From 121e67aa119899f0f77cf4a6d8bf5323c8fcda85 Mon Sep 17 00:00:00 2001 From: ronanbrowne88 <ronan.browne@r3.com> Date: Sun, 10 Jul 2022 19:33:37 +0100 Subject: [PATCH 1/2] INFRA-1805 add snyk scanning to corda os 4.4 --- .ci/dev/regression/Jenkinsfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 75e6782014..e2c4a4b6ca 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -81,6 +81,7 @@ pipeline { CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" DOCKER_URL = "https://index.docker.io/v1/" EMAIL_RECIPIENTS = credentials('corda4-email-recipient') + SNYK_API_KEY = "c4-os-snyk" } stages { @@ -189,6 +190,15 @@ pipeline { } } + stage('Snyk Security') { + when { + expression { isReleaseTag || isReleaseCandidate || isReleaseBranch } + } + steps { + snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") + } + } + stage('All Tests') { when { expression { params.DO_TEST } From cd577afcd9e8d834756cf106155e988d8bff8cc8 Mon Sep 17 00:00:00 2001 From: ronanbrowne88 <ronan.browne@r3.com> Date: Mon, 11 Jul 2022 22:01:25 +0100 Subject: [PATCH 2/2] CORE-4769 add snyk scan open source 4.4 --- .ci/dev/regression/Jenkinsfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index e2c4a4b6ca..cdb3a5cc44 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -442,11 +442,17 @@ pipeline { success { script { sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications") + if (isReleaseTag || isReleaseCandidate || isReleaseBranch) { + snykSecurityScan.generateHtmlElements() + } } } unstable { script { sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications") + if (isReleaseTag || isReleaseCandidate || isReleaseBranch) { + snykSecurityScan.generateHtmlElements() + } } } failure {