2 node('nordix-nsm-build-ubuntu1804') {
3 build_number = env.BUILD_NUMBER
4 workspace = env.WORKSPACE
5 ws("${workspace}/${build_number}") {
6 def git_project = params.GIT_PROJECT
7 def current_branch = params.CURRENT_BRANCH
8 def default_branch = params.DEFAULT_BRANCH
9 def image_registry = params.IMAGE_REGISTRY
10 def version = params.IMAGE_VERSION
11 def email_recipients = EMAIL_RECIPIENTS
13 def cveBadge = addEmbeddableBadgeConfiguration(id: 'meridio-cve', subject: 'CVE', color: 'peru', status: '?')
16 stage('Clone/Checkout') {
17 git branch: default_branch, url: git_project
20 branches: [[name: current_branch]],
23 refspec: '+refs/pull/*/head:refs/remotes/origin/pr/*',
32 make grype VERSION=${version} REGISTRY=${image_registry}
44 make trivy VERSION=${version} REGISTRY=${image_registry}
50 ./hack/parse_security_scan.sh
54 archiveArtifacts artifacts: '_output/*', followSymlinks: false
56 def number_of_cves = sh(script: 'cat _output/list.txt | grep -v "^$" | awk \'{print $1}\' | sort | uniq | wc -l', returnStdout: true).trim()
57 def list_of_cves = sh(script: 'cat _output/list.txt | grep -v "^$" | awk \'{print $1}\' | sort | uniq | sed \':a;N;$!ba;s/\\n/ ; /g\'', returnStdout: true).trim()
58 def number_of_high_severity_cves = sh(script: 'cat _output/list.txt | grep -v "^$" | grep -i "high" | awk \'{print $1}\' | sort | uniq | wc -l', returnStdout: true).trim()
59 def list_of_high_severity_cves = sh(script: 'cat _output/list.txt | grep -v "^$" | grep -i "high" | awk \'{print $1}\' | sort | uniq | sed \':a;N;$!ba;s/\\n/ ; /g\'', returnStdout: true).trim()
60 def git_describe = sh(script: 'git describe --dirty --tags', returnStdout: true).trim()
61 def git_rev = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
62 def report = sh(script: 'cat _output/report.txt', returnStdout: true).trim()
64 def subject = "Meridio - Security Scan - ${number_of_high_severity_cves} high severity CVEs detected"
66 Run: ${RUN_DISPLAY_URL}
67 git describe --dirty --tags: ${git_describe}
68 git rev-parse HEAD: ${git_rev}
69 Image registry: ${image_registry}
70 Image Version: ${version}
72 Number of CVEs: ${number_of_cves}
73 List of CVEs: ${list_of_cves}
75 Number of CVEs with high severity: ${number_of_high_severity_cves}
76 List of CVEs with high severity: ${list_of_high_severity_cves}
81 emailext body: "${body}", subject: "${subject}", to: "${email_recipients}"
83 cveBadge.setStatus("${number_of_high_severity_cves}")