Reputation: 53
How to configure Checkmarx through jenkinsfile
I am trying to configure checkmarx through Jenkins file previously the checkmarx scripts was reading from groovy file which is globally configured.
This is how my jenkinsfile looks
stage('Code Scanning') {
parallel {
stage('Static Code Analysis') {
steps {
step([$class: 'CxScanBuilder',
comment: '',
credentialsId: '',
excludeFolders: '.helmignore, build, templates, javadocs, javadoc,
dist, node_modules, WMSRegistryReader.java,
BlowfishEncryptionStrategy.java, BlowfishUtils.java',
excludeOpenSourceFolders: '',
exclusionsSetting: 'global',
failBuildOnNewResults: false,
failBuildOnNewSeverity: 'MEDIUM',
filterPattern: '''!**/_cvs/**/*, !Checkmarx/Reports/*.*''',
fullScanCycle: 10,
groupId: '0de2e46c-8410-478a-85b9-b5dce83f8ecb',
includeOpenSourceFolders: '',
osaArchiveIncludePatterns: '*.zip, *.war, *.ear, *.tgz',
osaInstallBeforeScan: false,
password: '{}',
preset: '36',
projectName: "${APP_NAME}",
sastEnabled: true,
serverUrl: 'https://checkmarx.abc.com',
sourceEncoding: '1',
username: '',
vulnerabilityThresholdResult: 'FAILURE',
waitForResultsEnabled: true])
}
}
stage('Open Source Compliance') {
steps {
blackduck([appName: "${APP_NAME}", appDomain: "${APP_DOMAIN}", branchName:
"master"])
}
}
}
}
But the Build is considering global configuration done from jenkins-> Configuration setting instead of service jenkinsfile
Is there any syntax issue in my jenkinsfile or anything I'm missing here.
Upvotes: 3
Views: 9532
Answers (2)
Reputation: 113
I choose free style rather then going for pipeline job in jenkins. Here is how I configured even without checkmarx plugin.
First generate a token using below command runCxConsole.cmd GenerateToken -v -CxUser username -CxPassword admin -CxServer http://localhost
Congfiure below lines of code in Build --> Execute Shell
Jenkins Script
#!/bin/bash
export JAVA_HOME=/usr/bin/java
export CHECKMARX_HOME=/<checkmarx plugin path>/CxConsolePlugin-8.90.2
echo ${WORKSPACE}
echo $CX_PROJECT_NAME
mkdir ${WORKSPACE}/cxReports
export CHECKMARX_REPORTS_HOME=${WORKSPACE}/cxReports
echo $CHECKMARX_REPORTS_HOME
$CHECKMARX_HOME/runCxConsole.sh Scan -v -CxServer <checkmarx server details> -ProjectName "<project anme>" -cxToken <token> -locationtype folder -locationpath "${WORKSPACE}" -preset "Default Checkamrx" -reportcsv $CHECKMARX_REPORTS_HOME/$CX_PROJECT_NAME.csv -ReportPDF $CHECKMARX_REPORTS_HOME/$CX_PROJECT_NAME.pdf
Note:Always use token for authentication with the server instead hard coding the username and password in the CLI command.
For more information you can visit https://checkmarx.atlassian.net/wiki/spaces/SD/pages/222232891/Authentication+Login+to+the+CLI
Upvotes: 0
Reputation: 446
Can't find documentation for it but I have set
exclusionsSetting: '',
Instead of
exclusionsSetting: 'global',
In order to override global Checkmarx settings
Upvotes: 2
Related Questions
- Jenkins Groovy Scripting
- Configuring Groovy on Jenkins
- Jenkins xml configuration to Groovy-based Jenkins Job DSL
- How to use Checkstyle plugin in Jenkins/Hudson
- Jenkins/Maven checkstyle:check in pom.xml doesnt work
- How to Configure a Checkstyle Configuration for Java in Jenkins
- Checkstyle working in Maven, but not working in Jenkins
- configure Jenkins "Global Tool Configuration" using CLI / groovy
- jenkins checkmarx plugin does not take envirnoment variables in exclude folder property?
- Checkstyle Jenkins - How do I Configure Checkstyle in Jenkins?