The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Synopsys Security Scan

View this plugin on the Plugins site

step([$class: 'SecurityScanFreestyle']): Synopsys Security Scan

  • bitbucket_token : String (optional)
  • bitbucket_username : String (optional)
  • blackduck_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • blackduck_config_path : String (optional)
    Black Duck config file path (.properties/.yml).
  • blackduck_download_url : String (optional)
    Specify Black Duck download URL
  • blackduck_execution_path : String (optional)
  • blackduck_install_directory : String (optional)
  • blackduck_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • blackduck_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackduck_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackduck_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackduck_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackduck_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackduck_scan_full : boolean (optional)
    Specifies whether full scan is required or not. Supported values: true or false
  • blackduck_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • blackduck_token : String (optional)
  • blackduck_url : String (optional)
  • blackduck_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • coverity_args : String (optional)
    Additional Coverity Arguments separated by space.
  • coverity_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • coverity_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • coverity_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • coverity_execution_path : String (optional)
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Coverity Local Analysis. Supported values: true or false
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • coverity_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • network_airgap : boolean (optional)
    Network airgap. Supported values: true or false
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name created in the Polaris server
  • polaris_assessment_mode : String (optional)
    The test mode type of this scan. Supported values: CI or SOURCE_UPLOAD
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_branch_parent_name : String (optional)
  • polaris_prComment_severities : String (optional)
  • polaris_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • polaris_project_name : String (optional)
    Project name created in the Polaris server
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_sast_args : String (optional)
    Additional Coverity Arguments separated by space.
  • polaris_sast_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • polaris_sast_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • polaris_sast_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • polaris_sca_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • polaris_sca_config_path : String (optional)
    Black Duck config file path(.properties/.yml).
  • polaris_sca_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • polaris_server_url : String (optional)
  • polaris_test_sca_type : String (optional)
    Polaris test type to trigger signature scan or package manager scan. Default value: SCA-PACKAGE. Supported values: SCA-PACKAGE or SCA-SIGNATURE
  • polaris_triage : String (optional)
    Polaris Triage. Supported values: REQUIRED or NOT_REQUIRED or NOT_ENTITLED
  • polaris_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • product : String (optional)
    Please select the synopsys security product. Supported products are Black Duck, Coverity and Polaris
  • project_directory : String (optional)
  • project_source_archive : String (optional)
    The zipped source file path. It overrides the project directory setting above
  • project_source_excludes : String (optional)
    A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
  • project_source_preserveSymLinks : boolean (optional)
    Flag indicating whether to preserve symlinks in the source zip
  • srm_apikey : String (optional)
  • srm_assessment_types : String (optional)
    SRM assessment types. Supported values: SCA or SAST or both SCA, SAST
  • srm_branch_name : String (optional)
    Branch name in SRM server.
  • srm_branch_parent : String (optional)
    Parent Branch name in SRM server.
  • srm_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • srm_project_id : String (optional)
    Project ID in SRM server.
  • srm_project_name : String (optional)
    Project name in SRM server.
  • srm_sast_args : String (optional)
    Additional Coverity Arguments separated by space.
  • srm_sast_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • srm_sast_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • srm_sast_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • srm_sca_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • srm_sca_config_path : String (optional)
    Black Duck config file path(.properties/.yml).
  • srm_sca_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • srm_url : String (optional)
  • srm_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • synopsys_bridge_download_url : String (optional)
  • synopsys_bridge_download_version : String (optional)
  • synopsys_bridge_install_directory : String (optional)

synopsys_scan: Synopsys Security Scan

  • bitbucket_token : String (optional)
  • bitbucket_username : String (optional)
  • blackduck_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • blackduck_automation_prcomment : boolean (optional)
    Add automatic pull request comment based on Black Duck scan result. Supported values: true or false
  • blackduck_config_path : String (optional)
    Black Duck config file path (.properties/.yml).
  • blackduck_download_url : String (optional)
    Specify Black Duck download URL
  • blackduck_execution_path : String (optional)
  • blackduck_install_directory : String (optional)
  • blackduck_prComment_enabled : boolean (optional)
  • blackduck_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • blackduck_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackduck_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackduck_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackduck_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackduck_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackduck_scan_full : boolean (optional)
    Specifies whether full scan is required or not. Supported values: true or false
  • blackduck_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • blackduck_token : String (optional)
  • blackduck_url : String (optional)
  • blackduck_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • coverity_args : String (optional)
    Additional Coverity Arguments separated by space.
  • coverity_automation_prcomment : boolean (optional)
    Coverity security testing as pull request comment. Supported values: true or false
  • coverity_build_command : String (optional)
    Build command for Coverity.
  • coverity_clean_command : String (optional)
    Clean command for Coverity.
  • coverity_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • coverity_execution_path : String (optional)
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Coverity Local Analysis. Supported values: true or false
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_prComment_enabled : boolean (optional)
  • coverity_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • coverity_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • network_airgap : boolean (optional)
    Network airgap. Supported values: true or false
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name created in the Polaris server
  • polaris_assessment_mode : String (optional)
    The test mode type of this scan. Supported values: CI or SOURCE_UPLOAD
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_branch_parent_name : String (optional)
    Parent branch name in the Polaris Server
  • polaris_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Polaris scan result. Supported values: true or false
  • polaris_prComment_severities : String (optional)
    Comma separated list of severities. Comments are created for issues where the issue severity matches one of the values specified using this option. Supported values: CRITICAL,HIGH,MEDIUM,LOW,INFORMATIONAL
  • polaris_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • polaris_project_name : String (optional)
    Project name created in the Polaris server
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_server_url : String (optional)
  • polaris_test_sca_type : String (optional)
    Polaris test type to trigger signature scan or package manager scan. Default value: SCA-PACKAGE. Supported values: SCA-PACKAGE or SCA-SIGNATURE
  • polaris_triage : String (optional)
    Polaris Triage. Supported values: REQUIRED or NOT_REQUIRED or NOT_ENTITLED
  • polaris_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • product : String (optional)
    Please select the synopsys security product. Supported products are Black Duck, Coverity and Polaris
  • project_directory : String (optional)
  • project_source_archive : String (optional)
    The zipped source file path. It overrides the project directory setting above
  • project_source_excludes : String (optional)
    A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
  • project_source_preserveSymLinks : boolean (optional)
    Flag indicating whether to preserve symlinks in the source zip
  • return_status : boolean (optional)
    If true (checked), returns the status code of the Synopsys Security Scan instead of failing the workflow. Supported values: true or false
  • srm_apikey : String (optional)
  • srm_assessment_types : String (optional)
    SRM assessment types. Supported values: SCA or SAST or both SCA, SAST
  • srm_branch_name : String (optional)
    Branch name in SRM server.
  • srm_branch_parent : String (optional)
    Parent Branch name in SRM server.
  • srm_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • srm_project_id : String (optional)
    Project ID in SRM server.
  • srm_project_name : String (optional)
    Project name in SRM server.
  • srm_url : String (optional)
  • srm_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, Fix PR, SARIF etc will not be applicable.
  • synopsys_bridge_download_url : String (optional)
  • synopsys_bridge_download_version : String (optional)
  • synopsys_bridge_install_directory : String (optional)

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.