278348ab4cc82 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 18:46:39 +0300 Subject: [PATCH 198/267] Add nmap 6736 --- jenkins/Jenkinsfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e3a30b4c..332e6ef8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -32,6 +32,14 @@ pipeline { sh 'docker --version' } } + stage('Run Nmap') { + steps { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v + + """ + } + } From b25266b43de4d8768ba40c660a2dd0c4e0dc4ccf Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 18:50:19 +0300 Subject: [PATCH 199/267] snyk + sqlmap --- docker-compose.yml | 2 +- jenkins/Dockerfile | 12 +++-- jenkins/Jenkinsfile | 93 ++++++++++++++++++++++++++++++++++++--- jenkins/sqlmap/Dockerfile | 11 +++++ 4 files changed, 107 insertions(+), 11 deletions(-) create mode 100644 jenkins/sqlmap/Dockerfile diff --git a/docker-compose.yml b/docker-compose.yml index 9fc50ce4..35956c81 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: vulnado: build: . ports: - - 8080:8080 + - 8081:8080 links: - db - internal_site diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 7b57312f..6e879f6e 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -4,9 +4,13 @@ RUN apt-get update && apt-get install -y lsb-release python3-pip RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \ https://download.docker.com/linux/debian/gpg RUN echo "deb [arch=$(dpkg --print-architecture) \ - signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \ - https://download.docker.com/linux/debian \ - $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list + signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \ + https://download.docker.com/linux/debian \ + $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli USER jenkins -RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 docker-workflow:580.vc0c340686b_54 build-token-root:151.va_e52fe3215fc" \ No newline at end of file +RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 \ + docker-workflow:580.vc0c340686b_54 \ + build-token-root:151.va_e52fe3215fc \ + file-parameters:339.v4b_cc83e11455 \ + sonar:2.17.2" \ No newline at end of file diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 205f1682..719e65ba 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,10 +1,17 @@ pipeline { agent any + parameters { + string(name: 'dockerComposePath', value: "", description: "Path of the docker-compose.yml"), + string(name: 'dockerfilePath', value: "", description: "Path of the Dockerfile"), + base64File description: 'File containing the endpoints to be tested by SQLmap', name: 'endpoints' + } environment { REPO_URL = '' CURR_BRANCH = '' workspace = '' relativeWorkspacePath = '' + SNYK_TOKEN = credentials('snyk-token') + } } stages { stage ('Checkout SCM') @@ -26,9 +33,47 @@ pipeline { // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - + } + } + } + stage('Check and build Docker Images') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + def images = [] + + if (dockerComposePath?.trim()) { + // If dockerComposePath is provided, run docker-compose to build images + echo "Docker Compose file detected. Building images using docker-compose..." + sh """ + docker-compose -f ${dockerComposePath} build --parallel + """ + + // Get repository and tag of the images created by docker-compose + images = sh(script: """ + docker-compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + """, returnStdout: true).trim().split("\n") + + } else if (dockerfilePath?.trim()) { + // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile + echo "Dockerfile detected. Building image using docker build..." + + def imageName = "my_image:latest" // You can customize the image name as needed + sh """ + docker build -t ${imageName} -f ${dockerfilePath} . + """ + + echo "Image built from Dockerfile: ${imageName}" + images << imageName + } else { + error "No Dockerfile or Docker Compose file provided. Please provide at least one." + } + + // Save images to an environment variable for later stages + env.IMAGES = images.join(",") + } } - } + } } stage('TruffleHog Secret Scan') { steps { @@ -59,16 +104,52 @@ pipeline { echo "Building" } } - stage("Test") { + stage('Snyk Docker Image vulnerability scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + // Use Snyk to scan each image + def images = env.IMAGES.split(",") + + for (image in images) { + def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") + + echo "Scanning image: ${image} using Snyk..." + + sh "rm -f snyk_${sanitizedImageName}" + + sh """ + docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ + snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} + """ + } + } + } + script { + // TODO: Add the exception if a vulnerability is found in the file. + } + } + } + stage('SQL map endpoints scan') { steps { - echo "Testing" + withFileParameter('endpoints') { + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest \ + -u "http://testphp.vulnweb.com/artists.php?artist=1%27" --batch + """ + } } } - stage("Deliver") { + stage('Clean up') { steps { - echo "Deliver" + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + + } + } } } + } post { diff --git a/jenkins/sqlmap/Dockerfile b/jenkins/sqlmap/Dockerfile new file mode 100644 index 00000000..a6d38b1e --- /dev/null +++ b/jenkins/sqlmap/Dockerfile @@ -0,0 +1,11 @@ +FROM cgr.dev/chainguard/git:latest AS git-clone + +WORKDIR /sqlmap + +RUN git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git . + +FROM cgr.dev/chainguard/python:latest + +COPY --from=git-clone /sqlmap . + +ENTRYPOINT ["python3", "/sqlmap.py"] \ No newline at end of file From 86be415c685326c78c036bc9e66d6cb970a2afc2 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 18:52:09 +0300 Subject: [PATCH 200/267] a --- jenkins/Jenkinsfile | 1 - 1 file changed, 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 719e65ba..1d02aa58 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -12,7 +12,6 @@ pipeline { relativeWorkspacePath = '' SNYK_TOKEN = credentials('snyk-token') } - } stages { stage ('Checkout SCM') { From d4c48e5a6e022682f6e2153ea4dd5c705960a89c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 18:56:48 +0300 Subject: [PATCH 201/267] fix --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1d02aa58..f660b9d3 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,8 +1,8 @@ pipeline { agent any parameters { - string(name: 'dockerComposePath', value: "", description: "Path of the docker-compose.yml"), - string(name: 'dockerfilePath', value: "", description: "Path of the Dockerfile"), + string name: 'dockerComposePath', default: "", description: "Path of the docker-compose.yml" + string name: 'dockerfilePath', default: "", description: "Path of the Dockerfile" base64File description: 'File containing the endpoints to be tested by SQLmap', name: 'endpoints' } environment { From 4396e9997da6a81961913583835c046a350fa9a2 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 18:59:11 +0300 Subject: [PATCH 202/267] a --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f660b9d3..394ff971 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -118,7 +118,7 @@ pipeline { sh "rm -f snyk_${sanitizedImageName}" sh """ - docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ + docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} """ } @@ -133,7 +133,7 @@ pipeline { steps { withFileParameter('endpoints') { sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest \ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest \ -u "http://testphp.vulnweb.com/artists.php?artist=1%27" --batch """ } From 3ce0096d18f52cda0362da1115309c058f0fd3b8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 19:00:08 +0300 Subject: [PATCH 203/267] a --- jenkins/Jenkinsfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 394ff971..d91b2a60 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -124,9 +124,6 @@ pipeline { } } } - script { - // TODO: Add the exception if a vulnerability is found in the file. - } } } stage('SQL map endpoints scan') { From 543c92c3bc767eacb2e7c991297e33c7d047187e Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 19:01:12 +0300 Subject: [PATCH 204/267] a --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index d91b2a60..928d28a2 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,8 +1,8 @@ pipeline { agent any parameters { - string name: 'dockerComposePath', default: "", description: "Path of the docker-compose.yml" - string name: 'dockerfilePath', default: "", description: "Path of the Dockerfile" + string name: 'dockerComposePath', defaultValue: "", description: "Path of the docker-compose.yml" + string name: 'dockerfilePath', defaultValue: "", description: "Path of the Dockerfile" base64File description: 'File containing the endpoints to be tested by SQLmap', name: 'endpoints' } environment { From a6e5669a8a9e45869ace13b343d80a6a4ba4f7c2 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 19:02:30 +0300 Subject: [PATCH 205/267] a --- jenkins/Jenkinsfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 928d28a2..b27c2e94 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -139,9 +139,7 @@ pipeline { stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - - } + } } } From 7873d8206c6df3b6ce594ddd4d0409d278f17e04 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 19:15:15 +0300 Subject: [PATCH 206/267] Add nmap 673635 --- jenkins/Jenkinsfile | 1 - 1 file changed, 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 332e6ef8..aa2596e5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -36,7 +36,6 @@ pipeline { steps { sh """ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v - """ } } From 