The latest articles on DEV Community by Kinoba (@kinoba). https://dev.to/kinoba https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F935%2Ff019f3a7-4dfd-4807-b782-9de370d5e6e8.png https://dev.to/kinoba en Grégoire Willmann Mon, 15 Jul 2019 08:11:18 +0000 https://dev.to/kinoba/dependencies-check-with-jenkins-5537 https://dev.to/kinoba/dependencies-check-with-jenkins-5537 <p>The wonderful <a href="https://wiki.jenkins.io/display/JENKINS/OWASP+Dependency-Check+Plugin" rel="noopener noreferrer">OWASP Dependency-Check Jenkins</a> plugin has recently published an update introducing breaking changes for my pipelines.<br> So I have written a quick guide on how to upgrade your pipelines to fix those:</p> <p>Original article here: <a href="https://medium.com/@Gr3g0ire/dependencies-check-with-jenkins-4e73c451cb34" rel="noopener noreferrer">https://medium.com/@Gr3g0ire/dependencies-check-with-jenkins-4e73c451cb34</a></p> <p>After upgrading the plugin, create a new Dependency-Check installation in the Global tools configuration of your Jenkins instance:<br> new installation of Dependency-Check</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fxkve5tuzl7e7y0fi1lpo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fxkve5tuzl7e7y0fi1lpo.png"></a></p> <p>We have a Jenkins job running every day which sole purpose is to update the NVD database.<br> As it was not a pipeline job we had to reconfigure it from the UI.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fzdr5gpy3wsmyvjrc8eac.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fzdr5gpy3wsmyvjrc8eac.png"></a></p> <p>This job runs every day at 4 AM</p> <p>Next we had to change all our pipeline script for checking and publishing results of dependencies checks:</p> <ul> <li>Checking</li> </ul> <p>Changed from</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dependencyCheckAnalyzer datadir: ‘/home/jenkins/security/owasp-nvd/’, hintsFile: ‘’, includeCsvReports: false, includeHtmlReports: true, includeJsonReports: true, includeVulnReports: true, isAutoupdateDisabled: true, outdir: ‘build/owasp’, scanpath: ‘’, skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: ‘’, zipExtensions: ‘’ </code></pre> </div> <p>to</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sh(‘mkdir -p build/owasp’) dependencycheck additionalArguments: ‘ — project [project_name]— scan /home/jenkins/security/owasp-nvd/ — out build/owasp/dependency-check-report.xml — format XML — noupdate’, odcInstallation: ‘Dependency Checker’ </code></pre> </div> <ul> <li>publishing results</li> </ul> <p>Changed from</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dependencyCheckPublisher canComputeNew: false, defaultEncoding: '', healthy: '', pattern: 'build/owasp/dependency-check-report.xml', unHealthy: '' </code></pre> </div> <p>to</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dependencyCheckPublisher pattern: 'build/owasp/dependency-check-report.xml' </code></pre> </div> jenkins automation updates breakingchanges