From c2759880195626301686ea917772e0de70ad6c51 Mon Sep 17 00:00:00 2001 From: Yuxin Deng Date: Sun, 23 Nov 2025 02:12:47 -0500 Subject: [PATCH] add owasp --- .checkstyle-suppressions.xml | 10 ++++++++++ Jenkinsfile | 36 +++++++++++++++++++++++++++--------- docker-compose.yml | 14 +++++++++++--- pom.xml | 14 +++++++++++++- 4 files changed, 61 insertions(+), 13 deletions(-) create mode 100644 .checkstyle-suppressions.xml diff --git a/.checkstyle-suppressions.xml b/.checkstyle-suppressions.xml new file mode 100644 index 000000000..522207467 --- /dev/null +++ b/.checkstyle-suppressions.xml @@ -0,0 +1,10 @@ + + + + + + + + diff --git a/Jenkinsfile b/Jenkinsfile index d2c1ec4a8..f324fc0c2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -73,7 +73,7 @@ pipeline { stage('Quality Gate') { steps { echo 'Waiting for SonarQube quality gate result...' - sleep(15) // Wait 15 seconds + sleep(15) timeout(time: 10, unit: 'MINUTES') { script { def qg = waitForQualityGate abortPipeline: true @@ -83,7 +83,6 @@ pipeline { } } - stage('Code Quality') { steps { echo 'Running Checkstyle analysis...' @@ -109,11 +108,35 @@ pipeline { stage('Archive') { steps { echo 'Archiving artifacts...' - archiveArtifacts artifacts: '**/target/*.jar', + archiveArtifacts artifacts: '**/target/*.jar', fingerprint: true, allowEmptyArchive: false } } + + stage('OWASP ZAP Scan') { + steps { + echo 'Running OWASP ZAP Baseline Scan...' + sh """ + docker run --rm -v \$(pwd):/zap/wrk owasp/zap2docker-stable zap-baseline.py \ + -t http://localhost:8080 \ + -r zap_report.html \ + -I + """ + } + } + + stage('Publish ZAP Report') { + steps { + echo 'Publishing OWASP ZAP HTML report...' + publishHTML target: [ + allowMissing: false, + reportDir: '.', + reportFiles: 'zap_report.html', + reportName: 'OWASP ZAP Security Report' + ] + } + } } post { @@ -124,12 +147,7 @@ pipeline { echo 'Build failed!' } always { - cleanWs( - cleanWhenNotBuilt: false, - deleteDirs: true, - disableDeferredWipeout: true, - notFailBuild: true - ) + echo 'Cleanup after build...' } } } diff --git a/docker-compose.yml b/docker-compose.yml index a31c9b7b3..48129fe8f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ services: user: root container_name: jenkins ports: - - "8080:8080" + - "8082:8080" - "50000:50000" environment: - JENKINS_OPTS=--prefix=/jenkins @@ -71,17 +71,25 @@ services: "-host", "0.0.0.0", "-port", - "8081", + "8083", "-config", "api.disablekey=true", ] ports: - - "8081:8081" + - "8083:8081" volumes: - ./zap/wrk:/zap/wrk networks: - devops-net + petclinic: + image: petclinic:latest + container_name: petclinic + ports: + - "8081:8080" + networks: + - devops-net + volumes: jenkins_home: sonarqube_data: diff --git a/pom.xml b/pom.xml index 7eddae997..15022a4ae 100644 --- a/pom.xml +++ b/pom.xml @@ -223,7 +223,19 @@ src/checkstyle/nohttp-checkstyle.xml ${basedir} **/* - **/.git/**/*,**/.idea/**/*,**/target/**/,**/.flattened-pom.xml,**/*.class + + **/.git/**/*, + **/.idea/**/*, + **/target/**/, + **/.flattened-pom.xml, + **/*.class, + **/.venv/**/*, + **/venv/**/*, + **/env/**/*, + **/.pythonlibs/**/*, + **/.pytest_cache/**/*, + **/.mypy_cache/**/* + config_loc=${basedir}/src/checkstyle/