forked from adarshreddy94/webapp
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Jenkinsfile
84 lines (71 loc) · 1.95 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
pipeline {
agent any
environment {
def imageLine = 'adarshreddydocker/devsecops:newwebapp'
}
tools {
maven 'maven'
}
stages {
stage ('Initialize') {
steps {
sh '''
echo "PATH = ${PATH}"
echo "M2_HOME = ${M2_HOME}"
'''
}
}
stage ('git-checkout') {
steps {
git 'https://github.com/adarshreddy24/webapp.git'
}
}
stage ('Check-Git-Secrets') {
steps {
sh 'rm trufflehog || true'
sh 'docker run gesellix/trufflehog --json https://github.com/adarshreddy24/webapp.git > trufflehog'
sh 'cat trufflehog'
}
}
stage ('Source Composition Analysis') {
steps {
sh 'rm owasp* || true'
sh 'wget "https://raw.githubusercontent.com/adarshreddy24/webapp/master/owasp-dependency-check.sh" '
sh 'chmod +x owasp-dependency-check.sh'
sh 'bash owasp-dependency-check.sh'
sh 'cat /var/lib/jenkins/workspace/DevSecOps_Pipeline/odc-reports/dependency-check-report.xml'
}
}
stage ('SAST') {
steps {
withSonarQubeEnv('sonar') {
sh 'mvn sonar:sonar'
sh 'cat target/sonar/report-task.txt'
}
}
}
stage ('Build') {
steps {
sh 'mvn clean package'
}
}
stage ('Deploy-To-Tomcat') {
steps {
sshagent(['tomcat']) {
sh 'scp -o StrictHostKeyChecking=no target/*.war [email protected]:/opt/apache-tomcat-9.0.44/webapps/WebApp.war'
}
}
}
stage ('DAST') {
steps {
sh "docker run -t owasp/zap2docker-stable zap-baseline.py -t http://65.1.229.50:8080/WebApp/"
}
}
stage ('Anchore-Container-Security-scanner') {
steps {
writeFile file: 'anchore_images', text: imageLine
anchore name: 'anchore_images'
}
}
}
}