It was mention how to do dependency check in Gradle In previous article. This session will introduce how to do it in Jenkins pipeline.
Steps
- Download dependency check binary.
In terminal, input command below to download and extract to target location;wget https://github.com/jeremylong/DependencyCheck/releases/download/v6.0.3/dependency-check-6.0.3-release.zip tar -zxvf dependency-check-6.0.3-release.zip /opt/dependency-check
- Install Jenkins plugin;
In Jenkins, open Manage Jenkins > Manage Plugins > select OWASP Dependency-check plugin, then click Install without restart. After install, restart Jenkins.
- Configure plugin.
In Jenkins, open Manage Jenkins > Global tools configuration > select dependency-check, and input value as below and click Save.
- Alter pipeline;
Open target pipeline / jenkinsfile, add stage as below:stage('Dependency Check Report') { steps { dependencyCheck additionalArguments: ''' -o "./" -s "./" -f "ALL" --prettyPrint''', odcInstallation: 'dependency-check-6.0.3' dependencyCheckPublisher pattern: 'dependency-check-report.xml' } }
- Test
Execute pipeline and check dependency report can found in build result or not.
Reference
- OWASP Dependency-Check, OWASP,
https://owasp.org/www-project-dependency-check/ - OWASP Dependency-Check, Jenkins.io,
https://plugins.jenkins.io/dependency-check-jenkins-plugin/#documentation - OWASP Dependency-Check pipeline, Jenkins.io,
https://www.jenkins.io/doc/pipeline/steps/dependency-check-jenkins-plugin/
Leave a Reply