Jenkins + GitLab Repository
def MOBBURL
pipeline {
agent { label 'agent1' }
environment {
MOBB_API_KEY = credentials('MOBB_API_KEY')
CX_API_TOKEN = credentials('CX_API_TOKEN')
}
tools {
nodejs 'NodeJS'
}
stages {
stage('Checkout') {
steps {
git branch: "${gitlabSourceBranch}", url: "${gitlabSourceRepoHomepage}"
}
}
stage('Initialize') {
steps {
// Updates GitLab MR Commit Status with the pipeline in "pending" state
updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'pending'
}
}
stage('SAST') {
steps {
// This step downloads the Checkmarx One CLI and executes a SAST Scan on the code
sh """
wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
tar -xf checkmarx.tar.gz
./cx configure set --prop-name cx_apikey --prop-value $CX_API_TOKEN
./cx scan create --project-name my-test-project -s ./ --report-format json --scan-types sast --branch nobranch --threshold "sast-high=1"
"""
}
}
}
post {
// If SAST scan complete with no issues found, pipeline is successful
success {
echo 'Pipeline succeeded!'
updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'success'
}
// If SAST scan complete WITH issues found, pipeline enters fail state, triggering Mobb autofix analysis
failure {
echo 'Pipeline failed!'
script {
MOBBURL = sh(returnStdout: true,
script:'npx mobbdev@latest analyze -f cx_result.json -r ${gitlabSourceRepoHomepage%"/"} --ref $gitlabBranch --api-key $MOBB_API_KEY --ci')
.trim()
}
echo "Mobb Fix Link: ${MOBBURL}"
//Sends th Mobb Link to the GitLab Merge Request via a comment.
addGitLabMRComment(comment: "[Click here for the Mobb Autofix link](${MOBBURL})")
updateGitlabCommitStatus name: 'Jenkins/Checkmarx/Mobb', state: 'failed'
}
}
}Last updated