pipeline { agent { kubernetes { yamlFile 'jenkins/kubernetesPod.yaml' } } environment { BRANCH_BASE_NAME = "${env.GIT_BRANCH}".tokenize('/').last() MODULE = "microfrontend" APPLICATION = "SwiftKanban" PROJECTVERSION = "#GIT-REPO-NAME#_static_scan_${env.BUILD_NUMBER}" SANDBOXNAME = "#GIT-REPO-NAME#" } stages { stage('Dependencies Install') { steps { script { FAILED_STAGE = env.STAGE_NAME } container('node-js') { withCredentials([ usernamePassword( credentialsId: 'global_gitlabcloud_login', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD' ), string(credentialsId: 'nexus-npm-repo-token', variable: 'NEXUS_TOKEN') ]) { sh 'sed -i "s//${NEXUS_TOKEN}/g" .npmrc' sh 'npm cache clean --force' sh 'npm install' sh 'npm install -g bestzip' sh 'npm install --save-dev jest-junit' // zipping js files for veracode scan sh 'bestzip sourcecode.zip src/js/' } } } } stage('Veracode SAST Scan') { steps { script { FAILED_STAGE = env.STAGE_NAME } // Veracode SAST scan using Veracode Jenkins Plugin // https://help.veracode.com/r/SR6Zbh48KDeo2rH~Guvpiw/_g4SYeBLZyLguunqgdUP2w container('node-js') { withCredentials([ usernamePassword ( credentialsId: 'global_veracode_login', usernameVariable: 'VERACODE_API_ID', passwordVariable: 'VERACODE_API_KEY' ) ]) { veracode applicationName: "${APPLICATION}", createProfile: false, canFailJob: true, createSandbox: true, criticality: 'VeryHigh', fileNamePattern: '', replacementPattern: '', sandboxName: "${SANDBOXNAME}", scanExcludesPattern: '', scanIncludesPattern: '', scanName: "${PROJECTVERSION}", teams: '', timeout: 60, uploadExcludesPattern: '', uploadIncludesPattern: 'sourcecode.zip', vid: "${VERACODE_API_ID}", vkey: "${VERACODE_API_KEY}", waitForScan: true } } } } stage('Push Veracode Data to ELK') { steps { script { FAILED_STAGE = env.STAGE_NAME } script { container('awscli') { // Inserts Veracode data into Elasticsearch using AWS lambda function withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', accessKeyVariable: 'AWS_ACCESS_KEY_ID', credentialsId: 'global_aws_digite_lamba_invoke', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) { sh 'aws --version' withCredentials([ usernamePassword ( credentialsId: 'global_veracode_login', usernameVariable: 'VERACODE_API_ID', passwordVariable: 'VERACODE_API_KEY')]) { sh """ aws lambda invoke \ --function-name landingpage_veracode_parser \ --payload '{"BuildNo": \"$BUILD_NUMBER\", "Product": \"$MODULE\", "Application": \"$APPLICATION\", "ProjectVersion": \"$PROJECTVERSION\", "SandboxName": \"$SANDBOXNAME\", "KeyId": \"$VERACODE_API_ID\", "KeySecret": \"$VERACODE_API_KEY\"}' \ --invocation-type RequestResponse \ --cli-binary-format raw-in-base64-out \ log.txt """ } } } } } } } post { failure { googlechatnotification url: "${Swiftalk_Chat_URL}", message: "Veracode SAST scan job ${env.JOB_NAME} for build ${env.BUILD_NUMBER} is failed - ${env.BUILD_URL}console at stage `${FAILED_STAGE}`" } fixed { googlechatnotification url: "${Swiftalk_Chat_URL}", message: "Veracode SAST scan job ${env.JOB_NAME} in build ${env.BUILD_NUMBER} is fixed - ${env.BUILD_URL}console" } } }