12bd7de7a53d98d234074b8a23a9fbe202dde63a Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 19:22:23 +0300 Subject: [PATCH 207/267] a --- jenkins/Jenkinsfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b27c2e94..1b6622a6 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -75,12 +75,19 @@ pipeline { } } stage('TruffleHog Secret Scan') { + agent { + docker { image 'trufflesecurity/trufflehog:latest' } + } steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' + // sh """ + // docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog + // """ + sh """ docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog """ @@ -92,7 +99,7 @@ pipeline { } else { echo "Warning! Secrets are committed into your git repository." - throw new Exception("Secrets might be committed into your git repo") + error("Secrets might be committed into your git repo") } } } From d2ce6b71fe6e70e87b8022801c51b2fc7424d8fa Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 19:25:47 +0300 Subject: [PATCH 208/267] a --- jenkins/Jenkinsfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1b6622a6..6cfd8337 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,5 +1,5 @@ pipeline { - agent any + agent none parameters { string name: 'dockerComposePath', defaultValue: "", description: "Path of the docker-compose.yml" string name: 'dockerfilePath', defaultValue: "", description: "Path of the Dockerfile" @@ -76,7 +76,10 @@ pipeline { } stage('TruffleHog Secret Scan') { agent { - docker { image 'trufflesecurity/trufflehog:latest' } + docker { + image 'trufflesecurity/trufflehog:latest' + args '-v /var/run/docker.sock:/var/run/docker.sock' // Ensure Docker socket is mounted + } } steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { From 256c15cf8fae65490bfb25a110dcac6a49aa3d14 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 19:27:18 +0300 Subject: [PATCH 209/267] fix --- jenkins/Jenkinsfile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 6cfd8337..10621419 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -26,13 +26,15 @@ pipeline { } stage('Setting Environment Variables') { steps { - script { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { - echo "Getting git repo info" - // Get the current repository URL - REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() - CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() - } + echo "Getting git repo info" + // Get the current repository URL + REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() + CURR_BRANCH = sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim() + } + } } } stage('Check and build Docker Images') { From 751e7febc56caae102f8b3ee3d0cd46d7fe47cdb Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 20:00:49 +0300 Subject: [PATCH 210/267] a --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 10621419..98bf6361 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -80,7 +80,7 @@ pipeline { agent { docker { image 'trufflesecurity/trufflehog:latest' - args '-v /var/run/docker.sock:/var/run/docker.sock' // Ensure Docker socket is mounted + args '-v "/var/run/docker.sock:/var/run/docker.sock"' // Ensure Docker socket is mounted } } steps { From aedd32d8bb52b1ead06c13abe97bf88aadc117dc Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 20:47:20 +0300 Subject: [PATCH 211/267] Add nmap TEST 1 --- jenkins/Jenkinsfile | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index aa2596e5..fe3c3b45 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,6 +39,33 @@ pipeline { """ } } + stage('Run Nmap - Open Ports Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -p 1-65535 -oN nmap_ports_scan.txt + """ + } + } + } + + stage('Run Nmap - Vulnerability Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest --script vuln -oN nmap_vuln_scan.txt + """ + } + } + } + + stage('Archive Scan Results') { + steps { + // Αποθηκεύει τα αποτελέσματα των scans για μελλοντική αναφορά + archiveArtifacts artifacts: 'nmap_ports_scan.txt, nmap_vuln_scan.txt', allowEmptyArchive: true + } + } + } From e5e1d6ecd21b48fbdc1eeb5a412ede1ec88ca35d Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 20:48:35 +0300 Subject: [PATCH 212/267] Add nmap TEST 2 --- jenkins/Jenkinsfile | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index fe3c3b45..7e5fa74b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,33 +39,7 @@ pipeline { """ } } - stage('Run Nmap - Open Ports Scan') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -p 1-65535 -oN nmap_ports_scan.txt - """ - } - } - } - - stage('Run Nmap - Vulnerability Scan') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest --script vuln -oN nmap_vuln_scan.txt - """ - } - } - } - stage('Archive Scan Results') { - steps { - // Αποθηκεύει τα αποτελέσματα των scans για μελλοντική αναφορά - archiveArtifacts artifacts: 'nmap_ports_scan.txt, nmap_vuln_scan.txt', allowEmptyArchive: true - } - } - } From aa0863657acb420c3372a035f0ab1684cfd30200 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 20:50:31 +0300 Subject: [PATCH 213/267] Add nmap TEST 3 --- jenkins/Jenkinsfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 7e5fa74b..33810205 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,6 +39,15 @@ pipeline { """ } } + stage('Run Nmap - Open Ports Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -p 1-65535 -oN nmap_ports_scan.txt + """ + } + } + } From dba8a25e6ebe7acde76b97cc74e6a399b214f4e6 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 20:52:05 +0300 Subject: [PATCH 214/267] Add nmap TEST 4 --- jenkins/Jenkinsfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 33810205..36f1eb66 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -49,6 +49,16 @@ pipeline { } } + stage('Run Nmap - Vulnerability Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest --script vuln -oN nmap_vuln_scan.txt + """ + } + } + } + From 75e467f2ed85438aac5b62cef8bd4d6e4f548088 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 21:18:54 +0300 Subject: [PATCH 215/267] Add nmap TEST 5 --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 36f1eb66..ae29a45d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -43,7 +43,7 @@ pipeline { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -p 1-65535 -oN nmap_ports_scan.txt + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest -p 1-65535 -oN nmap_ports_scan.txt """ } } @@ -53,7 +53,7 @@ pipeline { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest --script vuln -oN nmap_vuln_scan.txt + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest --script vuln -oN nmap_vuln_scan.txt """ } } From 57b1386867a8fb87bc6cc8d21a10ce5b7fd9cb67 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 21:23:53 +0300 Subject: [PATCH 216/267] as --- jenkins/Dockerfile | 17 +++++++++-------- jenkins/Jenkinsfile | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 6e879f6e..154c6bba 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -1,16 +1,17 @@ FROM jenkins/jenkins:2.462.2-jdk17 USER root -RUN apt-get update && apt-get install -y lsb-release python3-pip +RUN apt-get update && apt-get install -y lsb-release RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \ https://download.docker.com/linux/debian/gpg RUN echo "deb [arch=$(dpkg --print-architecture) \ - signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \ - https://download.docker.com/linux/debian \ - $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list + signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \ + https://download.docker.com/linux/debian \ + $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list RUN apt-get update && apt-get install -y docker-ce-cli USER jenkins RUN jenkins-plugin-cli --plugins "blueocean:1.27.14 \ - docker-workflow:580.vc0c340686b_54 \ - build-token-root:151.va_e52fe3215fc \ - file-parameters:339.v4b_cc83e11455 \ - sonar:2.17.2" \ No newline at end of file +docker-workflow:580.vc0c340686b_54 \ +build-token-root:151.va_e52fe3215fc \ +file-parameters:339.v4b_cc83e11455 \ +sonar:2.17.2" + diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 98bf6361..10621419 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -80,7 +80,7 @@ pipeline { agent { docker { image 'trufflesecurity/trufflehog:latest' - args '-v "/var/run/docker.sock:/var/run/docker.sock"' // Ensure Docker socket is mounted + args '-v /var/run/docker.sock:/var/run/docker.sock' // Ensure Docker socket is mounted } } steps { From 6969c65b9716505150dc570cc84c964fe8f3e51a Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 21:32:11 +0300 Subject: [PATCH 217/267] Add nmap TEST 5 --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index ae29a45d..e240d297 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -39,11 +39,11 @@ pipeline { """ } } - stage('Run Nmap - Open Ports Scan') { + stage('Run Nmap - CSRF Scan') { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest -p 1-65535 -oN nmap_ports_scan.txt + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest -sV --script http-csrf -oN nmap_csrf_scan.txt """ } } From e85b02336e619c2acc4cd122ea4936140ec39bb0 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 21:44:16 +0300 Subject: [PATCH 218/267] Add nmap TEST 6 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e240d297..50df4502 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -43,7 +43,7 @@ pipeline { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest -sV --script http-csrf -oN nmap_csrf_scan.txt + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest -sV --script """ } } From 2948a481efd15e6d663d9f4e7fba1dfcb06009f5 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:07:25 +0300 Subject: [PATCH 219/267] fix --- jenkins/Jenkinsfile | 2 +- jenkins/sqlmap/endpoints.