diff --git a/.checkstyle-suppressions.xml b/.checkstyle-suppressions.xml
new file mode 100644
index 000000000..522207467
--- /dev/null
+++ b/.checkstyle-suppressions.xml
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
diff --git a/Jenkinsfile b/Jenkinsfile
index d2c1ec4a8..f324fc0c2 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -73,7 +73,7 @@ pipeline {
stage('Quality Gate') {
steps {
echo 'Waiting for SonarQube quality gate result...'
- sleep(15) // Wait 15 seconds
+ sleep(15)
timeout(time: 10, unit: 'MINUTES') {
script {
def qg = waitForQualityGate abortPipeline: true
@@ -83,7 +83,6 @@ pipeline {
}
}
-
stage('Code Quality') {
steps {
echo 'Running Checkstyle analysis...'
@@ -109,11 +108,35 @@ pipeline {
stage('Archive') {
steps {
echo 'Archiving artifacts...'
- archiveArtifacts artifacts: '**/target/*.jar',
+ archiveArtifacts artifacts: '**/target/*.jar',
fingerprint: true,
allowEmptyArchive: false
}
}
+
+ stage('OWASP ZAP Scan') {
+ steps {
+ echo 'Running OWASP ZAP Baseline Scan...'
+ sh """
+ docker run --rm -v \$(pwd):/zap/wrk owasp/zap2docker-stable zap-baseline.py \
+ -t http://localhost:8080 \
+ -r zap_report.html \
+ -I
+ """
+ }
+ }
+
+ stage('Publish ZAP Report') {
+ steps {
+ echo 'Publishing OWASP ZAP HTML report...'
+ publishHTML target: [
+ allowMissing: false,
+ reportDir: '.',
+ reportFiles: 'zap_report.html',
+ reportName: 'OWASP ZAP Security Report'
+ ]
+ }
+ }
}
post {
@@ -124,12 +147,7 @@ pipeline {
echo 'Build failed!'
}
always {
- cleanWs(
- cleanWhenNotBuilt: false,
- deleteDirs: true,
- disableDeferredWipeout: true,
- notFailBuild: true
- )
+ echo 'Cleanup after build...'
}
}
}
diff --git a/docker-compose.yml b/docker-compose.yml
index a31c9b7b3..48129fe8f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,7 +4,7 @@ services:
user: root
container_name: jenkins
ports:
- - "8080:8080"
+ - "8082:8080"
- "50000:50000"
environment:
- JENKINS_OPTS=--prefix=/jenkins
@@ -71,17 +71,25 @@ services:
"-host",
"0.0.0.0",
"-port",
- "8081",
+ "8083",
"-config",
"api.disablekey=true",
]
ports:
- - "8081:8081"
+ - "8083:8081"
volumes:
- ./zap/wrk:/zap/wrk
networks:
- devops-net
+ petclinic:
+ image: petclinic:latest
+ container_name: petclinic
+ ports:
+ - "8081:8080"
+ networks:
+ - devops-net
+
volumes:
jenkins_home:
sonarqube_data:
diff --git a/pom.xml b/pom.xml
index 7eddae997..15022a4ae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -223,7 +223,19 @@
src/checkstyle/nohttp-checkstyle.xml
${basedir}
**/*
- **/.git/**/*,**/.idea/**/*,**/target/**/,**/.flattened-pom.xml,**/*.class
+
+ **/.git/**/*,
+ **/.idea/**/*,
+ **/target/**/,
+ **/.flattened-pom.xml,
+ **/*.class,
+ **/.venv/**/*,
+ **/venv/**/*,
+ **/env/**/*,
+ **/.pythonlibs/**/*,
+ **/.pytest_cache/**/*,
+ **/.mypy_cache/**/*
+
config_loc=${basedir}/src/checkstyle/