First time using Jenkins? Please refer to the following documentation.
This integration addresses a single pipeline creation that serves multiple repositories. It is essential that the SCM system and Jenkins are accessible to each other so the builds can occur automatically through the repository's webhooks, as well as Jenkins can request the code for the SCM through a clone.
"Generic Webhook Trigger" and "Docker" plugins installed at Jenkins;
A Personal Access Token from an automation user or an common user to SCM (Github, Gitlab, Bitbucket, etc.) and Jenkins, to provide Jenkins access to code repositories;
Docker is installed at the host and docker group access privileges to the Jenkins user;
Groovy Sandbox available at pipeline script;
A Personal Token stored at Jenkins as user-password Credential. The yuser must be the token owner and the password as the token itself;
A generic token to act as the Conviso pipeline identifier. It may be a Credential type or not. It wil be used at webhook's URL as a pipeline identifier
At Jenkins' main menu, create a new job;
Label the Job as you wish and select the "Pipeline" type;
At the "Build Triggers" section, create a Generic Webhook Trigger;
Create a "Post Content Parameter" labeled as "Webhook", with the expression "$" and "JSONPATH" type;
At Token, Use the Token value obtained at step 6 of the preceding section Requirements;
Cause will be the message shown when the job is started. For example, "Conviso Job Pipeline started for repo:
$webhook_before. End Commit:
(Optional) When checking the Print Post Content option, Jenkins will exhibit the webhook received content;
(Optional) When checking the Print Contributed Variables option, Jenkins will exhibit the resolved variables available to use at the pipeline.
The repository must have an AST (Application Security Testing) or CCR (Continuous Code Review) analysis. The Project mapping must be inserted at the pipeline's initialization session. As an example, as the Analysis Key from a particular Project is
deadbeef1234 and the repository is
https://github.com/convisoappsec/raptor, then the file´s initial session will be as shown below:
Thus, when receiving a webhook configured at the repository, the pipeline will be able to work at this repository. The
get_project_code function may work with multiple repositories, as long as you respect the syntax of a Groovy function:
The webhook creation at the repository varies from platform to platform. However, by default it is called in push events, filtering to a specific branch (develop, staging) with the URL set as follows:
where TOKEN is the token created at step 6 of the Requirements section above.