The wonderful OWASP Dependency-Check Jenkins plugin has recently published an update introducing breaking changes for my pipelines.
So I have written a quick guide on how to upgrade your pipelines to fix those:
Original article here: https://medium.com/@Gr3g0ire/dependencies-check-with-jenkins-4e73c451cb34
After upgrading the plugin, create a new Dependency-Check installation in the Global tools configuration of your Jenkins instance:
new installation of Dependency-Check
We have a Jenkins job running every day which sole purpose is to update the NVD database.
As it was not a pipeline job we had to reconfigure it from the UI.
This job runs every day at 4 AM
Next we had to change all our pipeline script for checking and publishing results of dependencies checks:
- Checking
Changed from
dependencyCheckAnalyzer datadir: β/home/jenkins/security/owasp-nvd/β, hintsFile: ββ, includeCsvReports: false, includeHtmlReports: true, includeJsonReports: true, includeVulnReports: true, isAutoupdateDisabled: true, outdir: βbuild/owaspβ, scanpath: ββ, skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: ββ, zipExtensions: ββ
to
sh(βmkdir -p build/owaspβ)
dependencycheck additionalArguments: β β project [project_name]β scan /home/jenkins/security/owasp-nvd/ β out build/owasp/dependency-check-report.xml β format XML β noupdateβ, odcInstallation: βDependency Checkerβ
- publishing results
Changed from
dependencyCheckPublisher canComputeNew: false, defaultEncoding: '', healthy: '', pattern: 'build/owasp/dependency-check-report.xml', unHealthy: ''
to
dependencyCheckPublisher pattern: 'build/owasp/dependency-check-report.xml'
Top comments (0)