Skip to content

Integration with Jenkins

You can add the following stage to your Jenkinsfile (declarative syntax) for a very basic integrations.

stages {
    stage('Scan') {
        agent {
            docker { image 'shiftleft/sast-scan' }
        }
        steps {
            sh 'scan'
        }
    }
}

For Java and JVM based projects, compile the project before invoking the scan.

stages {
    stage('Scan') {
        agent {
            docker { image 'shiftleft/sast-scan' }
        }
        steps {
            sh 'scan --build'
        }
    }
}

We also recommend archiving artifacts generated by the scan for easy viewing using the archiveArtifacts step.

Contributed Example

The example below was contributed by Peter Foster. This uses Pipeline Triggers to monitor and scan a Bitbucket repository with email notifications.

properties([

  pipelineTriggers([

    [

      $class: 'BitBucketPPRTrigger',

      triggers : [

        [

          $class: 'BitBucketPPRPullRequestTriggerFilter',

          actionFilter: [

            $class: 'BitBucketPPRPullRequestCreatedActionFilter',

          ]

        ],

        [

          $class: 'BitBucketPPRPullRequestTriggerFilter',

          actionFilter: [

            $class: 'BitBucketPPRPullRequestMergedActionFilter',

          ]

        ],

        [

          $class: 'BitBucketPPRRepositoryTriggerFilter',

          actionFilter: [

            $class: 'BitBucketPPRRepositoryPushActionFilter',

            triggerAlsoIfNothingChanged: true,

            triggerAlsoIfTagPush: false,

            allowedBranches: ""

          ]

        ]

      ]

    ]

  ])

])


pipeline {
    agent {
        docker { image 'shiftleft/sast-scan' }
    }     

    stages {     
            stage('Scan') {
                steps {
                  sh 'scan --build'
                }
            }
    } 


    post {

        cleanup { script:  cleanWs() }

        always  {
                  bitbucketStatusNotify(buildState: 'SUCCESSFUL')
                  archiveArtifacts 'reports/*'
                }

        failure {

                  bitbucketStatusNotify(buildState: 'FAILED')

        script: emailext (

                subject: "FAILED: Job '${env.JOB_NAME} [${env.BUILD_NUMBER}]'",

                body: """<p>FAILED: Job '${env.JOB_NAME} [${env.BUILD_NUMBER}]':</p>

                <p>Check console output (account needed) at &QUOT;<a href='${env.BUILD_URL}'>${env.JOB_NAME} [${env.BUILD_NUMBER}]</a>&QUOT;</p>""",

                recipientProviders: [[$class: 'CulpritsRecipientProvider'],

                [$class: 'DevelopersRecipientProvider'],

                [$class: 'RequesterRecipientProvider'],

                [$class: 'FailingTestSuspectsRecipientProvider'],

                [$class: 'FirstFailingBuildSuspectsRecipientProvider'],

                [$class: 'UpstreamComitterRecipientProvider']]

                )
        }
    }
}
Last update: January 25, 2023