forked from veracode/verademo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Jenkinsfile_dev_wrapper
36 lines (36 loc) · 1.32 KB
/
Jenkinsfile_dev_wrapper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
pipeline {
agent {
docker {
image 'maven:3.6.3-openjdk-8'
}
}
stages {
stage('Build') {
steps {
// Get some code from a GitHub repository
git 'https://github.com/christyson/verademo'
sh 'mvn -ntp package'
}
}
stage('SCA SC') {
steps {
withCredentials([string(credentialsId: 'SRCCLR_API_TOKEN', variable: 'SRCCLR_API_TOKEN')]) {
sh '''
curl -sSL https://download.sourceclear.com/ci.sh | sh
'''
}
}
}
stage('Veracode SAST Scan') {
// upload and scan
steps {
withCredentials([usernamePassword(credentialsId: 'Veracode', passwordVariable: 'VERACODEKEY', usernameVariable: 'VERACODEID')]) {
sh '''
curl -s -o veracodeJavaAPI.jar https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/20.8.7.1/vosp-api-wrappers-java-20.8.7.1.jar
java -jar veracodeJavaAPI.jar -vid $VERACODEID -vkey $VERACODEKEY -action UploadAndScan -appname $JOB_NAME -createprofile true -autoscan true -filepath ./target/verademo.war -version "$BUILD_NUMBER" -scantimeout 60 -createprofile true -criticality 'High'
'''
}
}
}
}
}