Adding Gitgaurdian scan support #1122
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
val-ms
requested changes
Dec 21, 2023
| [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], | ||
| [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"], | ||
| [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] | ||
| ] |
There was a problem hiding this comment.
Some of the indentation here is pretty deep - I think 8 spaces instead of 4. I recommend reducing to 4 throughout, for consistency and legitibility.
Comment on lines
+59
to
+68
| stage('GitGaurdian Scan') { | ||
| environment { | ||
| GITGUARDIAN_API_KEY = credentials('gitgaudian-ravi-token') | ||
| } | ||
| agent { label "docker" } | ||
| steps { | ||
| withDockerContainer(args: "-i --entrypoint=''", image: 'gitguardian/ggshield:latest') { | ||
| sh 'ggshield secret scan ci' | ||
| } | ||
| } |
There was a problem hiding this comment.
I wonder how long this takes. We may wish to run this in a parallel block.
Comment on lines
+83
to
+88
| sh """# Move the clamav-documentation here. | ||
| cp -r ../../clamav_documentation/* . | ||
| # Clean-up | ||
| rm -rf ../../clamav_documentation | ||
| rm -rf .git .nojekyll CNAME Placeholder || true | ||
| """ |
There was a problem hiding this comment.
This commit loses some indentation here and in other script blocks that makes it easier to see the script content separate from the jenkins command. I would prefer to keep that.
E.g.
sh """# Move the clamav-documentation here.
cp -r ../../clamav_documentation/* .
# Clean-up
rm -rf ../../clamav_documentation
rm -rf .git .nojekyll CNAME Placeholder || true
"""
or maybe
sh """
# Move the clamav-documentation here.
cp -r ../../clamav_documentation/* .
# Clean-up
rm -rf ../../clamav_documentation
rm -rf .git .nojekyll CNAME Placeholder || true
"""
| archiveArtifacts(artifacts: "clamav-${params.VERSION}*.tar.gz", onlyIfSuccessful: true) | ||
| stage('GitGaurdian Scan') { | ||
| environment { | ||
| GITGUARDIAN_API_KEY = credentials('gitgaudian-ravi-token') |
There was a problem hiding this comment.
Suggested change
| GITGUARDIAN_API_KEY = credentials('gitgaudian-ravi-token') | |
| GITGUARDIAN_API_KEY = credentials('gitgaudian-ravi-token') |
We may need a generic account/team account for this token so it doesn't have to be a personal one.
Also, minor typo "gitgaudian" should be "gitgaurdian".
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding GitGaurdian Scan support to scan the CI pipeline for every commit.
Changing Jenkins pipeline to declarative from scripted pipeline.