From 299d606df0c841297272ce961a079bd373f57eb7 Mon Sep 17 00:00:00 2001 From: kjubybot Date: Mon, 4 Apr 2022 12:19:40 +0300 Subject: [PATCH] added Jenkinsfile and sonar-project.properties for SAST analysis --- Jenkinsfile-sast | 50 ++++++++++++++++++++++++++++++++++++++++ sonar-project.properties | 7 ++++++ 2 files changed, 57 insertions(+) create mode 100644 Jenkinsfile-sast create mode 100644 sonar-project.properties diff --git a/Jenkinsfile-sast b/Jenkinsfile-sast new file mode 100644 index 0000000..3b32435 --- /dev/null +++ b/Jenkinsfile-sast @@ -0,0 +1,50 @@ +pipeline { + agent { + kubernetes { + yaml ''' +apiVersion: v1 +kind: Pod +spec: + containers: + - name: alpine + image: alpine:3.15 + command: + - sleep + - infinity +''' + } + } + stages { + stage('Dependency check') { + environment { + DEPCHECKDB = credentials('depcheck-postgres') + } + steps { + container('alpine') { + sh 'apk update && apk add openjdk11 java-postgresql-jdbc' + dependencyCheck additionalArguments: '-f JSON -f HTML \ + --dbDriverName org.postgresql.Driver \ + --dbDriverPath /usr/share/java/postgresql-jdbc.jar \ + --dbUser $DEPCHECKDB_USR \ + --dbPassword $DEPCHECKDB_PSW \ + --connectionString jdbc:postgresql://postgres-postgresql.postgres/depcheck', odcInstallation: 'depcheck' + } + } + } + stage('SonarQube analysis') { + environment { + SONARSCANNER_HOME = tool 'sonarscanner' + } + steps { + withSonarQubeEnv('sonarqube') { + sh '$SONARSCANNER_HOME/bin/sonar-scanner' + } + } + } + stage('SonarQube quality gate') { + steps { + waitForQualityGate webhookSecretId: 'sonar-webhook', abortPipeline: true + } + } + } +} diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..70e9f93 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,7 @@ +sonar.projectKey=terraform-provider-decort-sast +sonar.dependencyCheck.jsonReportPath=dependency-check-report.json +sonar.dependencyCheck.htmlReportPath=dependency-check-report.html + +sonar.exclusions=dependency-check-report.* + +sonar.language=go