github.com/xgoffin/jenkins-library@v1.154.0/vars/piperPipelineStageSecurity.groovy (about) 1 import com.sap.piper.ConfigurationHelper 2 import com.sap.piper.GenerateStageDocumentation 3 import com.sap.piper.StageNameProvider 4 import com.sap.piper.Utils 5 import groovy.transform.Field 6 7 import static com.sap.piper.Prerequisites.checkScript 8 9 @Field String STEP_NAME = getClass().getName() 10 @Field String TECHNICAL_STAGE_NAME = 'security' 11 12 @Field Set GENERAL_CONFIG_KEYS = [] 13 @Field STAGE_STEP_KEYS = [ 14 /** Executes a Checkmarx scan */ 15 'checkmarxExecuteScan', 16 /** Executes Synopsys Detect scans */ 17 'detectExecuteScan', 18 /** Executes a Fortify scan */ 19 'fortifyExecuteScan', 20 /** Executes a WhiteSource scan */ 21 'whitesourceExecuteScan' 22 ] 23 @Field Set STEP_CONFIG_KEYS = GENERAL_CONFIG_KEYS.plus(STAGE_STEP_KEYS) 24 @Field Set PARAMETER_KEYS = STEP_CONFIG_KEYS 25 26 /** 27 * In this stage important security-relevant checks will be conducted.<br /> 28 * This is to achieve a decent level of security for your application. 29 */ 30 @GenerateStageDocumentation(defaultStageName = 'Security') 31 void call(Map parameters = [:]) { 32 def script = checkScript(this, parameters) ?: this 33 def utils = parameters.juStabUtils ?: new Utils() 34 def stageName = StageNameProvider.instance.getStageName(script, parameters, this) 35 36 def securityScanMap = [:] 37 38 Map config = ConfigurationHelper.newInstance(this) 39 .loadStepDefaults() 40 .mixinGeneralConfig(script.commonPipelineEnvironment, GENERAL_CONFIG_KEYS) 41 .mixinStageConfig(script.commonPipelineEnvironment, stageName, STEP_CONFIG_KEYS) 42 .mixin(parameters, PARAMETER_KEYS) 43 .addIfEmpty('checkmarxExecuteScan', script.commonPipelineEnvironment.configuration.runStep?.get(stageName)?.checkmarxExecuteScan) 44 .addIfEmpty('detectExecuteScan', script.commonPipelineEnvironment.configuration.runStep?.get(stageName)?.detectExecuteScan) 45 .addIfEmpty('fortifyExecuteScan', script.commonPipelineEnvironment.configuration.runStep?.get(stageName)?.fortifyExecuteScan) 46 .addIfEmpty('whitesourceExecuteScan', script.commonPipelineEnvironment.configuration.runStep?.get(stageName)?.whitesourceExecuteScan) 47 .use() 48 49 piperStageWrapper (script: script, stageName: stageName) { 50 if (config.checkmarxExecuteScan) { 51 securityScanMap['Checkmarx'] = { 52 node(config.nodeLabel) { 53 try{ 54 durationMeasure(script: script, measurementName: 'checkmarx_duration') { 55 checkmarxExecuteScan script: script 56 } 57 }finally{ 58 deleteDir() 59 } 60 } 61 } 62 } 63 64 if (config.detectExecuteScan) { 65 securityScanMap['Detect'] = { 66 node(config.nodeLabel) { 67 try{ 68 durationMeasure(script: script, measurementName: 'detect_duration') { 69 detectExecuteScan script: script 70 } 71 }finally{ 72 deleteDir() 73 } 74 } 75 } 76 } 77 78 if (config.fortifyExecuteScan) { 79 securityScanMap['Fortify'] = { 80 node(config.nodeLabel) { 81 try{ 82 durationMeasure(script: script, measurementName: 'fortify_duration') { 83 fortifyExecuteScan script: script 84 } 85 }finally{ 86 deleteDir() 87 } 88 } 89 } 90 } 91 92 if (config.whitesourceExecuteScan) { 93 securityScanMap['WhiteSource'] = { 94 node(config.nodeLabel) { 95 try{ 96 durationMeasure(script: script, measurementName: 'whitesource_duration') { 97 whitesourceExecuteScan script: script 98 } 99 }finally{ 100 deleteDir() 101 } 102 } 103 } 104 } 105 106 if (securityScanMap.size() > 0) { 107 // telemetry reporting 108 utils.pushToSWA([step: STEP_NAME], config) 109 110 parallel securityScanMap.plus([failFast: false]) 111 } 112 } 113 }