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 jenkins/sqlmap/endpoints.txt diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 10621419..9a57899b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,5 +1,5 @@ pipeline { - agent none + agent any parameters { string name: 'dockerComposePath', defaultValue: "", description: "Path of the docker-compose.yml" string name: 'dockerfilePath', defaultValue: "", description: "Path of the Dockerfile" diff --git a/jenkins/sqlmap/endpoints.txt b/jenkins/sqlmap/endpoints.txt new file mode 100644 index 00000000..db731e56 --- /dev/null +++ b/jenkins/sqlmap/endpoints.txt @@ -0,0 +1 @@ +http://testphp.vulnweb.com/artists.php?artist=1%27 \ No newline at end of file From e7c3472887565593add13a772db28b4e744972aa Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 22:17:45 +0300 Subject: [PATCH 220/267] Add nmap TEST 7 --- jenkins/Jenkinsfile | 23 ++------ .../scalesec/vulnado/VulnerableServer.java | 55 +++++++++++++++++++ 2 files changed, 59 insertions(+), 19 deletions(-) create mode 100644 src/main/java/com/scalesec/vulnado/VulnerableServer.java diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 50df4502..1a82a92b 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -32,33 +32,18 @@ pipeline { sh 'docker --version' } } - stage('Run Nmap') { - steps { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image:latest -v - """ - } - } - stage('Run Nmap - CSRF Scan') { + + stage('Run Nmap - Vuln Scan') { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest -sV --script + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest nmap_image_3:latest -sV --script vuln default + """ } } } - stage('Run Nmap - Vulnerability Scan') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_2:latest --script vuln -oN nmap_vuln_scan.txt - """ - } - } - } - diff --git a/src/main/java/com/scalesec/vulnado/VulnerableServer.java b/src/main/java/com/scalesec/vulnado/VulnerableServer.java new file mode 100644 index 00000000..434ef6e7 --- /dev/null +++ b/src/main/java/com/scalesec/vulnado/VulnerableServer.java @@ -0,0 +1,55 @@ +package com.scalesec.vulnado; + +import java.io.*; +import java.net.*; +import java.util.*; + +public class VulnerableServer { + + public static void main(String[] args) { + // Ανοιχτές θύρες για ακούσματα + openPort(8080); // HTTP θύρα + openPort(3306); // MySQL θύρα + openPort(21); // FTP θύρα + } + + public static void openPort(int port) { + try { + ServerSocket serverSocket = new ServerSocket(port); + System.out.println("Listening on port " + port); + + // Ο Server παραμένει σε αναμονή για συνδέσεις + while (true) { + Socket clientSocket = serverSocket.accept(); + handleClient(clientSocket); + } + } catch (IOException e) { + e.printStackTrace(); + } + } + + public static void handleClient(Socket clientSocket) { + try { + BufferedReader in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream())); + PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true); + + // Διαβάζει δεδομένα από τον client + String clientInput = in.readLine(); + System.out.println("Received: " + clientInput); + + // SQL Injection Vulnerability: υποθετικό παράδειγμα χειρισμού εισόδου χωρίς έλεγχο + String query = "SELECT * FROM users WHERE username = '" + clientInput + "';"; + System.out.println("Executing query: " + query); + + // Απαντάει στον client + out.println("Query Executed: " + query); + + // Χωρίς κρυπτογράφηση δεδομένων + out.println("Plain-text response: No encryption used here!"); + + clientSocket.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } +} From 483380c8b3eb9a8ed66d0a916d8c745d96c50695 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 22:20:34 +0300 Subject: [PATCH 221/267] Add nmap TEST 8 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1a82a92b..559ddb93 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -37,7 +37,7 @@ pipeline { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest nmap_image_3:latest -sV --script vuln default + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln default """ } From 13a202e7436e84a40f3cd90975dfec3957944735 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 22:31:18 +0300 Subject: [PATCH 222/267] Add nmap TEST 9 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 559ddb93..5fecbb93 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { } } - stage('Build Docker Image') { + stage('Build Docker Image ') { steps { sh 'docker --version' } From aa8a4c2cd6a59bdf7ee9430d76403818dd5cd2a5 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:42:22 +0300 Subject: [PATCH 223/267] final check? --- jenkins/Jenkinsfile | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9a57899b..9829b128 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -77,22 +77,12 @@ pipeline { } } stage('TruffleHog Secret Scan') { - agent { - docker { - image 'trufflesecurity/trufflehog:latest' - args '-v /var/run/docker.sock:/var/run/docker.sock' // Ensure Docker socket is mounted - } - } steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { echo "Running Trufflehog Scan" sh 'rm -f trufflehog' - // sh """ - // docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog - // """ - sh """ docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog """ @@ -110,11 +100,6 @@ pipeline { } } } - stage('Build') { - steps { - echo "Building" - } - } stage('Snyk Docker Image vulnerability scan') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { @@ -142,8 +127,7 @@ pipeline { steps { withFileParameter('endpoints') { sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest \ - -u "http://testphp.vulnweb.com/artists.php?artist=1%27" --batch + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -d endpoints.txt --batch > sqlmap """ } } @@ -151,7 +135,21 @@ pipeline { stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - + def images = env.IMAGES.split(",") + sh """ + REPORT_DIR="reports/${JOB_NAME}_${BUILD_NUMBER}" + mkdir -p ${REPORT_DIR} + + mv trufflehog ${REPORT_DIR}/ || true + mv sqlmap ${REPORT_DIR}/ || true + """ + for (image in images) { + def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") + sh """ + mv snyk_${sanitizedImageName} ${REPORT_DIR}/ || true + """ + } + } } } @@ -161,7 +159,7 @@ pipeline { post { always { echo 'Cleaning up...' - // Perform cleanup or archive reports + } success { echo 'Pipeline completed successfully.' From a6bee237050b8348aece5e08d09d84f95672bec6 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:43:04 +0300 Subject: [PATCH 224/267] test commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9829b128..db7ebc09 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -149,7 +149,7 @@ pipeline { mv snyk_${sanitizedImageName} ${REPORT_DIR}/ || true """ } - + } } } From 14c8f77146e30570ceed998eeb8006278455c7d3 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:44:26 +0300 Subject: [PATCH 225/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index db7ebc09..0b560cbf 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -159,7 +159,7 @@ pipeline { post { always { echo 'Cleaning up...' - + } success { echo 'Pipeline completed successfully.' From 39aaeea3696c692c854fc4b2ce5a0923d6d37ca8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 22:44:51 +0300 Subject: [PATCH 226/267] Add nmap TEST 9 --- .../scalesec/vulnado/VulnerableServer.java | 59 ++++++------------- 1 file changed, 19 insertions(+), 40 deletions(-) diff --git a/src/main/java/com/scalesec/vulnado/VulnerableServer.java b/src/main/java/com/scalesec/vulnado/VulnerableServer.java index 434ef6e7..cf20863c 100644 --- a/src/main/java/com/scalesec/vulnado/VulnerableServer.java +++ b/src/main/java/com/scalesec/vulnado/VulnerableServer.java @@ -1,55 +1,34 @@ package com.scalesec.vulnado; - import java.io.*; -import java.net.*; -import java.util.*; +import java.net.ServerSocket; +import java.net.Socket; public class VulnerableServer { + public static void main(String[] args) throws Exception { + // Open a server on port 8080 + ServerSocket serverSocket = new ServerSocket(8082); + System.out.println("Server started on port 8082"); - public static void main(String[] args) { - // Ανοιχτές θύρες για ακούσματα - openPort(8080); // HTTP θύρα - openPort(3306); // MySQL θύρα - openPort(21); // FTP θύρα - } - - public static void openPort(int port) { - try { - ServerSocket serverSocket = new ServerSocket(port); - System.out.println("Listening on port " + port); - - // Ο Server παραμένει σε αναμονή για συνδέσεις - while (true) { - Socket clientSocket = serverSocket.accept(); - handleClient(clientSocket); - } - } catch (IOException e) { - e.printStackTrace(); - } - } - - public static void handleClient(Socket clientSocket) { - try { + while (true) { + Socket clientSocket = serverSocket.accept(); BufferedReader in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream())); PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true); - // Διαβάζει δεδομένα από τον client - String clientInput = in.readLine(); - System.out.println("Received: " + clientInput); + // Vulnerability 1: Command Injection + out.println("Enter a command to execute: "); + String command = in.readLine(); - // SQL Injection Vulnerability: υποθετικό παράδειγμα χειρισμού εισόδου χωρίς έλεγχο - String query = "SELECT * FROM users WHERE username = '" + clientInput + "';"; - System.out.println("Executing query: " + query); + // Unsafe execution of system commands + Process process = Runtime.getRuntime().exec(command); // Command Injection vulnerability + BufferedReader processOutput = new BufferedReader(new InputStreamReader(process.getInputStream())); - // Απαντάει στον client - out.println("Query Executed: " + query); - - // Χωρίς κρυπτογράφηση δεδομένων - out.println("Plain-text response: No encryption used here!"); + String line; + out.println("Command output:"); + while ((line = processOutput.readLine()) != null) { + out.println(line); + } clientSocket.close(); - } catch (IOException e) { - e.printStackTrace(); } } } From df61ba49d6b74b0f51159894de83cf91ff9d5182 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:45:59 +0300 Subject: [PATCH 227/267] fix --- jenkins/Jenkinsfile | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 0b560cbf..e51371e7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -135,20 +135,22 @@ pipeline { stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - def images = env.IMAGES.split(",") - sh """ + script { + def images = env.IMAGES.split(",") + sh """ REPORT_DIR="reports/${JOB_NAME}_${BUILD_NUMBER}" mkdir -p ${REPORT_DIR} - mv trufflehog ${REPORT_DIR}/ || true mv sqlmap ${REPORT_DIR}/ || true - """ - for (image in images) { - def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") - sh """ - mv snyk_${sanitizedImageName} ${REPORT_DIR}/ || true """ + for (image in images) { + def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") + sh """ + mv snyk_${sanitizedImageName} ${REPORT_DIR}/ || true + """ + } } + } } From eb4b67444ea7d9b9cbaa6bec1f40eb457ca80c72 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:46:12 +0300 Subject: [PATCH 228/267] test1 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e51371e7..b11166f3 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -151,7 +151,7 @@ pipeline { } } - + } } } From 2e7d8b7e3de586fe64b0b5c29ea5bedbc2c63ba1 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 22:53:15 +0300 Subject: [PATCH 229/267] fix --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index b11166f3..fb90f0ae 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -47,12 +47,12 @@ pipeline { // If dockerComposePath is provided, run docker-compose to build images echo "Docker Compose file detected. Building images using docker-compose..." sh """ - docker-compose -f ${dockerComposePath} build --parallel + docker compose -f ${dockerComposePath} build --parallel """ // Get repository and tag of the images created by docker-compose images = sh(script: """ - docker-compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + docker compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' """, returnStdout: true).trim().split("\n") } else if (dockerfilePath?.trim()) { From c32f2ab340f4844e2dab96dc471c2f930c35207e Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:01:34 +0300 Subject: [PATCH 230/267] parallel stages --- jenkins/Jenkinsfile | 163 +++++++++++++++++++++++--------------------- 1 file changed, 86 insertions(+), 77 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index fb90f0ae..c4432a4a 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -36,102 +36,111 @@ pipeline { } } } - } - stage('Check and build Docker Images') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - def images = [] + } + parallel { + stage('TruffleHog Secret Scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + echo "Running Trufflehog Scan" + sh 'rm -f trufflehog' - if (dockerComposePath?.trim()) { - // If dockerComposePath is provided, run docker-compose to build images - echo "Docker Compose file detected. Building images using docker-compose..." - sh """ - docker compose -f ${dockerComposePath} build --parallel + sh """ + docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog """ - - // Get repository and tag of the images created by docker-compose - images = sh(script: """ - docker compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' - """, returnStdout: true).trim().split("\n") - } else if (dockerfilePath?.trim()) { - // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile - echo "Dockerfile detected. Building image using docker build..." + def truffle = readFile "trufflehog" - def imageName = "my_image:latest" // You can customize the image name as needed - sh """ - docker build -t ${imageName} -f ${dockerfilePath} . - """ - - echo "Image built from Dockerfile: ${imageName}" - images << imageName - } else { - error "No Dockerfile or Docker Compose file provided. Please provide at least one." + if (truffle.length() == 0) { + echo "Good to go. No secrets found" + } + else { + echo "Warning! Secrets are committed into your git repository." + error("Secrets might be committed into your git repo") + } } - - // Save images to an environment variable for later stages - env.IMAGES = images.join(",") } } - } - } - stage('TruffleHog Secret Scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - echo "Running Trufflehog Scan" - sh 'rm -f trufflehog' + } + stage('Docker Image Vulnerability Scan') { + stages { + stage('Check and build Docker Images') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + def images = [] - sh """ - docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog - """ + if (dockerComposePath?.trim()) { + // If dockerComposePath is provided, run docker-compose to build images + echo "Docker Compose file detected. Building images using docker-compose..." + sh """ + docker compose -f ${dockerComposePath} build --parallel + """ + + // Get repository and tag of the images created by docker-compose + images = sh(script: """ + docker compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + """, returnStdout: true).trim().split("\n") - def truffle = readFile "trufflehog" - - if (truffle.length() == 0) { - echo "Good to go. No secrets found" - } - else { - echo "Warning! Secrets are committed into your git repository." - error("Secrets might be committed into your git repo") + } else if (dockerfilePath?.trim()) { + // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile + echo "Dockerfile detected. Building image using docker build..." + + def imageName = "my_image:latest" // You can customize the image name as needed + sh """ + docker build -t ${imageName} -f ${dockerfilePath} . + """ + + echo "Image built from Dockerfile: ${imageName}" + images << imageName + } else { + error "No Dockerfile or Docker Compose file provided. Please provide at least one." + } + + // Save images to an environment variable for later stages + env.IMAGES = images.join(",") + } + } } } - } - } - } - stage('Snyk Docker Image vulnerability scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - // Use Snyk to scan each image - def images = env.IMAGES.split(",") + stage('Snyk Docker Image vulnerability scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + // Use Snyk to scan each image + def images = env.IMAGES.split(",") - for (image in images) { - def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") + for (image in images) { + def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") - echo "Scanning image: ${image} using Snyk..." + echo "Scanning image: ${image} using Snyk..." - sh "rm -f snyk_${sanitizedImageName}" + sh "rm -f snyk_${sanitizedImageName}" - sh """ - docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ - snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} - """ + sh """ + docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ + snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} + """ + } + } + } } - } - } + } + } } - } - stage('SQL map endpoints scan') { - steps { - withFileParameter('endpoints') { - sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -d endpoints.txt --batch > sqlmap - """ + stage('SQL map endpoints scan') { + steps { + withFileParameter('endpoints') { + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -d endpoints.txt --batch > sqlmap + """ + } } } } + + + stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { @@ -161,7 +170,7 @@ pipeline { post { always { echo 'Cleaning up...' - + } success { echo 'Pipeline completed successfully.' From 025adc777f1e7b198cd55d0918e3db36a25f5454 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:02:34 +0300 Subject: [PATCH 231/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c4432a4a..1e2516fb 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -139,7 +139,7 @@ pipeline { } } - + stage('Clean up') { steps { From c53e3cbeb8b6e868c78daed58bd00aba2f713858 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:04:29 +0300 Subject: [PATCH 232/267] fix parallel --- jenkins/Jenkinsfile | 163 ++++++++++++++++++++++---------------------- 1 file changed, 81 insertions(+), 82 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 1e2516fb..f517165d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -36,111 +36,110 @@ pipeline { } } } - } - parallel { - stage('TruffleHog Secret Scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - echo "Running Trufflehog Scan" - sh 'rm -f trufflehog' + } + stage('Secret Scanning, Image vulnerability Scanning and SQL Injection Scanning'){ + parallel { + stage('TruffleHog Secret Scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + echo "Running Trufflehog Scan" + sh 'rm -f trufflehog' - sh """ - docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog - """ + sh """ + docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog + """ - def truffle = readFile "trufflehog" - - if (truffle.length() == 0) { - echo "Good to go. No secrets found" - } - else { - echo "Warning! Secrets are committed into your git repository." - error("Secrets might be committed into your git repo") + def truffle = readFile "trufflehog" + + if (truffle.length() == 0) { + echo "Good to go. No secrets found" + } + else { + echo "Warning! Secrets are committed into your git repository." + error("Secrets might be committed into your git