forked from snyk-labs/nodejs-goof
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathjenkinsfile.groovy
137 lines (128 loc) · 4.86 KB
/
jenkinsfile.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
def snykCliBaseName(){
if (isUnix()) {
def uname = sh script: 'uname', returnStdout: true
if (uname.startsWith("Darwin")) {
return "snyk-macos"
} else {
return "snyk-linux"
}
} else {
return "snyk-win.exe"
}
}
pipeline {
agent any
stages {
stage('git clone') {
steps {
git url: 'https://github.com/somerset-inc/nodejs-goof.git'
}
}
// Install the Snyk CLI by downloading a binary. For more information, check:
// https://docs.snyk.io/snyk-cli/install-the-snyk-cli
stage('Install snyk CLI') {
steps {
script {
def basename = snykCliBaseName()
if (isUnix()) {
sh("curl -O -s -L https://static.snyk.io/cli/latest/$basename")
sh("curl -O -s -L https://static.snyk.io/cli/latest/${basename}.sha256")
sh("shasum -c ${basename}.sha256")
sh("chmod +x $basename && mv $basename ./snyk")
} else {
throw "Not implemented."
}
}
}
}
// This OPTIONAL step will configure the Snyk CLI to connect to the EU instance of Snyk.
// stage('Configure Snyk for EU data center') {
// steps {
// sh './snyk config set use-base64-encoding=true'
// sh './snyk config set endpoint='https://app.eu.snyk.io/api'
// }
// }
// Authorize the Snyk CLI
stage('Authorize Snyk CLI') {
steps {
withCredentials([string(credentialsId: 'SNYK_TOKEN', variable: 'SNYK_TOKEN')]) {
sh './snyk auth ${SNYK_TOKEN}'
}
}
}
stage('Build App') {
steps {
// Replace this with your build instructions, as necessary.
sh 'echo no-op'
}
}
stage('Snyk') {
parallel {
stage('Snyk Open Source') {
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh './snyk test --sarif-file-output=results-open-source.sarif'
}
recordIssues tool: sarif(name: 'Snyk Open Source', id: 'snyk-open-source', pattern: 'results-open-source.sarif')
}
}
stage('Snyk Code') {
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh './snyk code test --sarif-file-output=results-code.sarif'
}
recordIssues tool: sarif(name: 'Snyk Code', id: 'snyk-code', pattern: 'results-code.sarif')
}
}
stage('Snyk Container') {
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh './snyk container test troysnyk/nodejs-goof --file=Dockerfile --sarif-file-output=results-container.sarif'
}
recordIssues tool: sarif(name: 'Snyk Container', id: 'snyk-container', pattern: 'results-container.sarif')
}
}
stage('Snyk IaC') {
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh './snyk iac test --sarif-file-output=results-iac.sarif'
}
recordIssues tool: sarif(name: 'Snyk IaC', id: 'snyk-iac', pattern: 'results-iac.sarif')
}
}
}
post {
success {
echo "Stage success"
script {
echo "setting SNYK_PASSED"
env.SNYK_PASSED = 'true'
echo "Snyk ok: ${env.SNYK_PASSED}"
}
}
failure {
echo "Stage failed"
script {
echo "setting SNYK_PASSED"
env.SNYK_PASSED = 'false'
echo "Snyk ok: ${env.SNYK_PASSED}"
}
}
}
}
stage('Post Security Stage') {
when {
expression { env.SNYK_PASSED == 'false' }
beforeInput true
}
input {
message "Snyk test failed, should we continue?"
ok "Yes"
}
steps {
echo 'Testing'
echo "Snyk ok: ${env.SNYK_PASSED}"
}
}
}
}