From 306951c97dfe0bc7dee3238eca2520b39e40e45f Mon Sep 17 00:00:00 2001
From: Ronan Browne <ronan.browne@R3.com>
Date: Mon, 17 Jul 2023 18:27:28 +0100
Subject: [PATCH] ES-657: add auto import and snyk scanning for c4 corda
 community docker images (#7415)

---
 .ci/dev/regression/Jenkinsfile | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile
index 7042624f95..a8ab2dcece 100644
--- a/.ci/dev/regression/Jenkinsfile
+++ b/.ci/dev/regression/Jenkinsfile
@@ -6,9 +6,11 @@
 @Library('corda-shared-build-pipeline-steps')
 
 import com.r3.build.utils.GitUtils
+import com.r3.build.enums.SnykOrganisation
+import com.r3.build.utils.SnykUtils
 
 GitUtils gitUtils = new GitUtils(this)
-
+SnykUtils snykUtils = new SnykUtils(this)
 /**
  * Sense environment
  */
@@ -59,8 +61,9 @@ pipeline {
         CORDA_USE_CACHE = "corda-remotes"
         DOCKER_URL = "https://index.docker.io/v1/"
         EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
+        INTEGRATION_ID = credentials('snyk-artifactory-c4')
         SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token
-        SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
+        SNYK_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
         C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id')
     }
 
@@ -106,7 +109,7 @@ pipeline {
                 expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
             }
             steps {
-                snykLicenseGeneration(env.SNYK_API_TOKEN, env.C4_OS_SNYK_ORG_ID)
+                snykLicenseGeneration(env.SNYK_TOKEN, env.C4_OS_SNYK_ORG_ID)
             }
             post {
                 always {
@@ -391,6 +394,13 @@ pipeline {
                 if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
                     snykSecurityScan.generateHtmlElements()
                 }
+
+                if (isReleaseTag || isReleaseCandidate) {
+                    // auto import and scanning of Docker images tag is dictated by below properties, so retrieve these first to scan the approproate tag
+                    String cordaVersion = sh(script: 'grep "cordaVersion" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
+                    String versionSuffix = sh(script: 'grep "versionSuffix" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
+                    snykUtils.SnykApiImport(!versionSuffix.isEmpty() ? "${cordaVersion}-${versionSuffix}" : cordaVersion, SnykOrganisation.CORDA_4_OS, env.C4_OS_SNYK_ORG_ID)
+                }
             }
         }
         unstable {