This repository has been archived by the owner on Apr 26, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathJenkinsfile_nightly
115 lines (102 loc) · 4.26 KB
/
Jenkinsfile_nightly
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!groovy
properties([
parameters([
choice(
defaultValue: 'aat',
choices: 'aat\ndemo\nsandbox\nsaat\nsprod',
description: 'Environment to test',
name: 'ENVIRONMENT'
)]),
pipelineTriggers([
[$class: 'GitHubPushTrigger', displayName: 'CCD Security tests'],
[$class: 'hudson.triggers.TimerTrigger', spec: 'H H(3-4) * * *']
])
])
def envSpace = [
emGW: "https://ccd-api-gateway-web-${env.ENVIRONMENT}.service.core-compute-${env.ENVIRONMENT}.internal"
]
node() {
try{
stage("Install ZAP Server") {
sh "wget --no-verbose https://github.com/zaproxy/zaproxy/releases/download/2.7.0/ZAP_2.7.0_Crossplatform.zip"
sh "rm -rf ZAP_2.7.0"
sh "unzip -q ZAP_2.7.0_Crossplatform.zip"
}
stage("Install ZAP CLI") {
sh "sudo pip install --upgrade zapcli"
}
stage("Start ZAP") {
sh "ZAP_2.7.0/zap.sh -daemon -host 127.0.0.1 -port 8090 " +
"-config view.mode=attack " +
"-config api.disablekey=true " +
"-config database.recoverylog=false " +
"-config connection.timeoutInSecs=120 &"
sh 'zap-cli --zap-url http://127.0.0.1 -p 8090 status -t 120'
sh "zap-cli --zap-url http://127.0.0.1 -p 8090 open-url ${envSpace.emGW}"
}
} catch (Exception err) {
slackSend(
channel: "#ccd-nightly-builds",
color: 'danger',
message: "${env.JOB_NAME}: <${env.RUN_DISPLAY_URL}| Security scan ${env.BUILD_DISPLAY_NAME}> failed (Setup)"
)
}
try {
stage("Zap Security Scan (active-scan)") {
try {
sh "zap-cli --zap-url http://127.0.0.1 -p 8090 active-scan --scanners all --recursive ${envSpace.emGW}"
sh 'zap-cli --zap-url http://127.0.0.1 -p 8090 report -o activescan.html -f html'
} finally {
publishHTML target: [
alwaysLinkToLastBuild: true,
reportDir : ".",
reportFiles : "activescan.html",
reportName : "ZAP Active scan test report"
]
}
}
stage("Zap Security Scan (spider)") {
try {
sh "zap-cli --zap-url http://127.0.0.1 -p 8090 spider ${envSpace.emGW}"
sh 'zap-cli --zap-url http://127.0.0.1 -p 8090 report -o spider.html -f html'
} finally {
publishHTML target: [
alwaysLinkToLastBuild: true,
reportDir : ".",
reportFiles : "spider.html",
reportName : "ZAP spider scan test report"
]
}
}
stage("Zap Security Scan (ajax-spider)") {
try {
sh "zap-cli --zap-url http://127.0.0.1 -p 8090 ajax-spider ${envSpace.emGW}"
sh 'zap-cli --zap-url http://127.0.0.1 -p 8090 report -o ajax-spider.html -f html'
} finally {
publishHTML target: [
alwaysLinkToLastBuild: true,
reportDir : ".",
reportFiles : "ajax-spider.html",
reportName : "ZAP ajax spider scan test report"
]
}
}
} catch (Exception err) {
slackSend(
channel: "#ccd-nightly-builds",
color: 'danger',
message: "${env.JOB_NAME}: <${env.RUN_DISPLAY_URL}| Security scan ${env.BUILD_DISPLAY_NAME}> failed (Scans)"
)
}
stage("Zap Security Scan (Alert)") {
try{
sh 'zap-cli --zap-url http://127.0.0.1 -p 8090 alerts -l Low'
}catch (Exception err){
slackSend(
channel: "#ccd-nightly-builds",
color: 'danger',
message: "${env.JOB_NAME}: <${env.RUN_DISPLAY_URL}| Security scan ${env.BUILD_DISPLAY_NAME}> is vulnerable"
)
}
}
}