-
Notifications
You must be signed in to change notification settings - Fork 15
/
Jenkinsfile
106 lines (93 loc) · 3.57 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
pipeline {
agent any
tools {
jdk 'jdk-11'
maven 'mvn-3.6.3'
}
stages {
stage('Build') {
steps {
withMaven(maven: 'mvn-3.6.3') {
sh "mvn package"
}
}
}
stage('Run Tests') {
parallel {
stage('OWASP Dependency-Check Vulnerabilities') {
steps {
withMaven(maven: 'mvn-3.6.3') {
sh 'mvn dependency-check:check'
}
dependencyCheckPublisher pattern: 'target/dependency-check-report.xml'
}
}
stage('PMD SpotBugs') {
steps {
withMaven(maven: 'mvn-3.6.3') {
sh 'mvn pmd:pmd pmd:cpd spotbugs:spotbugs'
}
recordIssues enabledForFailure: true, tool: spotBugs()
recordIssues enabledForFailure: true, tool: cpd(pattern: '**/target/cpd.xml')
recordIssues enabledForFailure: true, tool: pmdParser(pattern: '**/target/pmd.xml')
}
}
}
}
stage('Create and push container') {
steps {
withCredentials([usernamePassword(credentialsId: 'docker-credentials', usernameVariable: 'DOCKER_USERNAME', passwordVariable: 'DOCKER_PASSWORD')]) {
withMaven(maven: 'mvn-3.6.3') {
sh "mvn jib:build"
}
}
}
}
stage('Anchore analyse') {
steps {
writeFile file: 'anchore_images', text: 'docker.io/maartensmeets/spring-boot-demo'
anchore name: 'anchore_images'
}
}
stage('Ready to proceed?') {
steps {
input("Ready to proceed?")
}
}
stage('ZAP') {
steps {
withMaven(maven: 'mvn-3.6.3') {
sh 'mvn zap:analyze'
publishHTML(target: [
allowMissing : false,
alwaysLinkToLastBuild: false,
keepAll : true,
reportDir : 'target/zap-reports',
reportFiles : 'zapReport.html',
reportName : "ZAP report"
])
}
}
}
stage('SonarQube analysis') {
steps {
withSonarQubeEnv(credentialsId: 'sonarqube-secret', installationName: 'sonarqube-server') {
withMaven(maven: 'mvn-3.6.3') {
sh 'mvn sonar:sonar -Dsonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json -Dsonar.dependencyCheck.xmlReportPath=target/dependency-check-report.xml -Dsonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html -Dsonar.java.pmd.reportPaths=target/pmd.xml -Dsonar.java.spotbugs.reportPaths=target/spotbugsXml.xml -Dsonar.zaproxy.reportPath=target/zap-reports/zapReport.xml -Dsonar.zaproxy.htmlReportPath=target/zap-reports/zapReport.html'
}
}
}
}
stage("Quality gate") {
steps {
sh 'sleep 10'
waitForQualityGate abortPipeline: true
}
}
}
post {
always {
cleanWs()
}
}
}