CORE-4769 add snyk scan open source 4.5

2024-12-20 05:28:21 +00:00 · 2022-07-12 13:06:02 +01:00 · 2022-07-12 13:06:02 +01:00 · 12bbf98de2
commit 12bbf98de2
parent 8d110c1691 1b18f793ec
1 changed files with 16 additions and 0 deletions
--- a/.ci/dev/regression/Jenkinsfile
+++ b/.ci/dev/regression/Jenkinsfile
@ -81,6 +81,7 @@ pipeline {
        CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
        DOCKER_URL = "https://index.docker.io/v1/"
        EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
+        SNYK_API_KEY = "c4-os-snyk"
    }

    stages {
@ -189,6 +190,15 @@ pipeline {
            }
        }

+        stage('Snyk Security') {
+            when {
+                expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
+            }
+            steps {
+                snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
+            }
+        }
+
        stage('All Tests') {
            when {
                expression { params.DO_TEST }
@ -432,11 +442,17 @@ pipeline {
        success {
        	script {
        		sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
+                    snykSecurityScan.generateHtmlElements()
+                }
        	}
        }
        unstable {
        	script {
        		sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
+                    snykSecurityScan.generateHtmlElements()
+                }
        	}
        }
        failure {