repo") + } } } } } - } - stage('Docker Image Vulnerability Scan') { - stages { - stage('Check and build Docker Images') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - def images = [] + stage('Docker Image Vulnerability Scan') { + stages { + stage('Check and build Docker Images') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + def images = [] - if (dockerComposePath?.trim()) { - // If dockerComposePath is provided, run docker-compose to build images - echo "Docker Compose file detected. Building images using docker-compose..." - sh """ - docker compose -f ${dockerComposePath} build --parallel - """ - - // Get repository and tag of the images created by docker-compose - images = sh(script: """ - docker compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' - """, returnStdout: true).trim().split("\n") + if (dockerComposePath?.trim()) { + // If dockerComposePath is provided, run docker-compose to build images + echo "Docker Compose file detected. Building images using docker-compose..." + sh """ + docker compose -f ${dockerComposePath} build --parallel + """ + + // Get repository and tag of the images created by docker-compose + images = sh(script: """ + docker compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + """, returnStdout: true).trim().split("\n") - } else if (dockerfilePath?.trim()) { - // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile - echo "Dockerfile detected. Building image using docker build..." - - def imageName = "my_image:latest" // You can customize the image name as needed - sh """ - docker build -t ${imageName} -f ${dockerfilePath} . - """ - - echo "Image built from Dockerfile: ${imageName}" - images << imageName - } else { - error "No Dockerfile or Docker Compose file provided. Please provide at least one." - } + } else if (dockerfilePath?.trim()) { + // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile + echo "Dockerfile detected. Building image using docker build..." + + def imageName = "my_image:latest" // You can customize the image name as needed + sh """ + docker build -t ${imageName} -f ${dockerfilePath} . + """ + + echo "Image built from Dockerfile: ${imageName}" + images << imageName + } else { + error "No Dockerfile or Docker Compose file provided. Please provide at least one." + } - // Save images to an environment variable for later stages - env.IMAGES = images.join(",") + // Save images to an environment variable for later stages + env.IMAGES = images.join(",") + } } } } - } - stage('Snyk Docker Image vulnerability scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - // Use Snyk to scan each image - def images = env.IMAGES.split(",") + stage('Snyk Docker Image vulnerability scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + // Use Snyk to scan each image + def images = env.IMAGES.split(",") - for (image in images) { - def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") + for (image in images) { + def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") - echo "Scanning image: ${image} using Snyk..." + echo "Scanning image: ${image} using Snyk..." - sh "rm -f snyk_${sanitizedImageName}" + sh "rm -f snyk_${sanitizedImageName}" - sh """ - docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ - snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} - """ + sh """ + docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ + snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} + """ + } } } } + } + } + } + stage('SQL map endpoints scan') { + steps { + withFileParameter('endpoints') { + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -d endpoints.txt --batch > sqlmap + """ } - } - } - } - stage('SQL map endpoints scan') { - steps { - withFileParameter('endpoints') { - sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -d endpoints.txt --batch > sqlmap - """ } } } - } - - - + } stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { From e5f349b58a6d093654e5b3bea4979230a8845fca Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:05:18 +0300 Subject: [PATCH 233/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index f517165d..fdbdddf4 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -158,7 +158,7 @@ pipeline { """ } } - + } } From 286067c746bf1142dfde01e373540de2ddcb4942 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:14:28 +0300 Subject: [PATCH 234/267] Add nmap TEST 9 --- jenkins/Jenkinsfile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5fecbb93..12dfc79e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,11 +33,21 @@ pipeline { } } - stage('Run Nmap - Vuln Scan') { + stage('Run Nmap - Opened Gates') { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln default + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 + + """ + } + } + } + stage('Run Nmap - Vuln Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 """ } From 13508e65c87dc2dcc3d41ae1f746ee1b3e8bfc23 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:15:18 +0300 Subject: [PATCH 235/267] fix? --- jenkins/Jenkinsfile | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index fdbdddf4..5539d8e8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -11,6 +11,7 @@ pipeline { workspace = '' relativeWorkspacePath = '' SNYK_TOKEN = credentials('snyk-token') + IMAGES = '' } stages { stage ('Checkout SCM') @@ -75,12 +76,12 @@ pipeline { // If dockerComposePath is provided, run docker-compose to build images echo "Docker Compose file detected. Building images using docker-compose..." sh """ - docker compose -f ${dockerComposePath} build --parallel + docker compose -f ${workspace}/${dockerComposePath} build --parallel """ // Get repository and tag of the images created by docker-compose images = sh(script: """ - docker compose -f ${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + docker compose -f ${workspace}/${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' """, returnStdout: true).trim().split("\n") } else if (dockerfilePath?.trim()) { @@ -99,7 +100,7 @@ pipeline { } // Save images to an environment variable for later stages - env.IMAGES = images.join(",") + IMAGES = images.join(",") } } } @@ -108,8 +109,13 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { - // Use Snyk to scan each image - def images = env.IMAGES.split(",") + def images = [] + if (IMAGES && IMAGES.trim()) { + images = IMAGES.split(",") + } + else { + error "No images to scan with Snyk" + } for (image in images) { def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") @@ -158,7 +164,7 @@ pipeline { """ } } - + } } From d7fb0f58de258c13d746855568911f866d8319bd Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:17:14 +0300 Subject: [PATCH 236/267] fix --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5539d8e8..e3ac1c6c 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,7 @@ pipeline { } } } - stage('Secret Scanning, Image vulnerability Scanning and SQL Injection Scanning'){ + stage('Secrets,Docker Image and SQL Injection Scan'){ parallel { stage('TruffleHog Secret Scan') { steps { From b241423a02104aed0ac72aeffae2f136509ad86e Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:18:58 +0300 Subject: [PATCH 237/267] Add nmap TEST 9 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 12dfc79e..9877a7b0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -47,7 +47,7 @@ pipeline { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 """ } From 24a34422976b0c10134612f919a3e3eb097af237 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:19:16 +0300 Subject: [PATCH 238/267] Add nmap TEST 9 --- jenkins/docker-compose.yml | 45 +++++++++++++++++++++++++++++++++----- jenkins/nmap/Dockerfile | 6 +++-- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/jenkins/docker-compose.yml b/jenkins/docker-compose.yml index 43c3bc40..fce72dad 100644 --- a/jenkins/docker-compose.yml +++ b/jenkins/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3' +version: "3" services: jenkins: build: . # This will build the Docker image from the Dockerfile in the same directory @@ -6,21 +6,54 @@ services: restart: on-failure networks: - jenkins - environment: - - DOCKER_HOST=tcp://docker:2376 # Docker host for communication - - DOCKER_CERT_PATH=/certs/client # Path to Docker certificates - - DOCKER_TLS_VERIFY=1 # Enable TLS verification + # environment: + # # - DOCKER_HOST=tcp://docker:2376 # Docker host for communication + # # - DOCKER_CERT_PATH=/certs/client # Path to Docker certificates + # # - DOCKER_TLS_VERIFY=1 # Enable TLS verification volumes: - jenkins-data:/var/jenkins_home # Persistent Jenkins data - jenkins-docker-certs:/certs/client:ro # Mount Docker client certs for TLS connection (read-only) + - /var/run/docker.sock:/var/run/docker.sock ports: - "8080:8080" # Jenkins web UI - "50000:50000" # Jenkins agent connections + sonarqube: + image: sonarqube:lts-community + depends_on: + - sonar_db + environment: + SONAR_JDBC_URL: jdbc:postgresql://sonar_db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: sonar + ports: + - "9000:9000" + volumes: + - sonarqube_conf:/opt/sonarqube/conf + - sonarqube_data:/opt/sonarqube/data + - sonarqube_extensions:/opt/sonarqube/extensions + - sonarqube_logs:/opt/sonarqube/logs + - sonarqube_temp:/opt/sonarqube/temp + sonar_db: + image: postgres:13 + environment: + POSTGRES_USER: sonar + POSTGRES_PASSWORD: sonar + POSTGRES_DB: sonar + volumes: + - sonar_db:/var/lib/postgresql + - sonar_db_data:/var/lib/postgresql/data networks: jenkins: driver: bridge # Creates a custom bridge network called 'jenkins' volumes: jenkins-data: # Persistent volume for Jenkins home directory - jenkins-docker-certs: # Volume for Docker TLS client certificates \ No newline at