ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 04:57:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #7222 from corda/add-snyk-scan-4.9

Browse Source 
INFRA-1820: add snyk scanning to 4.9
This commit is contained in:
Ronan Browne 2022-07-28 09:25:09 +02:00 committed by GitHub
commit 24c3e53435
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
.ci/dev/regression/Jenkinsfile vendored
View File

@ -83,6 +83,7 @@ pipeline {
CORDA_BUILD_EDITION = "${buildEdition}" CORDA_BUILD_EDITION = "${buildEdition}"
DOCKER_URL = "https://index.docker.io/v1/" DOCKER_URL = "https://index.docker.io/v1/"
EMAIL_RECIPIENTS = credentials('corda4-email-recipient') EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
SNYK_API_KEY = "c4-os-snyk"
} }
stages { stages {
@ -192,6 +193,15 @@ pipeline {
} }
} }
stage('Snyk Security') {
when {
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
}
steps {
snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
}
}
stage('All Tests') { stage('All Tests') {
when { when {
expression { params.DO_TEST } expression { params.DO_TEST }
@ -458,14 +468,20 @@ pipeline {
} }
} }
success { success {
script { script {
sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications") sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
} if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
snykSecurityScan.generateHtmlElements()
}
}
} }
unstable { unstable {
script { script {
sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications") sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
} if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
snykSecurityScan.generateHtmlElements()
}
}
} }
failure { failure {
script { script {