diff options
| author | Dawid Malinowski <dawidmalina@gmail.com> | 2015-05-02 19:22:46 +0200 |
|---|---|---|
| committer | Darragh Bailey <daragh.bailey@gmail.com> | 2016-04-23 16:21:17 +0100 |
| commit | b4ba8e21cdc8ca1d2cd71f22ef019d92f8db0799 (patch) | |
| tree | 7e03e5791f9894b1019dfccb5f30d39fb3d5b9b5 | |
| parent | 12614f13abfa01b2cb72095083673660f5087364 (diff) | |
| download | python-jenkins-job-builder-b4ba8e21cdc8ca1d2cd71f22ef019d92f8db0799.tar.gz python-jenkins-job-builder-b4ba8e21cdc8ca1d2cd71f22ef019d92f8db0799.tar.xz python-jenkins-job-builder-b4ba8e21cdc8ca1d2cd71f22ef019d92f8db0799.zip | |
Add support for OWASP Dependency-Check Plugin
Supports publisher for Dependency-Check utility that identifies project
dependencies and checks if there are any known, publicly disclosed,
vulnerabilities.
https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin
Change-Id: I3dc1ab923c392aac00189c3f852a1138c1f0ab36
20 files changed, 133 insertions, 13 deletions
diff --git a/jenkins_jobs/modules/helpers.py b/jenkins_jobs/modules/helpers.py index aa3aeac2..f585dbb3 100644 --- a/jenkins_jobs/modules/helpers.py +++ b/jenkins_jobs/modules/helpers.py @@ -60,6 +60,8 @@ def build_trends_publisher(plugin_name, xml_element, data): ('default-encoding', 'defaultEncoding', ''), ('can-run-on-failed', 'canRunOnFailed', False), ('use-stable-build-as-reference', 'useStableBuildAsReference', False), + ('use-previous-build-as-reference', + 'usePreviousBuildAsReference', False), ('use-delta-values', 'useDeltaValues', False), ('thresholds', 'thresholds', {}), ('should-detect-modules', 'shouldDetectModules', False), @@ -132,9 +134,8 @@ def config_file_provider_settings(xml_parent, data): # For cfp versions <2.10.0 we are able to detect cfp via the config # settings name. - if settings_file.startswith( - 'org.jenkinsci.plugins.configfiles.maven.' - 'MavenSettingsConfig'): + text = 'org.jenkinsci.plugins.configfiles.maven.MavenSettingsConfig' + if settings_file.startswith(text): settings_type = 'cfp' if settings_type == 'file': @@ -161,9 +162,9 @@ def config_file_provider_settings(xml_parent, data): # For cfp versions <2.10.0 we are able to detect cfp via the config # settings name. - if global_settings_file.startswith( - 'org.jenkinsci.plugins.configfiles.maven.' - 'GlobalMavenSettingsConfig'): + text = ('org.jenkinsci.plugins.configfiles.maven.' + 'GlobalMavenSettingsConfig') + if global_settings_file.startswith(text): global_settings_type = 'cfp' if global_settings_type == 'file': @@ -242,10 +243,6 @@ def findbugs_settings(xml_parent, data): XML.SubElement(xml_parent, 'includePattern').text = include_files exclude_files = data.get('exclude-files', '') XML.SubElement(xml_parent, 'excludePattern').text = exclude_files - use_previous_build = str(data.get('use-previous-build-as-reference', - False)).lower() - XML.SubElement(xml_parent, - 'usePreviousBuildAsReference').text = use_previous_build def get_value_from_yaml_or_config_file(key, section, data, parser): diff --git a/jenkins_jobs/modules/publishers.py b/jenkins_jobs/modules/publishers.py index 1ecb461b..f79db8e7 100644 --- a/jenkins_jobs/modules/publishers.py +++ b/jenkins_jobs/modules/publishers.py @@ -1489,6 +1489,8 @@ def checkstyle(parser, xml_parent, data): :arg bool do-not-resolve-relative-paths: (default false) :arg bool dont-compute-new: If set to false, computes new warnings based on the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) :arg bool use-stable-build-as-reference: The number of new warnings will be calculated based on the last stable build, allowing reverts of unstable builds where the number of warnings was decreased. (default false) @@ -3919,6 +3921,76 @@ def stash(parser, xml_parent, data): data.get('include-build-number', False)).lower() +def