Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37437

Pipeline integration for OWASP checker

    Details

    • Similar Issues:

      Description

      It would be nice to be able to use the dependency check plugin within the jenkins pipeline (formerly known as the workflow).

        Attachments

          Issue Links

            Activity

            Hide
            jhovell John Hovell added a comment -

            Is there documentation for this? I don't see any directive/command in the pipeline-syntax/ page after installing this plugin. 

            Show
            jhovell John Hovell added a comment - Is there documentation for this? I don't see any directive/command in the pipeline-syntax/ page after installing this plugin. 
            Hide
            sspringett Steve Springett added a comment -

            John Hovell use the Pipeline Syntax to create the code. Like all build plugins, look in generic build step. The next version of the plugin has native groovy functions defined, so you can use either one.

            Show
            sspringett Steve Springett added a comment - John Hovell use the Pipeline Syntax to create the code. Like all build plugins, look in generic build step. The next version of the plugin has native groovy functions defined, so you can use either one.
            Hide
            jeraldsm Jerald Sabu added a comment - - edited

            Hi Steve Springett,

            Could you please provide an example for the pipeline syntax of owasp dependency check.?  Is there an option to enable debug mode ?

            I'm running owasp dependency check in 'parallel' of a build stage pipeline, with the following pipeline syntax (default one) :

            "OWASP Dependency Check": {
            step([$class: 'DependencyCheckBuilder', datadir: '', hintsFile: '', includeCsvReports: false, includeHtmlReports: false, includeJsonReports: false, isAutoupdateDisabled: false, outdir: '', scanpath: '${env.SOURCES_DIR}', skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: ''])
            
            },

            But I can only see that the OWASP check failed with the following output which does not help to debug at all.:

             [Pipeline] [OWASP Depen­dency Check] \{ (Branch: OWASP Depen­dency Check)
             [Pipeline] [OWASP Depen­dency Check] echo
             15:14:37 [OWASP Depen­dency Check] OWASP Dependency Check
             [Pipeline] [OWASP Depen­dency Check] step
             15:14:37 [OWASP Depen­dency Check] [DependencyCheck] OWASP Dependency-Check Plugin v2.1.0
             [Pipeline] [OWASP Depen­dency Check] }
             15:14:37 [OWASP Depen­dency Check] Failed in branch OWASP Depen­dency Check
            

            Regards,
            Jerald

            Show
            jeraldsm Jerald Sabu added a comment - - edited Hi Steve Springett , Could you please provide an example for the pipeline syntax of owasp dependency check.?  Is there an option to enable debug mode ? I'm running owasp dependency check in 'parallel' of a build stage pipeline, with the following pipeline syntax (default one) : "OWASP Dependency Check" : { step([$class: 'DependencyCheckBuilder' , datadir: '', hintsFile: ' ', includeCsvReports: false , includeHtmlReports: false , includeJsonReports: false , isAutoupdateDisabled: false , outdir: ' ', scanpath: ' ${env.SOURCES_DIR} ', skipOnScmChange: false , skipOnUpstreamChange: false , suppressionFile: ' ', zipExtensions: ' ']) }, But I can only see that the OWASP check failed with the following output which does not help to debug at all.: [Pipeline] [OWASP Depen­dency Check] \{ (Branch: OWASP Depen­dency Check) [Pipeline] [OWASP Depen­dency Check] echo 15:14:37 [OWASP Depen­dency Check] OWASP Dependency Check [Pipeline] [OWASP Depen­dency Check] step 15:14:37 [OWASP Depen­dency Check] [DependencyCheck] OWASP Dependency-Check Plugin v2.1.0 [Pipeline] [OWASP Depen­dency Check] } 15:14:37 [OWASP Depen­dency Check] Failed in branch OWASP Depen­dency Check Regards, Jerald
            Hide
            sspringett Steve Springett added a comment -

            Creating a Jenkins system logger for org.owasp should reveal some useful info. Also, if the job is running on a slave, there was a serialization issue which was corrected in 2.1.1 pushed out today.

            Also, the long-form syntax can still be used in 2.1.1 and higher, but you can also call it by its groovy function name. I usually use this for testing locally:

            node("master") {
              stage("Dependency Check") {
                dependencyCheckAnalyzer datadir: 'dependency-check-data', isFailOnErrorDisabled: true, hintsFile: '', includeCsvReports: false, includeHtmlReports: false, includeJsonReports: false, isAutoupdateDisabled: false, outdir: '', scanpath: '', skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: ''
            
                dependencyCheckPublisher canComputeNew: false, defaultEncoding: '', healthy: '', pattern: '', unHealthy: ''
            
                archiveArtifacts allowEmptyArchive: true, artifacts: '**/dependency-check-report.xml', onlyIfSuccessful: true
              }
            }

             

             

            Show
            sspringett Steve Springett added a comment - Creating a Jenkins system logger for org.owasp should reveal some useful info. Also, if the job is running on a slave, there was a serialization issue which was corrected in 2.1.1 pushed out today. Also, the long-form syntax can still be used in 2.1.1 and higher, but you can also call it by its groovy function name. I usually use this for testing locally: node( "master" ) { stage( "Dependency Check" ) { dependencyCheckAnalyzer datadir: 'dependency-check-data' , isFailOnErrorDisabled: true , hintsFile: '', includeCsvReports: false , includeHtmlReports: false , includeJsonReports: false , isAutoupdateDisabled: false , outdir: ' ', scanpath: ' ', skipOnScmChange: false , skipOnUpstreamChange: false , suppressionFile: ' ', zipExtensions: ' ' dependencyCheckPublisher canComputeNew: false , defaultEncoding: '', healthy: ' ', pattern: ' ', unHealthy: ' ' archiveArtifacts allowEmptyArchive: true , artifacts: '**/dependency-check-report.xml' , onlyIfSuccessful: true } }    
            Hide
            jeraldsm Jerald Sabu added a comment -

            Steve Springett owasp Dependency check works fine after updating to version 1.2.1.
            Thanks a lot for pointing out the syntax!

            Show
            jeraldsm Jerald Sabu added a comment - Steve Springett owasp Dependency check works fine after updating to version 1.2.1. Thanks a lot for pointing out the syntax!

              People

              • Assignee:
                sspringett Steve Springett
                Reporter:
                johan_piet Johan Piet
              • Votes:
                8 Vote for this issue
                Watchers:
                17 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: