mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-01-20 05:19:40 +02:00
b7468a7ae4
Having the step name always the same like the file name, which is in turn the class name is redundant.
106 lines
4.3 KiB
Groovy
106 lines
4.3 KiB
Groovy
import static com.sap.piper.Prerequisites.checkScript
|
|
|
|
import com.sap.piper.ConfigurationHelper
|
|
import com.sap.piper.Utils
|
|
import com.sap.piper.mta.MtaMultiplexer
|
|
|
|
import groovy.transform.Field
|
|
|
|
@Field def STEP_NAME = getClass().getName()
|
|
|
|
@Field Set GENERAL_CONFIG_KEYS = ['snykCredentialsId']
|
|
@Field Set STEP_CONFIG_KEYS = GENERAL_CONFIG_KEYS.plus([
|
|
'buildDescriptorFile',
|
|
'dockerImage',
|
|
'exclude',
|
|
'monitor',
|
|
'scanType',
|
|
'snykOrg',
|
|
'toJson',
|
|
'toHtml'
|
|
])
|
|
@Field Set PARAMETER_KEYS = STEP_CONFIG_KEYS
|
|
|
|
void call(Map parameters = [:]) {
|
|
handlePipelineStepErrors(stepName: STEP_NAME, stepParameters: parameters) {
|
|
def utils = parameters.juStabUtils ?: new Utils()
|
|
|
|
def script = checkScript(this, parameters) ?: this
|
|
|
|
Map config = ConfigurationHelper.newInstance(this)
|
|
.loadStepDefaults()
|
|
.mixinGeneralConfig(script.commonPipelineEnvironment, GENERAL_CONFIG_KEYS)
|
|
.mixinStepConfig(script.commonPipelineEnvironment, STEP_CONFIG_KEYS)
|
|
.mixinStageConfig(script.commonPipelineEnvironment, parameters.stageName?:env.STAGE_NAME, STEP_CONFIG_KEYS)
|
|
.mixin(parameters, PARAMETER_KEYS)
|
|
// check mandatory paramerers
|
|
.withMandatoryProperty('dockerImage')
|
|
.withMandatoryProperty('snykCredentialsId')
|
|
.use()
|
|
|
|
new Utils().pushToSWA([step: STEP_NAME,
|
|
stepParam1: parameters?.script == null], config)
|
|
|
|
utils.unstashAll(config.stashContent)
|
|
|
|
switch(config.scanType) {
|
|
case 'mta':
|
|
def scanJobs = [failFast: false]
|
|
// create job for each package.json with scanType: 'npm'
|
|
scanJobs.putAll(MtaMultiplexer.createJobs(
|
|
this, parameters, config.exclude, 'Snyk', 'package.json', 'npm'
|
|
){options -> snykExecute(options)})
|
|
// execute scan jobs in parallel
|
|
parallel scanJobs
|
|
break
|
|
case 'npm':
|
|
// set default file for scanType
|
|
def path = config.buildDescriptorFile.replace('package.json', '')
|
|
try{
|
|
withCredentials([string(
|
|
credentialsId: config.snykCredentialsId,
|
|
variable: 'token'
|
|
)]) {
|
|
dockerExecute(
|
|
script: script,
|
|
dockerImage: config.dockerImage,
|
|
stashContent: config.stashContent,
|
|
dockerEnvVars: ['SNYK_TOKEN': token]
|
|
) {
|
|
// install Snyk
|
|
sh 'npm install snyk --global --quiet'
|
|
if(config.toHtml){
|
|
config.toJson = true
|
|
sh 'npm install snyk-to-html --global --quiet'
|
|
}
|
|
// install NPM dependencies
|
|
sh "cd '${path}' && npm install --quiet"
|
|
// execute Snyk scan
|
|
def cmd = []
|
|
cmd.push("cd '${path}'")
|
|
if(config.monitor) {
|
|
cmd.push('&& snyk monitor')
|
|
if(config.snykOrg)
|
|
cmd.push("--org=${config.snykOrg}")
|
|
}
|
|
cmd.push('&& snyk test')
|
|
if(config.toJson)
|
|
cmd.push("--json > snyk.json")
|
|
try{
|
|
sh cmd.join(' ')
|
|
}finally{
|
|
if(config.toHtml) sh "snyk-to-html -i ${path}snyk.json -o ${path}snyk.html"
|
|
}
|
|
}
|
|
}
|
|
}finally{
|
|
if(config.toJson) archiveArtifacts "${path.replaceAll('\\./', '')}snyk.json"
|
|
if(config.toHtml) archiveArtifacts "${path.replaceAll('\\./', '')}snyk.html"
|
|
}
|
|
break
|
|
default:
|
|
error "[ERROR][${STEP_NAME}] ScanType '${config.scanType}' not supported!"
|
|
}
|
|
}
|
|
}
|