dependency_check(parser, xml_parent, data): + """yaml: dependency-check + Dependency-Check is an open source utility that identifies project + dependencies and checks if there are any known, publicly disclosed, + vulnerabilities. + + Requires the Jenkins :jenkins-wiki:`OWASP Dependency-Check Plugin + <OWASP+Dependency-Check+Plugin>`. + + :arg str pattern: Report filename pattern (optional) + :arg bool can-run-on-failed: Also runs for failed builds, instead of just + stable or unstable builds (default false) + :arg bool should-detect-modules: Determines if Ant or Maven modules should + be detected for all files that contain warnings (default false) + :arg int healthy: Sunny threshold (optional) + :arg int unhealthy: Stormy threshold (optional) + :arg str health-threshold: Threshold priority for health status + ('low', 'normal' or 'high', defaulted to 'low') + :arg dict thresholds: Mark build as failed or unstable if the number of + errors exceeds a threshold. (optional) + + :thresholds: + * **unstable** (`dict`) + :unstable: * **total-all** (`int`) + * **total-high** (`int`) + * **total-normal** (`int`) + * **total-low** (`int`) + * **new-all** (`int`) + * **new-high** (`int`) + * **new-normal** (`int`) + * **new-low** (`int`) + + * **failed** (`dict`) + :failed: * **total-all** (`int`) + * **total-high** (`int`) + * **total-normal** (`int`) + * **total-low** (`int`) + * **new-all** (`int`) + * **new-high** (`int`) + * **new-normal** (`int`) + * **new-low** (`int`) + :arg str default-encoding: Encoding for parsing or showing files (optional) + :arg bool do-not-resolve-relative-paths: (default false) + :arg bool dont-compute-new: If set to false, computes new warnings based on + the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) + :arg bool use-stable-build-as-reference: The number of new warnings will be + calculated based on the last stable build, allowing reverts of unstable + builds where the number of warnings was decreased. (default false) + :arg bool use-delta-values: If set then the number of new warnings is + calculated by subtracting the total number of warnings of the current + build from the reference build. + (default false) + + Example: + + .. literalinclude:: + /../../tests/publishers/fixtures/dependency-check001.yaml + :language: yaml + """ + + dependency_check = XML.SubElement( + xml_parent, + 'org.jenkinsci.plugins.DependencyCheck.DependencyCheckPublisher') + + # trends + build_trends_publisher('[DEPENDENCYCHECK] ', dependency_check, data) + + def description_setter(parser, xml_parent, data): """yaml: description-setter This plugin sets the description for each build, @@ -4375,6 +4447,8 @@ def pmd(parser, xml_parent, data): :arg bool do-not-resolve-relative-paths: (default false) :arg bool dont-compute-new: If set to false, computes new warnings based on the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) :arg bool use-stable-build-as-reference: The number of new warnings will be calculated based on the last stable build, allowing reverts of unstable builds where the number of warnings was decreased. (default false) @@ -4483,6 +4557,8 @@ def dry(parser, xml_parent, data): :arg bool do-not-resolve-relative-paths: (default false) :arg bool dont-compute-new: If set to false, computes new warnings based on the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) :arg bool use-stable-build-as-reference: The number of new warnings will be calculated based on the last stable build, allowing reverts of unstable builds where the number of warnings was decreased. (default false) diff --git a/tests/publishers/fixtures/checkstyle001.xml b/tests/publishers/fixtures/checkstyle001.xml index 06b52cf1..4c9a5f31 100644 --- a/tests/publishers/fixtures/checkstyle001.xml +++ b/tests/publishers/fixtures/checkstyle001.