Merge pull request #7219 from corda/add-snyk-scan-4.6

INFRA-1805 Add snyk scan to 4.6 release job
2024-12-19 04:57:58 +00:00 · 2022-07-26 19:11:05 +02:00 · 2022-07-26 19:11:05 +02:00 · 0b26ffa300
commit 0b26ffa300
parent 1baedbeb7c cd577afcd9
1 changed files with 16 additions and 0 deletions
--- a/.ci/dev/regression/Jenkinsfile
+++ b/.ci/dev/regression/Jenkinsfile
@ -81,6 +81,7 @@ pipeline {
        CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
        DOCKER_URL = "https://index.docker.io/v1/"
        EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
+        SNYK_API_KEY = "c4-os-snyk"
    }

    stages {
@ -189,6 +190,15 @@ pipeline {
            }
        }

+        stage('Snyk Security') {
+            when {
+                expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
+            }
+            steps {
+                snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
+            }
+        }
+
        stage('All Tests') {
            when {
                expression { params.DO_TEST }
@ -432,11 +442,17 @@ pipeline {
        success {
        	script {
        		sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
+                    snykSecurityScan.generateHtmlElements()
+                }
        	}
        }
        unstable {
        	script {
        		sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
+                    snykSecurityScan.generateHtmlElements()
+                }
        	}
        }
        failure {