end of file + jenkins-docker-certs: # Volume for Docker TLS client certificates + sonarqube_conf: + sonarqube_data: + sonarqube_extensions: + sonarqube_logs: + sonarqube_temp: + sonar_db: + sonar_db_data: \ No newline at end of file diff --git a/jenkins/nmap/Dockerfile b/jenkins/nmap/Dockerfile index e01449dd..ead7b08a 100644 --- a/jenkins/nmap/Dockerfile +++ b/jenkins/nmap/Dockerfile @@ -1,3 +1,5 @@ FROM alpine:latest -RUN apk update && apk add nmap -ENTRYPOINT ["nmap"] +RUN apk update && apk add bash +RUN apk add nmap +RUN apk add nmap-scripts +ENTRYPOINT ["nmap"] \ No newline at end of file From 92da38eebbc205256794ea03f321c2ed8144e30c Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:20:56 +0300 Subject: [PATCH 239/267] Add nmap TEST 9 --- jenkins/Jenkinsfile | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9877a7b0..8925fa06 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,26 +33,6 @@ pipeline { } } - stage('Run Nmap - Opened Gates') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 - - """ - } - } - } - stage('Run Nmap - Vuln Scan') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 - - """ - } - } - } From a1c8eb518b6562dba57957b6c1c0a12a768440d5 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:21:51 +0300 Subject: [PATCH 240/267] Add nmap TEST 9 --- jenkins/Jenkinsfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 8925fa06..5fecbb93 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,6 +33,16 @@ pipeline { } } + stage('Run Nmap - Vuln Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln default + + """ + } + } + } From a4cf0ee628a3f2490aaff52d3c9c01f0f6a51933 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:23:53 +0300 Subject: [PATCH 241/267] Add nmap TEST 10 --- jenkins/Jenkinsfile | 1 - 1 file changed, 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5fecbb93..14334ac0 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,6 @@ pipeline { script { sh """ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln default - """ } } From 4d5638e2d03280a951f460c116adf02698cd175d Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:26:31 +0300 Subject: [PATCH 242/267] sequential again --- jenkins/Jenkinsfile | 179 +++++++++++++++++++++----------------------- 1 file changed, 84 insertions(+), 95 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e3ac1c6c..e44ac078 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,114 +38,107 @@ pipeline { } } } - stage('Secrets,Docker Image and SQL Injection Scan'){ - parallel { - stage('TruffleHog Secret Scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - echo "Running Trufflehog Scan" - sh 'rm -f trufflehog' - sh """ - docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog - """ + stage('TruffleHog Secret Scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + echo "Running Trufflehog Scan" + sh 'rm -f trufflehog' - def truffle = readFile "trufflehog" - - if (truffle.length() == 0) { - echo "Good to go. No secrets found" - } - else { - echo "Warning! Secrets are committed into your git repository." - error("Secrets might be committed into your git repo") - } - } + sh """ + docker run --rm trufflesecurity/trufflehog:latest git ${REPO_URL} --since-commit HEAD --only-verified > trufflehog + """ + + def truffle = readFile "trufflehog" + + if (truffle.length() == 0) { + echo "Good to go. No secrets found" + } + else { + echo "Warning! Secrets are committed into your git repository." + error("Secrets might be committed into your git repo") } } } - stage('Docker Image Vulnerability Scan') { - stages { - stage('Check and build Docker Images') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - def images = [] + } + } + stage('Check and build Docker Images') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + def images = [] - if (dockerComposePath?.trim()) { - // If dockerComposePath is provided, run docker-compose to build images - echo "Docker Compose file detected. Building images using docker-compose..." - sh """ - docker compose -f ${workspace}/${dockerComposePath} build --parallel - """ - - // Get repository and tag of the images created by docker-compose - images = sh(script: """ - docker compose -f ${workspace}/${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' - """, returnStdout: true).trim().split("\n") + if (dockerComposePath?.trim()) { + // If dockerComposePath is provided, run docker-compose to build images + echo "Docker Compose file detected. Building images using docker-compose..." + sh """ + docker compose -f ${workspace}/${dockerComposePath} build --parallel + """ + + // Get repository and tag of the images created by docker-compose + images = sh(script: """ + docker compose -f ${workspace}/${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + """, returnStdout: true).trim().split("\n") - } else if (dockerfilePath?.trim()) { - // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile - echo "Dockerfile detected. Building image using docker build..." - - def imageName = "my_image:latest" // You can customize the image name as needed - sh """ - docker build -t ${imageName} -f ${dockerfilePath} . - """ - - echo "Image built from Dockerfile: ${imageName}" - images << imageName - } else { - error "No Dockerfile or Docker Compose file provided. Please provide at least one." - } + } else if (dockerfilePath?.trim()) { + // If dockerComposePath is NOT provided, build the Docker image using the Dockerfile + echo "Dockerfile detected. Building image using docker build..." + + def imageName = "my_image:latest" // You can customize the image name as needed + sh """ + docker build -t ${imageName} -f ${dockerfilePath} . + """ + + echo "Image built from Dockerfile: ${imageName}" + images << imageName + } else { + error "No Dockerfile or Docker Compose file provided. Please provide at least one." + } - // Save images to an environment variable for later stages - IMAGES = images.join(",") - } - } - } + // Save images to an environment variable for later stages + IMAGES = images.join(",") + } + } + } + } + stage('Snyk Docker Image vulnerability scan') { + steps { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + def images = [] + if (IMAGES && IMAGES.trim()) { + images = IMAGES.split(",") + } + else { + error "No images to scan with Snyk" } - stage('Snyk Docker Image vulnerability scan') { - steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - script { - def images = [] - if (IMAGES && IMAGES.trim()) { - images = IMAGES.split(",") - } - else { - error "No images to scan with Snyk" - } - for (image in images) { - def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") + for (image in images) { + def sanitizedImageName = image.replaceAll("/", "_").replaceAll(":", "_") - echo "Scanning image: ${image} using Snyk..." + echo "Scanning image: ${image} using Snyk..." - sh "rm -f snyk_${sanitizedImageName}" + sh "rm -f snyk_${sanitizedImageName}" - sh """ - docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ - snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} - """ - } - } - } - } - } - } - } - stage('SQL map endpoints scan') { - steps { - withFileParameter('endpoints') { sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -d endpoints.txt --batch > sqlmap + docker run --rm -it --env ${SNYK_TOKEN} -v /var/run/docker.sock:/var/run/docker.sock \ + snyk/snyk:docker snyk test --docker ${image} --severity-threshold=critical --fail-on=all > snyk_${sanitizedImageName} """ } } } } - } + } + stage('SQL map endpoints scan') { + steps { + withFileParameter('endpoints') { + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}/jenkins/sqlmap/endpoints.txt --batch > sqlmap + """ + } + } + } stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { @@ -163,15 +156,11 @@ pipeline { mv snyk_${sanitizedImageName} ${REPORT_DIR}/ || true """ } - } - - + } } } - } - + } } - post { always { echo 'Cleaning up...' From 0791e539764e4a465eb762c9614754938295ab0e Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:26:50 +0300 Subject: [PATCH 243/267] Add nmap TEST 10 --- jenkins/Jenkinsfile | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 14334ac0..7086ccc7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,23 +27,12 @@ pipeline { } } - stage('Build Docker Image ') { + stage('Version Docker ') { steps { sh 'docker --version' } } - stage('Run Nmap - Vuln Scan') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln default - """ - } - } - } - - stage("Test") { From 54577f30bc1f36f31e61c9e41925185760271f43 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:27:09 +0300 Subject: [PATCH 244/267] test commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index e44ac078..c0a4b85e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -160,7 +160,7 @@ pipeline { } } } - } + } post { always { echo 'Cleaning up...' From df02b7052d62d71bd82f26b105019b2336a02453 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Sun, 15 Sep 2024 23:29:40 +0300 Subject: [PATCH 245/267] Add nmap Last --- jenkins/Jenkinsfile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 7086ccc7..48d91772 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,6 +33,28 @@ pipeline { } } + stage('Run Nmap - Opened Gates') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 + + """ + } + } + } + stage('Run Nmap - Vuln Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + + """ + } + } + } + + stage("Test") { From de6dd31c1216a1e7327faff305dbb47a27218a84 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:36:06 +0300 Subject: [PATCH 246/267] completed pipeline kinda --- jenkins/Jenkinsfile | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c0a4b85e..75a24b01 