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/publishers/fixtures/checkstyle002.xml b/tests/publishers/fixtures/checkstyle002.xml index 190a0a11..7e944ece 100644 --- a/tests/publishers/fixtures/checkstyle002.xml +++ b/tests/publishers/fixtures/checkstyle002.xml @@ -9,6 +9,7 @@ <defaultEncoding>utf-8</defaultEncoding> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/checkstyle003.xml b/tests/publishers/fixtures/checkstyle003.xml index df211bb8..d3248b3c 100644 --- a/tests/publishers/fixtures/checkstyle003.xml +++ b/tests/publishers/fixtures/checkstyle003.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/publishers/fixtures/checkstyle004.xml b/tests/publishers/fixtures/checkstyle004.xml index 06b52cf1..4c9a5f31 100644 --- a/tests/publishers/fixtures/checkstyle004.xml +++ b/tests/publishers/fixtures/checkstyle004.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/publishers/fixtures/checkstyle005.xml b/tests/publishers/fixtures/checkstyle005.xml index 190a0a11..7e944ece 100644 --- a/tests/publishers/fixtures/checkstyle005.xml +++ b/tests/publishers/fixtures/checkstyle005.xml @@ -9,6 +9,7 @@ <defaultEncoding>utf-8</defaultEncoding> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/checkstyle006.xml b/tests/publishers/fixtures/checkstyle006.xml index 4cbd9639..5ead1f99 100644 --- a/tests/publishers/fixtures/checkstyle006.xml +++ b/tests/publishers/fixtures/checkstyle006.xml @@ -9,6 +9,7 @@ <defaultEncoding>utf-8</defaultEncoding> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>true</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>true</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/dependency-check001.xml b/tests/publishers/fixtures/dependency-check001.xml new file mode 100644 index 00000000..49d2fb1a --- /dev/null +++ b/tests/publishers/fixtures/dependency-check001.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<project> + <publishers> + <org.jenkinsci.plugins.DependencyCheck.DependencyCheckPublisher> + <healthy/> + <unHealthy/> + <thresholdLimit>low</thresholdLimit> + <pluginName>[DEPENDENCYCHECK] </pluginName> + <defaultEncoding/> + <canRunOnFailed>false</canRunOnFailed> + <useStableBuildAsReference>true</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> + <useDeltaValues>false</useDeltaValues> + <thresholds> + <unstableTotalAll/> + <unstableTotalHigh/> + <unstableTotalNormal/> + <unstableTotalLow/> + <failedTotalAll/> + <failedTotalHigh/> + <failedTotalNormal/> + <failedTotalLow/> + </thresholds> + <shouldDetectModules>false</shouldDetectModules> + <dontComputeNew>true</dontComputeNew> + <doNotResolveRelativePaths>false</doNotResolveRelativePaths> + <pattern>**/dependency-check-report.xml</pattern> + </org.jenkinsci.plugins.DependencyCheck.DependencyCheckPublisher> + </publishers> +</project> diff --git a/tests/publishers/fixtures/dependency-check001.yaml b/tests/publishers/fixtures/dependency-check001.yaml new file mode 100644 index 00000000..9276392a --- /dev/null +++ b/tests/publishers/fixtures/dependency-check001.yaml @@ -0,0 +1,4 @@ +publishers: + - dependency-check: + pattern: '**/dependency-check-report.xml' + use-stable-build-as-reference: true diff --git a/tests/publishers/fixtures/dry001.xml b/tests/publishers/fixtures/dry001.xml index 0a5c60b7..85f10bd2 100644 --- a/tests/publishers/fixtures/dry001.xml +++ b/tests/publishers/fixtures/dry001.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/publishers/fixtures/dry002.xml b/tests/publishers/fixtures/dry002.xml index 66aa1232..45cbb65d 100644 --- a/tests/publishers/fixtures/dry002.xml +++ b/tests/publishers/fixtures/dry002.xml @@ -9,6 +9,7 @@ <defaultEncoding>utf-8</defaultEncoding> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/dry003.xml b/tests/publishers/fixtures/dry003.xml index ee09bfcb..b03b864e 100644 --- a/tests/publishers/fixtures/dry003.xml +++ b/tests/publishers/fixtures/dry003.