源鉴开源组件安全漏洞检测
1、流水线
import hudson.model.*;
pipeline{
agent{
node{
label 'kems-10.202.61.111'
}
}
environment{
PROJECT_WORKSPACE="$WORKSPACE"
/*设置检测包路径*/
FILEPATH = "${sh(returnStdout: true, script: 'cd ..; echo `pwd`/${JOB_NAME}.tgz')}"
DEFAULT_BRANCH = 'refs/heads/master'
TOKEN = '026a2644a9bf479da81e0dd8aad6d330'
}
stages{
/*清理工作空间*/
stage('Init'){
steps{
dir("$PROJECT_WORKSPACE"){
script{
echo "清理空间"
sh "rm -rf *"
}
}
}
}
/*拉取代码*/
stage('Pull'){
steps{
dir("$PROJECT_WORKSPACE"){
//SVN拉取代码
checkout([$class: 'SubversionSCM', additionalCredentials: [], excludedCommitMessages: '', excludedRegions: '', excludedRevprop: '', excludedUsers: '', filterChangelog: false, ignoreDirPropChanges: false, includedRegions: '', locations: [[cancelProcessOnExternalsFail: true, credentialsId: 'b3519cbb-ac27-4962-a8c4-dcb2daa79db2', depthOption: 'infinity', ignoreExternalsOption: true, local: '.', remote: 'https://10.200.0.2/ZHCS/kems/branches/v3.4.0/server/kems-project']], quietOperation: true, workspaceUpdater: [$class: 'UpdateUpdater']])
//Git拉取代码
//git branch: 'develop', credentialsId: 'xx', url: 'http://xxx.git'
}
}
}
/*打包项目*/
stage('Pack'){
steps{
sh 'cd ..; tar -zcf ${FILEPATH} ${JOB_NAME}'
}
}
/*上传检测并获取结果*/
stage('Check'){
steps{
sh """#!/bin/bash
# 上传检测
TASK_ID=`curl -k -L -X POST "https://10.210.5.15:8011/oss/api-v1/open-api/jenkins/pipeline/add" \
-H "OpenApiToken=${TOKEN}" \
-F 'file=@/kingdom/devops/workspace/${JOB_NAME}.tgz' \
-F 'token=${TOKEN}' \
-F 'taskName=$JOB_NAME' \
-F 'version=$BUILD_ID' \
-F 'cleanLevel=1' \
-F 'checkType=1' \
-F 'deepLimit=-1' \
-F 'qualityType=2' \
-F 'componentBaseLineSwitch=false' \
-F 'blackSwitch= false' \
-F 'qualitySwitch= false' \
-F 'vulQualitySwitch= false' \
-F 'licenseQualitySwitch= false' \
-F 'vulSeriousNum=0' \
-F 'vulHighNum=0' \
-F 'vulMediumNum=0' \
-F 'vulLowNum=0' \
-F 'licenseHighNum=0' \
-F 'licenseMediumNum=0' \
-F 'licenseLowNum=0' \
-F 'desc= '`
# 删除应用包
# 校验任务id
if [[ ! "\${TASK_ID}" =~ ^[0-9]+\$ ]];then
echo "检测出错:\${TASK_ID}"
exit 1
fi
# 获取结果。状态:待检测(0),检测中(1),检测完成(2),检测失败(3)
echo '检测中...'
TASK_STATUS=0
while [ \$TASK_STATUS -eq 0 -o \$TASK_STATUS -eq 1 ]
do
sleep 3
TASK_STATUS=`curl -k -L -X GET "https://10.210.5.15:8011/oss/api-v1/open-api/jenkins/pipeline/status/\${TASK_ID}" -H "OpenApiToken: ${TOKEN}"`
done
echo '检测完成...'
if [ \$TASK_STATUS -eq 2 ]; then
SIGN_STRING=`echo -n "\${TASK_ID}xmirror"|md5sum | cut -d" " -f1`
echo "检测结果链接:https://10.210.5.15:8011/Jenkins/details/component?taskId=\${TASK_ID}&token=${TOKEN}&sign=\${SIGN_STRING}"
echo "html报告下载链接:https://10.210.5.15:8011/oss/api-v1/open-api/sdl/devops/report/html/\${TASK_ID}?token=${TOKEN}"
echo "pdf报告下载链接:https://10.210.5.15:8011/oss/api-v1/open-api/sdl/devops/report/pdf/\${TASK_ID}?token=${TOKEN}"
# 检测结果
TASK_RESULT=`curl -k -L -X GET "https://10.210.5.15:8011/oss/api-v1/open-api/jenkins/pipeline/unescaped-result/\${TASK_ID}" -H "OpenApiToken: ${TOKEN}"`
echo -e \$TASK_RESULT
# 质量状态。不通过(0),通过(1)
QUALITY_STATUS=`curl -k -L -X GET "https://10.210.5.15:8011/oss/api-v1/open-api/jenkins/pipeline/quality/status/\${TASK_ID}" -H "OpenApiToken: ${TOKEN}"`
if [ \$QUALITY_STATUS -ne 1 ]; then
echo "质量状态(不通过:0,通过:1):\$QUALITY_STATUS"
echo '检测不通过'
exit 2
fi
echo '检测通过'
elif [ \$TASK_STATUS -eq 3 ]; then
echo "检测出错"
exit 3
else
echo "未知的任务状态:\$TASK_STATUS"
exit 4
fi
"""
}
}
}
}
参数说明:
TOKEN: 集成部署-复制token
/kingdom/devops/workspace:服务器物理路径