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -62,7 +62,15 @@ pipeline { } } } - } + } + stage(' Sonar Cube Scan') { + steps { + withSonarQubeEnv(installationName: 'sonarQube1') { + sh './mvnw clean compile' // Compile the code first + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + } + } + } stage('Check and build Docker Images') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { @@ -138,7 +146,26 @@ pipeline { """ } } - } + } + stage('Run Nmap - Opened Gates') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 + + """ + } + } + } + stage('Run Nmap - Vuln Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + """ + } + } + } stage('Clean up') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { From ef3fc8fd0fd252fd5d6760760e60356f8dea758f Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Sun, 15 Sep 2024 23:38:38 +0300 Subject: [PATCH 247/267] create branch with finished code --- jenkins/Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 75a24b01..9f0e2dc8 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -144,6 +144,7 @@ pipeline { sh """ docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}/jenkins/sqlmap/endpoints.txt --batch > sqlmap """ + } } } From 4075d2864dde715cc2bf49954db50cff5516724e Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 00:20:07 +0300 Subject: [PATCH 248/267] check --- jenkins/Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9f0e2dc8..6be6d74e 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -83,7 +83,7 @@ pipeline { sh """ docker compose -f ${workspace}/${dockerComposePath} build --parallel """ - + // Get repository and tag of the images created by docker-compose images = sh(script: """ docker compose -f ${workspace}/${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' @@ -144,7 +144,7 @@ pipeline { sh """ docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}/jenkins/sqlmap/endpoints.txt --batch > sqlmap """ - + } } } From 81507d8dbae4d7dace7da2af15fcd4677370541c Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 00:22:57 +0300 Subject: [PATCH 249/267] fixed --- jenkins/Jenkinsfile | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 6be6d74e..5731e87f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -65,10 +65,13 @@ pipeline { } stage(' Sonar Cube Scan') { steps { - withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean compile' // Compile the code first - sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + withSonarQubeEnv(installationName: 'sonarQube1') { + sh './mvnw clean compile' // Compile the code first + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + } } + } } stage('Check and build Docker Images') { @@ -140,31 +143,40 @@ pipeline { } stage('SQL map endpoints scan') { steps { - withFileParameter('endpoints') { - sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}/jenkins/sqlmap/endpoints.txt --batch > sqlmap - """ + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + withFileParameter('endpoints') { + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}/jenkins/sqlmap/endpoints.txt --batch > sqlmap + """ + } } + } } stage('Run Nmap - Opened Gates') { steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 - """ + """ + } } + } } stage('Run Nmap - Vuln Scan') { steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 - """ + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + """ + } } + } } stage('Clean up') { From af5216c4095874cbe57c2df358b3a08623a5bd66 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 00:23:40 +0300 Subject: [PATCH 250/267] test 1 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 5731e87f..44f4a399 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -21,7 +21,7 @@ pipeline { script { checkout scm workspace = pwd () - } + } } } } From 17ba4377c23a122df7e716d633aa1fbfa561bc88 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 00:34:43 +0300 Subject: [PATCH 251/267] Add nmap Last 1 --- jenkins/Jenkinsfile | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 48d91772..9960125c 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -34,34 +34,30 @@ pipeline { } stage('Run Nmap - Opened Gates') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 - """ - } - } - } - stage('Run Nmap - Vuln Scan') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + """ + } + } + } + stage('Run Nmap - Vuln Scan') { + steps { + script { + sh """ + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + + """ + } + } + } - """ - } - } - } - stage("Test") { - steps { - echo "Testing" - } - } stage("Deliver") { steps { echo "Deliver" From bd5401ec8a7c07639c16c0fa656a3524248a2549 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 00:35:54 +0300 Subject: [PATCH 252/267] tests --- jenkins/Jenkinsfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 44f4a399..4edbdcee 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -29,7 +29,7 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { - + echo env.IMAGES echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() @@ -108,7 +108,7 @@ pipeline { } // Save images to an environment variable for later stages - IMAGES = images.join(",") + env.IMAGES = images.join(",") } } } @@ -118,8 +118,8 @@ pipeline { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { def images = [] - if (IMAGES && IMAGES.trim()) { - images = IMAGES.split(",") + if (env.IMAGES && env.IMAGES.trim()) { + images = env.IMAGES.split(",") } else { error "No images to scan with Snyk" From 3244a9ca54fa4fd24bdcbbc95920f155765d8509 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 00:39:47 +0300 Subject: [PATCH 253/267] print tests in setting environment variables --- jenkins/Jenkinsfile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 4edbdcee..ccd2d21d 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -29,7 +29,16 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { - echo env.IMAGES + // Print parameters + withFileParameter('endpoints') { + sh 'cat $endpoints' + } + echo endpoints + echo dockerComposePath + echo dockerfilePath + + + echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() From 136827a9a61a9336bd3fc965e2636aff4b4b4499 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 00:40:19 +0300 Subject: [PATCH 254/267] test --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index ccd2d21d..3e583e5f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -23,7 +23,7 @@ pipeline { workspace = pwd () } } - } + } } stage('Setting Environment Variables') { steps { From d4f612a510abfae217aa4ab54129cc130f49e633 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 01:16:35 +0300 Subject: [PATCH 255/267] fixed parameters --- jenkins/Jenkinsfile | 43 +++++++++++++++---------------------------- 1 file changed, 15 insertions(+), 28 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3e583e5f..24599a84 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,9 +1,9 @@ pipeline { agent any - parameters { - string name: 'dockerComposePath', defaultValue: "", description: "Path of the docker-compose.yml" - string name: 'dockerfilePath', defaultValue: "", description: "Path of the Dockerfile" - base64File description: 'File containing the endpoints to be tested by SQLmap', name: 'endpoints' + parameters{ + string(name: 'dockerComposePath', defaultValue: '', description: 'Path of the docker-compose.yml') + string(name: 'dockerfilePath', defaultValue: '', description: 'Path of the Dockerfile') + string(name: 'endpointsPath', defaultValue: '', description: 'Path of the endpoints to test SQLmap') } environment { REPO_URL = '' @@ -11,7 +11,7 @@ pipeline { workspace = '' relativeWorkspacePath = '' SNYK_TOKEN = credentials('snyk-token') - IMAGES = '' + images_string = '' } stages { stage ('Checkout SCM') @@ -29,16 +29,6 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { - // Print parameters - withFileParameter('endpoints') { - sh 'cat $endpoints' - } - echo endpoints - echo dockerComposePath - echo dockerfilePath - - - echo "Getting git repo info" // Get the current repository URL REPO_URL = sh(script: 'git config --get remote.origin.url', returnStdout: true).trim() @@ -93,12 +83,12 @@ pipeline { // If dockerComposePath is provided, run docker-compose to build images echo "Docker Compose file detected. Building images using docker-compose..." sh """ - docker compose -f ${workspace}/${dockerComposePath} build --parallel + docker compose -f ${workspace}/${params.dockerComposePath} build --parallel """ // Get repository and tag of the images created by docker-compose images = sh(script: """ - docker compose -f ${workspace}/${dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + docker compose -f ${workspace}/${params.dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' """, returnStdout: true).trim().split("\n") } else if (dockerfilePath?.trim()) { @@ -107,7 +97,7 @@ pipeline { def imageName = "my_image:latest" // You can customize the image name as needed sh """ - docker build -t ${imageName} -f ${dockerfilePath} . + docker build -t ${imageName} -f ${params.dockerfilePath} . """ echo "Image built from Dockerfile: ${imageName}" @@ -117,7 +107,7 @@ pipeline { } // Save images to an environment variable for later stages - env.IMAGES = images.join(",") + images_string = images.join(",") } } } @@ -127,8 +117,8 @@ pipeline { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { def images = [] - if (env.IMAGES && env.IMAGES.trim()) { - images = env.IMAGES.split(",") + if (images_string && images_string.trim()) { + images = images_string.split(",") } else { error "No images to scan with Snyk" @@ -152,13 +142,10 @@ pipeline { } stage('SQL map endpoints scan') { steps { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - withFileParameter('endpoints') { - sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}/jenkins/sqlmap/endpoints.txt --batch > sqlmap - """ - - } + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + sh """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}${params.endpointsPath} --batch > sqlmap + """ } } From 7c4aad692302596e342bb04352d276e5015e5410 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 01:18:48 +0300 Subject: [PATCH 256/267] test commit --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 24599a84..30f09272 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -12,7 +12,7 @@ pipeline { relativeWorkspacePath = '' SNYK_TOKEN = credentials('snyk-token') images_string = '' - } + } stages { stage ('Checkout SCM') { From a4e9066d6af5d8b7e795a1fc9ff648f797f9aa65 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 01:59:24 +0300 Subject: [PATCH 257/267] Add nmap Last Ports add --- jenkins/Jenkinsfile | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9960125c..0b3d28f3 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -33,21 +33,12 @@ pipeline { } } - stage('Run Nmap - Opened Gates') { - steps { - script { - sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 - """ - } - } - } - stage('Run Nmap - Vuln Scan') { + stage('Run Nmap-Vuln Scan-Opened Ports-Vulnerabilites') { steps { script { sh """ - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 + docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -sV --script vuln 192.168.2.11 -p 80,223,8080,8082 """ } From 678d766cf349c5e581e8e111a124abdcbf9409b8 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 02:43:16 +0300 Subject: [PATCH 258/267] Add nmap Last Ports add 2 --- jenkins/Jenkinsfile | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 0b3d28f3..8205c556 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -18,15 +18,32 @@ pipeline { } } - stage(' Sonar Cube Scan') { - steps { - withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean compile' // Compile the code first - sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan - } + stage('SonarQube Scan') { + steps { + withSonarQubeEnv(installationName: 'sonarQube1') { + script { + echo "Running SonarQube Scan" + + sh 'rm -f sonar-report.txt' + + // Compile the code + sh './mvnw clean compile' + + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes > sonar-report.txt' + + def sonarReport = readFile 'sonar-report.txt' + + if (sonarReport.length() == 0) { + echo "SonarQube Scan completed successfully. No issues found." + } else { + echo "SonarQube scan found issues. Check the report." } + } + } + } } + stage('Version Docker ') { steps { sh 'docker --version' From 51755e7cf5d20fae7288abd10ed957d84a6b8003 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 02:45:08 +0300 Subject: [PATCH 259/267] Add nmap Last Ports add 2 --- jenkins/Jenkinsfile | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 8205c556..0b3d28f3 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -18,32 +18,15 @@ pipeline { } } - stage('SonarQube Scan') { - steps { - withSonarQubeEnv(installationName: 'sonarQube1') { - script { - echo "Running SonarQube Scan" - - sh 'rm -f sonar-report.txt' - - // Compile the code - sh './mvnw clean compile' - - sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes > sonar-report.txt' - - def sonarReport = readFile 'sonar-report.txt' - - if (sonarReport.length() == 0) { - echo "SonarQube Scan completed successfully. No issues found." - } else { - echo "SonarQube scan found issues. Check the report." + stage(' Sonar Cube Scan') { + steps { + withSonarQubeEnv(installationName: 'sonarQube1') { + sh './mvnw clean compile' // Compile the code first + sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan + } } - } - } - } } - stage('Version Docker ') { steps { sh 'docker --version' From ba735ebb9c93e03f0b34d8b9bdf99f97daf266f0 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 02:46:16 +0300 Subject: [PATCH 260/267] Add nmap Last Ports add 4 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 0b3d28f3..6d0ef2d3 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { } } - stage('Version Docker ') { + stage('Version Docker') { steps { sh 'docker --version' } From f9249d58b8654d8a1e25cf78733c0e2a79932bb8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 02:56:02 +0300 Subject: [PATCH 261/267] tests --- jenkins/Jenkinsfile | 13 +++++++------ jenkins/sqlmap/endpoints.txt | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 30f09272..3bdea424 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -83,12 +83,12 @@ pipeline { // If dockerComposePath is provided, run docker-compose to build images echo "Docker Compose file detected. Building images using docker-compose..." sh """ - docker compose -f ${workspace}/${params.dockerComposePath} build --parallel + docker compose -f ${workspace}${params.dockerComposePath} build --parallel """ // Get repository and tag of the images created by docker-compose images = sh(script: """ - docker compose -f ${workspace}/${params.dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' + docker compose -f ${workspace}${params.dockerComposePath} images --format '{{.Repository}}:{{.Tag}}' """, returnStdout: true).trim().split("\n") } else if (dockerfilePath?.trim()) { @@ -117,8 +117,8 @@ pipeline { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { def images = [] - if (images_string && images_string.trim()) { - images = images_string.split(",") + if (${images_string} && ${images_string}.trim()) { + images = ${images_string}.split(",") } else { error "No images to scan with Snyk" @@ -144,8 +144,9 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}${params.endpointsPath} --batch > sqlmap - """ + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}${params.endpointsPath} --batch + """ + //> sqlmap } } diff --git a/jenkins/sqlmap/endpoints.txt b/jenkins/sqlmap/endpoints.txt index db731e56..7e45d0de 100644 --- a/jenkins/sqlmap/endpoints.txt +++ b/jenkins/sqlmap/endpoints.txt @@ -1 +1 @@ -http://testphp.vulnweb.com/artists.php?artist=1%27 \ No newline at end of file +http://testphp.vulnweb.com/artists.php?artist=1 \ No newline at end of file From 8efa7cf737ffe98c4ceaecd5cafc1063cefdb6f8 Mon Sep 17 00:00:00 2001 From: Athanasios Efstathiou Date: Mon, 16 Sep 2024 02:58:00 +0300 Subject: [PATCH 262/267] fixes --- jenkins/Jenkinsfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 3bdea424..04624fb7 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -144,9 +144,8 @@ pipeline { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { sh """ - docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}${params.endpointsPath} --batch + docker run --rm -v ${PWD}:/usr/src/myapp -w /usr/src/myapp thanosefsta/sqlmap:latest -m ${workspace}${params.endpointsPath} --batch > sqlmap """ - //> sqlmap } } @@ -157,7 +156,6 @@ pipeline { script { sh """ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/usr/src/myapp -w /usr/src/myapp nikolaskir2000/nmap_image_3:latest -p- 192.168.2.11 - """ } } From 8fa9b87744669aea75b6b6ad85396c619c4d6fe5 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 03:28:13 +0300 Subject: [PATCH 263/267] Add nmap Last Ports add 5 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index bc292203..9b162a1f 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,7 @@ pipeline { } } - stage('TruffleHog Secret Scan') { + stage('TruffleHog Secret Scan ') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { From c6215fba65f22d7d5074a050e29d957cd04c6934 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 03:29:43 +0300 Subject: [PATCH 264/267] Add nmap Last Ports add 5 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 9b162a1f..bc292203 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -38,7 +38,7 @@ pipeline { } } - stage('TruffleHog Secret Scan ') { + stage('TruffleHog Secret Scan') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { script { From 452f84b162d316224652a056240808053dcce358 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 03:31:28 +0300 Subject: [PATCH 265/267] Add nmap Last Ports add 5 --- jenkins/Jenkinsfile | 9 --------- 1 file changed, 9 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index bc292203..84502198 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -141,15 +141,6 @@ pipeline { } } - stage(' Sonar Cube Scan') { - steps { - withSonarQubeEnv(installationName: 'sonarQube1') { - sh './mvnw clean compile' // Compile the code first - sh './mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dsonar.java.binaries=target/classes' // Run the SonarQube scan - } - } - } - stage('Version Docker') { steps { sh 'docker --version' From 0c8bd17ff06f062db5ad39a57efa83b2dd4ee074 Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 03:32:39 +0300 Subject: [PATCH 266/267] Add nmap Last Ports add 5 --- jenkins/Jenkinsfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 84502198..6046a765 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -161,10 +161,6 @@ pipeline { - - - stage("Deliver") { - } stage('SQL map endpoints scan') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { From 8022405555110e3ffb5d5e300b92d63230354d7c Mon Sep 17 00:00:00 2001 From: nikolas2000 Date: Mon, 16 Sep 2024 03:34:52 +0300 Subject: [PATCH 267/267] Add nmap Last Ports add 5 --- jenkins/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 6046a765..659f9a33 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -62,7 +62,7 @@ pipeline { } } } - stage(' Sonar Cube Scan') { + stage('Sonar Cube Scan') { steps { catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { withSonarQubeEnv(installationName: 'sonarQube1') {