Avroid/jenkins-pipelines
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[DO-783] update svace (!41)

Browse Source 
Reviewed-on: https://git.avroid.tech/DevOps/jenkins-pipelines/pulls/41
Reviewed-by: Boris Shestov <boris.shestov@avroid.tech>
Reviewed-by: Andrey Danin <andrey.danin@avroid.tech>
Co-authored-by: aleksandr.vodyanov <aleksandr.vodyanov@avroid.tech>
Co-committed-by: aleksandr.vodyanov <aleksandr.vodyanov@avroid.tech>
This commit is contained in:
aleksandr.vodyanov
2024-10-31 14:28:47 +03:00
committed by Aleksandr Vodyanov
parent d1214cfe77
commit 321dc6dfc1
1 changed files with 59 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
pipelines/DevSecOps/svace-analyze.groovy
View File

@@ -4,20 +4,31 @@ import tech.avroid.api.Nexus
import tech.avroid.scm.Git import tech.avroid.scm.Git
String buildThreads = '16' String buildThreads = '16'
String svaceVersion = '3.4.240312'
String svacerVersion = '9-0-2' String svacerVersion = '9-0-2'
String svaceCmd = "/data/opt/svace-${svaceVersion}-x64-linux/bin/svace" String svaceCmd = "/data/opt/svace-${env.JENKINS_SVACE_VERSION}-x64-linux/bin/svace"
String svacerCmd = "/data/opt/svacer-${svacerVersion}/bin/svacer" String svacerCmd = "/data/opt/svacer-${svacerVersion}/bin/svacer"
String svaceBuildResults = '' String svaceBuildResults = ''
String commitShortSha = '' String commitShortSha = ''
String svaceResultsDir = 'svace_analysis'
String svaceSarifResultFile = "svace_analysis.sarif2"
String ldapServer = 'FreeIPA' String ldapServer = 'FreeIPA'
String nexusSvaceSarifRepoPath = ''
// Nexus variables // Nexus variables
Nexus nexus = new Nexus(this, env.JENKINS_NEXUS_URL, env.JENKINS_NEXUS_CREDENTIALS) Nexus nexus = new Nexus(this, env.JENKINS_NEXUS_URL, env.JENKINS_NEXUS_CREDENTIALS)
String svaceNexusRepo = 'devsecops-raw-svace_results'
String nexusSvaceSarifRepoPath Map configuration = [
vaultUrl: env.JENKINS_VAULT_URL,
vaultCredentialId: env.JENKINS_VAULT_TOKEN,
engineVersion: 2
]
List secrets = [
[path: "team-devops/accounts/ldap/service_accounts/svc_svacer", engineVersion: 2, secretValues:
[
[envVar: 'VAULT_SVACER_LOGIN', vaultKey: 'login'],
[envVar: 'VAULT_SVACER_PASS', vaultKey: 'password'],
]
]
]
properties([ properties([
buildDiscarder(logRotator(artifactNumToKeepStr: '50', buildDiscarder(logRotator(artifactNumToKeepStr: '50',
@@ -70,17 +81,13 @@ node('svace') {
stage('Svace analyze') { stage('Svace analyze') {
sh """ sh """
tar -xf ${svaceBuildResults} tar -xf ${svaceBuildResults}
${svaceCmd} config --svace-dir ./${svaceResultsDir} THREAD_NUMBER ${buildThreads} ${svaceCmd} config --svace-dir ./${env.JENKINS_SVACE_BUILD_DIR} THREAD_NUMBER ${buildThreads}
${svaceCmd} analyze --log-level brief --svace-dir ./${svaceResultsDir} ${svaceCmd} analyze --log-level brief --svace-dir ./${env.JENKINS_SVACE_BUILD_DIR}
""" """
} }
withCredentials([usernamePassword(
credentialsId: env.JENKINS_SVACER_CREDENTIALS,
usernameVariable: 'SVACER_USER',
passwordVariable: 'SVACER_PASS'
)]) {
stage('Upload results') { stage('Upload results') {
withVault([configuration: configuration, vaultSecrets: secrets]) {
String branch = params.BRANCH String branch = params.BRANCH
String mainBranch = params.MAIN_BRANCH String mainBranch = params.MAIN_BRANCH
@@ -94,10 +101,10 @@ node('svace') {
sh """ sh """
${svaceCmd} svres2sarif \ ${svaceCmd} svres2sarif \
${svaceResultsDir}/.svace-dir/analyze-res/svace_analysis.svres \ ${env.JENKINS_SVACE_BUILD_DIR}/.svace-dir/analyze-res/svace_analysis.svres \
-o ${svaceSarifResultFile} -o ${env.JENKINS_SVACE_SARIF_FILE}
cd ${svaceResultsDir} cd ${env.JENKINS_SVACE_BUILD_DIR}
${svacerCmd} import --svace ${svaceCmd} \ ${svacerCmd} import --svace ${svaceCmd} \
--project ${params.GIT_PROJECT} \ --project ${params.GIT_PROJECT} \
@@ -107,15 +114,14 @@ node('svace') {
--if-no-branch clone-${mainBranch} --if-no-branch clone-${mainBranch}
${svacerCmd} upload --ssl \ ${svacerCmd} upload --ssl \
--user ${SVACER_USER} \ --user ${VAULT_SVACER_LOGIN} \
--password ${SVACER_PASS} \ --password ${VAULT_SVACER_PASS} \
--ldap_server ${ldapServer} --ldap_server ${ldapServer}
""" """
nexus.upload([artifactPath: "${svaceSarifResultFile}", nexus.upload([artifactPath: "${env.JENKINS_SVACE_SARIF_FILE}",
repository: svaceNexusRepo, repository: env.JENKINS_SVACE_NEXUS_REPO,
path: nexusSvaceSarifRepoPath]) path: nexusSvaceSarifRepoPath])
} }}
}
} catch(err) { } catch(err) {
echo 'ERROR: ' + err.getMessage() echo 'ERROR: ' + err.getMessage()
currentBuild.result = 'FAILURE' currentBuild.result = 'FAILURE'