fecdad918c
Co-Authored-By: Gunnar Morling <gunnar.morling@googlemail.com>
54 lines
1.9 KiB
YAML
54 lines
1.9 KiB
YAML
# Job definition to execute vulnerability scan
|
|
---
|
|
- job:
|
|
project-type: freestyle
|
|
name: debezium-source-clear
|
|
display-name: Vulnerability scan
|
|
description: Executes SourceClear vulnerability scan of Debezium sources and binaries
|
|
node: Slave
|
|
properties:
|
|
- build-discarder:
|
|
days-to-keep: 7
|
|
- github:
|
|
url: https://github.com/debezium/docker-images
|
|
parameters:
|
|
- string:
|
|
name: BUILD_VERSION
|
|
description: "Maven artifact id of the product binaries"
|
|
- string:
|
|
name: PRODUCT_VERSION
|
|
description: "Product version"
|
|
- string:
|
|
name: SOURCE_TAG
|
|
description: "Tagged version of source code to scan"
|
|
- bool:
|
|
name: BINARY
|
|
description: "Scan binary artifacts"
|
|
default: "false"
|
|
- string:
|
|
name: PLUGINS
|
|
description: "The plugins whose binaries should be scanned"
|
|
default: mysql postgres mongodb sqlserver
|
|
wrappers:
|
|
- timeout:
|
|
timeout: 90
|
|
- credentials-binding:
|
|
- text:
|
|
credential-id: debezium-srcclr-token
|
|
variable: SRCCLR_TOKEN
|
|
- text:
|
|
credential-id: debezium-prod-repo
|
|
variable: SOURCE_MAVEN_REPO
|
|
builders:
|
|
- shell: |
|
|
if [ "$BINARY" = "false" ]; then
|
|
docker run -e SRCCLR_TOKEN="$SRCCLR_TOKEN" quay.io/debezium/vulnerability-scan scm https://github.com/debezium/debezium.git "$PRODUCT_VERSION" "$SOURCE_TAG"
|
|
else
|
|
for CONNECTOR in $PLUGINS; do
|
|
docker run -e SRCCLR_TOKEN="$SRCCLR_TOKEN" quay.io/debezium/vulnerability-scan binary "$SOURCE_MAVEN_REPO/debezium-connector-$CONNECTOR/$BUILD_VERSION/debezium-connector-$CONNECTOR-${BUILD_VERSION}-plugin.zip" "$PRODUCT_VERSION" "$SOURCE_TAG"
|
|
done
|
|
fi
|
|
publishers:
|
|
- email:
|
|
recipients: jpechane@redhat.com
|