hi, I just gave it a try on * jenkins 1.651.2 * Jenkins OWASP Dependency-Checker 1.4.5 <https://plugins.jenkins.io/dependency-check-jenkins-plugin> * HTML Publisher Plugin 1.11 <https://plugins.jenkins.io/htmlpublisher>
so, first of all: The example given is valid, and workin. The Jenkins OWASP Plugin lacks support of a pipeline DSL extension, so you are forced to work with this generic step notation. see also https://github.com/jenkinsci/pipeline-plugin/blob/master/COMPATIBILITY.md to see what you might set in the construction yard: you have to look at the code https://github.com/jenkinsci/dependency-check-plugin/blob/master/src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckPublisher.java since there is an empty constructor but a DataBoundSetter, the only perhaps working (optional) parameter is: pattern step([ $class: 'DependencyCheckPublisher' pattern: 'fix/path/custom-report-name.xml' ]) *UPDATE* you should have a look at http://jenkins.somewhatlocal.example.com/pipeline-syntax/ seems to, the plugin works with this code generator and even more settings are available!! Example: step([ $class: 'DependencyCheckPublisher', canComputeNew: false, defaultEncoding: '', healthy: '100', unHealthy: '0', pattern: 'fix/path/custom-report-name.xml', shouldDetectModules: true]) BTT assuming you have had run the dependencyCheck in your project build step before (for me, using the gradle plugin: while step([$class: 'DependencyCheckPublisher']) results in an empy report on misconfiguration telling me in console [DependencyCheck] Searching for all files in /var/lib/jenkins/workspace/myBuild that match the pattern **/dependency-check-report.xml [DependencyCheck] No files found. Configuration error? so, at least working fine ;) you might save the (default) HTML report by the HTML Publisher like: publishHTML(target: [ reportDir : 'build/reports', reportFiles : 'dependency-check-report.html', reportName : 'OWASP Dependency Check', allowMissing: true, alwaysLinkToLastBuild: true, keepAll: true]) to make step([$class: 'DependencyCheckPublisher']) work, you need an XML output, for the gradle plugin you have to set dependencyCheck { failOnError = false format = org.owasp.dependencycheck.reporting.ReportGenerator.Format.ALL } check for the relevant format options on your build site, ecpecially the format configuration. Hope this helps for now ;) ~Marcel Am Dienstag, 31. Januar 2017 04:04:38 UTC+1 schrieb Ramanathan Muthaiah: > > Hi , > > After reading thru' OWASP dependency check plugin wiki and JIRA issues, I > could not find examples of simple usage of this plugin in Jenkins Pipeline > with the exception of this code snippet (sourced from one of the PR > conversations in this plugin's GH page): > > step([$class: 'DependencyCheckPublisher']) > > I would like to collect data from OWASP dependency check by scanning > mostly Python-ish codebase. > > Has anyone tried this combination i.e Jenkins Pipeline + OWASP dependency > check ? > > NOTE: > There is not much documentation available here too, > https://github.com/jenkinsci/dependency-check-plugin > > Appreciate any pointers on this topic. > > /Ram > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/cffadb90-1330-482f-8d1d-a6135bd1765f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
