Setting up a Jenkins job to fail depending on the amount of priority issues

Setting up a Jenkins job to fail depending on the amount of priority issues

 

One of our tech support representatives, Richard Pinaroc, offers a Jenkins pipeline example on how to fail a job if the number of priority issues surpasses a certain threshold. This has also been published as a KB article https://softwaresupport.softwaregrp.com/doc/KM03660119.

his example is using Jenkins v2.229 and Fortify Jenkins plugin v20.1.32 on a Windows environment.
 
If a Jenkins job is using a pipeline script, create a stage condition to call fprutility to check if there is an X amount of critical|high issues and return an error code 1 (FAILED) or 0 (PASSED).
 
Here are examples using the fprutility to display any critical or high issues which includes any issues suppressed or removed.
eg
fprutility -information -includeSuppressed -includeRemoved -search -query "[fortify priority order]:critical" -project path\filename.fpr
fprutility -information -includeSuppressed -includeRemoved -search -query "[fortify priority order]:high" -project path\filename.fpr
 
The following pipeline calls a Windows batch fle passing the generated FPR as input to the fprutility.
 
eg
pipeline {
 
  agent any
  
    stages {
        stage('Fortify clean') {
            steps{
                echo 'Cleaning'
                fortifyClean buildID: '${JOB_NAME}_${BUILD_NUMBER}'
            }
        }
        stage('Fortify Translate') {
            steps{
                echo 'Translating'
                fortifyTranslate buildID: '${JOB_NAME}_${BUILD_NUMBER}',
                projectScanType: fortifyJava(javaSrcFiles: 'C:\\Fortify_SCA_and_Apps_20.1.0\\Samples\\basic\\eightball\\EightBall.java', javaVersion: '1.8')
            }        
        }
        stage('Fortify Scan') {         
            steps{
                echo 'Scanning'
                fortifyScan buildID: '${JOB_NAME}_${BUILD_NUMBER}', resultsFile: '${FPR}'
            }
        }
        stage('Check Criticals') {
            steps{
                bat 'C:\\test.bat "C:\\Jenkins\\workspace\\Jenkins_Pipeline_Example\\scan.fpr"'
            }
        }
        stage('Upload to SSC'){
            steps{
                fortifyUpload appName: 'EightBall', appVersion: '1.0', failureCriteria: '', filterSet: '', pollingInterval: '', resultsFile: '${FPR}'
            }
        }
    }
}
 
The example Windows batch script, eg test.bat, to return an exit code 1 (FAILED) if number of criticals found in FPR is greater than equal to 1.
 

@echo off
set NumIssues=
 
call fprutility -information -includeSuppressed -includeRemoved -search -query "[fortify priority order]:high" -project "%1" -f "C:\Jenkins\workspace\output.txt"
 
for /f "tokens=1" %%i in (C:\Jenkins\workspace\output.txt) do set NumIssues=%%i
 
if %NumIssues% GEQ 1 (
 exit 1 
) else ( 
 exit 0
)
 
:end
 
 
Example of the pipeline console output which shows the stage and will not upload the FPR if the fprutilty check fails.
 
[Pipeline] stage
[Pipeline] { (Check Criticals)
[Pipeline] bat

C:\Jenkins\workspace\Jenkins_Pipeline_Example>
C:\Jenkins\workspace\test.bat "C:\Jenkins\workspace\Jenkins_Pipeline_Example\scan.fpr" 
[2020-06-29T14:00:05 INFO] Log4j2 was configured successfully
[2020-06-29T14:00:05 INFO] Performing search on project: C:\Jenkins\workspace\Jenkins_Pipeline_Example\scan.fpr
[2020-06-29T14:00:05 INFO] Properties file does not exist in user directory third-party-parsers.properties
[2020-06-29T14:00:06 INFO] Embedded external metadata file loaded
[2020-06-29T14:00:06 INFO] Properties file does not exist in user directory fortify.properties
[2020-06-29T14:00:06 INFO] Properties file does not exist in user directory fortify.properties
[2020-06-29T14:00:08 INFO] Default issue template loaded
[2020-06-29T14:00:08 INFO] Properties file does not exist in user directory custom.groupings.properties
[2020-06-29T14:00:09 INFO] Properties file does not exist in user directory issue-correlation.properties
[2020-06-29T14:00:09 WARN] WARNING: LocalExecutorService is using 8 of 8 possible threads for processing.
[2020-06-29T14:00:10 INFO] SCAIntegrationUtil not initialized
[2020-06-29T14:00:10 INFO] SCAIntegrationUtil not initialized
[2020-06-29T14:00:11 INFO] Total Issue Count: 7
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Upload to SSC)
Stage "Upload to SSC" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
Labels (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2020-06-29 22:07
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.