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/publishers/fixtures/dry004.xml b/tests/publishers/fixtures/dry004.xml index c15d7047..3ab575cf 100644 --- a/tests/publishers/fixtures/dry004.xml +++ b/tests/publishers/fixtures/dry004.xml @@ -9,6 +9,7 @@ <defaultEncoding>utf-8</defaultEncoding> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>true</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>true</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/findbugs01.xml b/tests/publishers/fixtures/findbugs01.xml index d2f7bc68..ff2c3255 100644 --- a/tests/publishers/fixtures/findbugs01.xml +++ b/tests/publishers/fixtures/findbugs01.xml @@ -5,7 +5,6 @@ <isRankActivated>true</isRankActivated> <includePattern>f,d,e,.*</includePattern> <excludePattern>a,c,d,.*</excludePattern> - <usePreviousBuildAsReference>true</usePreviousBuildAsReference> <healthy>80</healthy> <unHealthy>10</unHealthy> <thresholdLimit>high</thresholdLimit> @@ -13,6 +12,7 @@ <defaultEncoding/> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>true</useStableBuildAsReference> + <usePreviousBuildAsReference>true</usePreviousBuildAsReference> <useDeltaValues>true</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/pmd001.xml b/tests/publishers/fixtures/pmd001.xml index 8d046aa6..f7d2a3b7 100644 --- a/tests/publishers/fixtures/pmd001.xml +++ b/tests/publishers/fixtures/pmd001.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/publishers/fixtures/pmd002.xml b/tests/publishers/fixtures/pmd002.xml index 044911a5..a2ca3167 100644 --- a/tests/publishers/fixtures/pmd002.xml +++ b/tests/publishers/fixtures/pmd002.xml @@ -9,6 +9,7 @@ <defaultEncoding>utf-8</defaultEncoding> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> diff --git a/tests/publishers/fixtures/pmd003.xml b/tests/publishers/fixtures/pmd003.xml index 9f0320dc..79e74531 100644 --- a/tests/publishers/fixtures/pmd003.xml +++ b/tests/publishers/fixtures/pmd003.xml @@ -9,6 +9,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/reporters/fixtures/findbugs-minimal.xml b/tests/reporters/fixtures/findbugs-minimal.xml index 21fa9e03..d00778fa 100644 --- a/tests/reporters/fixtures/findbugs-minimal.xml +++ b/tests/reporters/fixtures/findbugs-minimal.xml @@ -5,7 +5,6 @@ <isRankActivated>false</isRankActivated> <includePattern/> <excludePattern/> - <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <healthy/> <unHealthy/> <thresholdLimit>low</thresholdLimit> @@ -13,6 +12,7 @@ <defaultEncoding/> <canRunOnFailed>false</canRunOnFailed> <useStableBuildAsReference>false</useStableBuildAsReference> + <usePreviousBuildAsReference>false</usePreviousBuildAsReference> <useDeltaValues>false</useDeltaValues> <thresholds> <unstableTotalAll/> diff --git a/tests/reporters/fixtures/findbugs01.xml b/tests/reporters/fixtures/findbugs01.xml index 2d895973..da8f457b 100644 --- a/tests/reporters/fixtures/findbugs01.xml +++ b/tests/reporters/fixtures/findbugs01.xml @@ -5,7 +5,6 @@ <isRankActivated>true</isRankActivated> <includePattern>f,d,e,.*</includePattern> <excludePattern>a,c,d,.*</excludePattern> - <usePreviousBuildAsReference>true</usePreviousBuildAsReference> <healthy>80</healthy> <unHealthy>10</unHealthy> <thresholdLimit>high</thresholdLimit> @@ -13,6 +12,7 @@ <defaultEncoding/> <canRunOnFailed>true</canRunOnFailed> <useStableBuildAsReference>true</useStableBuildAsReference> + <usePreviousBuildAsReference>true</usePreviousBuildAsReference> <useDeltaValues>true</useDeltaValues> <thresholds> <unstableTotalAll>90</unstableTotalAll> |