diff --git a/pipelines/DevSecOps/svace-analyze.groovy b/pipelines/DevSecOps/svace-analyze.groovy index 9d750a5..49e6280 100644 --- a/pipelines/DevSecOps/svace-analyze.groovy +++ b/pipelines/DevSecOps/svace-analyze.groovy @@ -3,16 +3,21 @@ import tech.avroid.api.Nexus import tech.avroid.scm.Git +String buildThreads = '16' +String svaceVersion = '3.4.240312' +String svacerVersion = '8-0-1' +String svaceCmd = "/data/opt/svace-${svaceVersion}-x64-linux/bin/svace" +String svacerCmd = "/data/opt/svacer-${svacerVersion}/bin/svacer" +String svaceBuildResult = '' +String commitShortSha = '' +String svaceResultsDir = 'svace_analysis' +String svaceSarifResultFile = "svace_analysis.sarif2" +String ldapServer = 'FreeIPA' + +// Nexus variables Nexus nexus = new Nexus(this, env.JENKINS_NEXUS_URL, env.JENKINS_NEXUS_CREDENTIALS) -String buildThreads = '16' -String svaceVersion = '3.4.240109' -String svacerVersion = '8-0-0' -String svaceCmd = "/data/opt/svace-${svaceVersion}-x64-linux/bin/svace" -String svacerCmd = "/data/opt/svacer-${svacerVersion}/bin/svacer" -String svaceBuildResult = '' -String commitShortSha = '' -String svaceResultsDir = 'svace_analysis' -String ldapServer = 'FreeIPA' +String svaceNexusRepo = 'devsecops-raw-svace_results' +String nexusSvaceSarifRepoPath properties([ buildDiscarder(logRotator(artifactNumToKeepStr: '50', @@ -37,9 +42,9 @@ node('svace') { sh 'printenv' } - stage('download') { + stage('Download') { Git git = new Git(this, env.JENKINS_GIT_CREDENTIALS_SSH) - + git.clone([ urlRepo: "${env.JENKINS_GIT_REPOSITORY_SSH_URL}/${params.GIT_PROJECT}", branch: params.BRANCH, @@ -47,7 +52,6 @@ node('svace') { ]) svaceBuildResults = nexus.download(params.SVACE_BUILD_RESULTS_LINK) commitShortSha = (params.COMMIT_SHA) ? params.COMMIT_SHA : git.log([count:1, format: "%h"]) - println "commitShortSha ${commitShortSha}" dir("${env.WORKSPACE}/${params.GIT_PROJECT}") { git.checkout(commitShortSha) } @@ -60,15 +64,18 @@ node('svace') { ${svaceCmd} analyze --log-level brief --svace-dir ./${svaceResultsDir} """ } - - stage('Upload result') { - withCredentials([usernamePassword( - credentialsId: env.JENKINS_SVACER_CREDENTIALS, - usernameVariable: 'SVACER_USER', - passwordVariable: 'SVACER_PASS' - )]) { + + withCredentials([usernamePassword( + credentialsId: env.JENKINS_SVACER_CREDENTIALS, + usernameVariable: 'SVACER_USER', + passwordVariable: 'SVACER_PASS' + )]) { + stage('Upload results') { + nexusSvaceSarifRepoPath = "${params.GIT_PROJECT}/${params.BRANCH}/${commitShortSha}" sh """ + ${svaceCmd} svres2sarif ${svaceResultsDir}/.svace-dir/analyze-res/svace_analysis.svres -o ${svaceSarifResultFile} cd ${svaceResultsDir} + ${svacerCmd} import --svace ${svaceCmd} \ --project ${params.GIT_PROJECT} \ --branch ${params.BRANCH} \ @@ -78,15 +85,17 @@ node('svace') { ${svacerCmd} upload --ssl \ --user ${SVACER_USER} \ --password ${SVACER_PASS} \ - -ldap_server ${ldapServer} + --ldap_server ${ldapServer} """ + nexus.upload([artifactPath: "${svaceSarifResultFile}", + repository: svaceNexusRepo, + path: nexusSvaceSarifRepoPath]) } } - } - catch(err) { + } catch(err) { echo 'ERROR: ' + err.getMessage() currentBuild.result = 'FAILURE' } finally { - cleanWs() + cleanWs() } }