blob: 10ced62f6f5bc7cae87ac1cf0789ba26029f2062 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
def call(Map optional, String projectName, String projectVersion, String imageDirectory) {
optional.projectName = projectName
optional.projectVersion = projectVersion
optional.imageDirectory = imageDirectory
call(optional)
}
def call(Map optional) {
String projectVersion = optional.projectVersion
String projectName = optional.projectName
String imageDirectory = optional.imageDirectory
String url = "https://blackduck.eng.netapp.com"
String credId = 'hubProductionToken'
if((boolean) optional.staging){
url = "https://blackduck-staging.eng.netapp.com"
credId = 'hubStagingToken'
}
BLACKDUCK_SKIP_PHONE_HOME = true
withCredentials([string(credentialsId: credId, variable: 'TOKEN')]) {
String memory = optional.scannerMemoryMb ?: '8192'
String logLevel = optional.logLevel ?: 'INFO'
String coreCount = optional.coreCount ?: 1
String timeoutMinutes = optional.timeout ?: 60
sh''' wget -qN http://esgweb.eng.netapp.com/~lorenp/synopsys-detect-6.0.0-air-gap.zip -O /tmp/synopsys-detect.zip
unzip -u -d /tmp/tools /tmp/synopsys-detect.zip
rm -f /tmp/synopsys-detect.zip
'''
// Create the temporary directory for the scan logs
def scanTempDir = sh(returnStdout: true, script: "mktemp --directory \"/tmp/synopsys-detect-${projectName}-${projectVersion}-XXXXXXXXXX\"").trim()
echo "Initiating Hub Scanning Process on every image in ${imageDirectory}"
echo "Sending results to ${url}"
echo "Using a logLevel of ${logLevel}"
echo "Additional parameters: ${optional}"
echo "Running with a timeout value of ${timeoutMinutes} minutes"
// We need to locate all of the images to scan.
sh "find ${imageDirectory} -type f -iname '*.tar'> listFiles"
def files = readFile( "listFiles" ).split('\n');
try {
files.each {
def fileName = it.split('/')[-1];
timeout(time: "${timeoutMinutes}", unit: 'MINUTES') {
// Run a single scan for each image we find, using the filename as a scan identifier
sh """
java -Xms4096m -Xmx8192m -Xss1024m -jar /tmp/tools/synopsys-detect-6.0.0.jar \
--blackduck.url=${url} \
--detect.blackduck.signature.scanner.memory="${memory}" \
--detect.blackduck.signature.scanner.individual.file.matching="ALL" \
--blackduck.api.token=${TOKEN} \
--detect.docker.tar=${it} \
--detect.parallel.processors=${coreCount} \
--detect.code.location.name=${projectName}-${projectVersion}-${fileName} \
--detect.project.name=${projectName} \
--detect.project.version.name=${projectVersion} \
--detect.cleanup=false \
--blackduck.trust.cert=true \
--detect.output.path=${scanTempDir} \
--logging.level.com.synopsys.integration="${logLevel}"
"""
}
}
} finally {
dir("${scanTempDir}") {
deleteDir()
}
}
}
}
|
