From c89ce8e29d48b49e4b30dca05d8b1e1fe6f7e270 Mon Sep 17 00:00:00 2001 From: Jan Szkaradek Date: Fri, 2 Sep 2022 13:16:11 +0100 Subject: [PATCH] added modules for snyk scanning (#7235) --- .ci/dev/regression/Jenkinsfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 6e0959b2e1..83959ec1e6 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -193,12 +193,18 @@ pipeline { } } - stage('Snyk Security') { + stage('Snyk Security') { when { expression { isReleaseTag || isReleaseCandidate || isReleaseBranch } } steps { - snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") + script { + // Invoke Snyk for each Gradle sub project we wish to scan + def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule'] + modulesToScan.each { module -> + snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") + } + } } }