-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathJenkinsfile
More file actions
74 lines (62 loc) · 2.23 KB
/
Jenkinsfile
File metadata and controls
74 lines (62 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
pipeline {
agent any
stages {
stage('Checkout Code') {
steps {
echo 'Code already checked out by Jenkins (SCM stage).'
}
}
stage('Build / Install Dependencies') {
steps {
echo 'Installing Juice Shop dependencies so SCA tools can scan properly...'
dir('juice-shop-master') {
sh '''
if [ -f package-lock.json ]; then
npm ci --force
else
npm install --force
fi
'''
}
}
}
stage('SAST - SonarQube') {
steps {
echo 'SAST - SonarQube analysis is executed via sonar-scanner (outside this Jenkinsfile for now).'
}
}
stage('SCA - OWASP Dependency-Check') {
steps {
echo 'Running OWASP Dependency-Check using Jenkins plugin...'
dependencyCheck(
odcInstallation: 'DC',
additionalArguments: '--scan .'
)
}
}
stage('SCA - Retire.js (JavaScript dependencies)') {
steps {
echo 'Running Retire.js SCA scan for JavaScript dependencies...'
sh '''
retire --path . --outputformat json --outputpath retire-report.json || true
'''
echo 'Archiving Retire.js report...'
archiveArtifacts artifacts: 'retire-report.json', fingerprint: true, onlyIfSuccessful: false
}
}
stage('DAST - OWASP ZAP') {
steps {
echo 'DAST - OWASP ZAP baseline scan is executed via Docker on the host machine.'
echo 'For this project, ZAP is run with:'
echo ' docker run -v "<project>:/zap/wrk" -t zaproxy/zap-stable zap-baseline.py -t http://host.docker.internal:3000 -r zap-report.html'
}
}
}
post {
always {
echo 'Publishing Dependency-Check results and archiving reports...'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
archiveArtifacts artifacts: 'dependency-check-report.*', fingerprint: true, onlyIfSuccessful: false
}
}
}