DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

GrΓ©goire Willmann for Kinoba

Posted on • Originally published at Medium

Dependencies Check with Jenkins

The wonderful OWASP Dependency-Check Jenkins plugin has recently published an update introducing breaking changes for my pipelines.
So I have written a quick guide on how to upgrade your pipelines to fix those:

Original article here: https://medium.com/@Gr3g0ire/dependencies-check-with-jenkins-4e73c451cb34

After upgrading the plugin, create a new Dependency-Check installation in the Global tools configuration of your Jenkins instance:
new installation of Dependency-Check

We have a Jenkins job running every day which sole purpose is to update the NVD database.
As it was not a pipeline job we had to reconfigure it from the UI.

This job runs every day at 4 AM

Next we had to change all our pipeline script for checking and publishing results of dependencies checks:

  • Checking

Changed from

dependencyCheckAnalyzer datadir: β€˜/home/jenkins/security/owasp-nvd/’, hintsFile: β€˜β€™, includeCsvReports: false, includeHtmlReports: true, includeJsonReports: true, includeVulnReports: true, isAutoupdateDisabled: true, outdir: β€˜build/owasp’, scanpath: β€˜β€™, skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: β€˜β€™, zipExtensions: β€˜β€™

to

sh(β€˜mkdir -p build/owasp’)
dependencycheck additionalArguments: β€˜ β€” project [project_name]β€” scan /home/jenkins/security/owasp-nvd/ β€” out build/owasp/dependency-check-report.xml β€” format XML β€” noupdate’, odcInstallation: β€˜Dependency Checker’
  • publishing results

Changed from

dependencyCheckPublisher canComputeNew: false, defaultEncoding: '', healthy: '', pattern: 'build/owasp/dependency-check-report.xml', unHealthy: ''

to

dependencyCheckPublisher pattern: 'build/owasp/dependency-check-report.xml'

Top comments (0)

12 Rarely Used Javascript APIs You Need

Practical examples of some unique Javascript APIs that beautifully demonstrate a practical use-case.