Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding OWASP Dependency Check job #34

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Adding OWASP Dependency Check job #34

wants to merge 2 commits into from

Conversation

kramos
Copy link
Contributor

@kramos kramos commented Dec 13, 2016

Also:
Adding test for Owasp Dependency Check job
Fixing #33
Improving .gitignore

This PR is dependent on the docker image created by this PR:
Accenture/adop-jenkins#25
being tagged and consumed by an updated:
https://github.com/Accenture/adop-docker-compose/blob/master/docker-compose.yml

@kramos
Fixing Accenture#33
92dd5cd 
Adding Owasp Dependency Check job
Adding test for Owasp Dependency Check job
Improving .gitignore
@anton-kasperovich
Copy link
Contributor

Hi @kramos , excellent additional to the pipeline! I've found that "Publishes OWASP dependency check results" supported by JobDSL by default, so not need to make configure fallback block there, you can reduce source code there and make it more convenient.

anton-kasperovich
anton-kasperovich reviewed Dec 13, 2016
View reviewed changes
jenkins/jobs/dsl/java_reference_application_jobs.groovy
}
}

configure { project ->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can replace this with DSL, instead of just XML fallback https://jenkinsci.github.io/job-dsl-plugin/#method/javaposse.jobdsl.dsl.helpers.publisher.PublisherContext.dependencyCheck

@kramos
Copy link
Contributor Author

kramos commented Dec 13, 2016

Good find @anton-kasperovich I replaced the publisher XML with DSL and tested it.

Thanks for the tip on searching the DSL plugin source code for DSL support, e.g. https://github.com/jenkinsci/job-dsl-plugin/search?utf8=%E2%9C%93&q=dependencyCheck

@kramos
Copy link
Contributor Author

kramos commented Dec 22, 2016

Here is a PR for the Jenkins update:
Accenture/adop-docker-compose#178 :)

@kramos
Copy link
Contributor Author

kramos commented Feb 13, 2017

Tested this in a vanilla latest ADOP and

  • the new OWASP_Dependency_Check job worked (currently finding some JavaScript as well as Java vulnerabilities)!
  • all the other jobs worked
  • all three environments worked (post being created and deployed to)

@anton-kasperovich anton-kasperovich self-requested a review June 2, 2017 13:21
@subodh-hatkar
Copy link

subodh-hatkar commented Nov 14, 2017
edited
Loading

OWASP_Dependency_Check job tested and working with and without setting threshold.

@dsingh07 dsingh07 removed the LEVEL 2 label Nov 14, 2017
@deors
Copy link

deors commented Oct 10, 2018

is there any outstanding issue preventing us from merging this? it would be great to have in Java cartridge by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anton-kasperovich anton-kasperovich Awaiting requested review from anton-kasperovich

Assignees
No one assigned
Labels
LEVEL 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kramos @anton-kasperovich @subodh-hatkar @deors @nickdgriffin @dsingh07