Hello_Java/jenkins/Jenkinsfile-bd+cop-incremental at main · priyanks-synopsys/Hello_Java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// Jenkinsfile for Black Duck + Polaris with unsupported LCA Polaris incremental for PR scans
pipeline {
    agent { label 'linux64' }

    environment {
        PROJECT = 'chuckaude-hello-java'
        POLARIS_FF_ENABLE_COVERITY_INCREMENTAL = 'true'
    }

    tools {
        maven 'maven-3.9'
        jdk 'openjdk-17'
    }

    stages {
        stage('Build') {
            steps {
                sh 'mvn -B compile'
            }
        }
        stage('Test') {
            steps {
                sh 'mvn -B test'
            }
        }
        stage('Security') {
            parallel {
                stage('Black Duck') {
                    steps {
                        synopsys_detect "--detect.project.name=$PROJECT --detect.project.version.name=$BRANCH_NAME"
                    }
                }
                stage('Polaris Full Scan') {
                    when {
                        allOf {
                            not { changeRequest() }
                            expression { BRANCH_NAME ==~ /(main|stage|release)/ }
                        }
                    }
                    steps {
                        polaris arguments: "--co project.name=$PROJECT analyze -w", polarisCli: 'default'
                        script {
                            count = polarisIssueCheck jobTimeoutInMinutes: 30, returnIssueCount: true
                            if (count != 0) { unstable 'Outstanding Issues Detected' }
                        }
                    }
                }
                stage('Polaris Incremental Scan') {
                    when {
                        allOf {
                            changeRequest()
                            expression { CHANGE_TARGET ==~ /(main|stage|release)/ }
                        }
                    }
                    steps {
                        sh '''
                            git --no-pager diff origin/$CHANGE_TARGET --name-only > changeset.txt
                            [ -s changeset.txt ] || exit 0
                        '''
                        polaris arguments: "--co project.name=$PROJECT analyze -w --incremental changeset.txt", polarisCli: 'default'
                        sh '''
                            COUNT=$(cat .synopsys/polaris/data/coverity/*/idir/incremental-results/new-issues.json | jq '. | length')
                            if [ $COUNT -ne 0 ]; then touch issues_found; fi
                        '''
                        script {
                            if (fileExists('issues_found')) { unstable 'New Issues Detected' }
                        }
                    }
                }
            }
        }
        stage('Deploy') {
            when {
                expression { BRANCH_NAME ==~ /(main|stage|release)/ }
            }
            steps {
                sh 'mvn -B install'
            }
        }
    }
    post {
        always {
            archiveArtifacts artifacts: '.synopsys/polaris/configuration/synopsys.yml, .synopsys/polaris/data/coverity/*/idir/build-log.txt', allowEmptyArchive: true
            cleanWs()
        }
    }
}