To integrate the Dependency check with Jenkins, first, we will create a parameterized freestyle project in Jenkins specifically for the Dependency Check.
Steps to create a parameterized freestyle project
Step 2: Enter the name of the item, then select Freestyle project, and at last click ok
Step 3: In the Freestyle project configuration window, type the description (Optional) and enable This project is parameterized checkbox
Step 4: After enabling the parameterized checkbox, we will get the option to Add parameter, click on Add parameter button and select the string parameter
Step 5: In the String parameter form, create string parameters for Scan Path, Report Path, and Project Name.
Step 6: In the Build Step section, click on Add Build Step button and select Execute Shell
Step 7: In the Execute Shell command textbox, enter the following command to perform the following tasks
- Download the Dependency check zip file from the Dependency check GitHub repository
- Unzip the Dependency check archive
- Change directory to dependency-check/bin/ folder
- Run the Scan using dependency-check.sh script
wget https://github.com/jeremylong/DependencyCheck/releases/download/v7.3.0/dependency-check-7.3.0-release.zip
unzip dependency-check-7.3.0-release.zip
cd dependency-check/bin/
./dependency-check.sh --project ${Project_Name} --scan ${Scan_Path} -o ${Report_Path} -f HTML --enableExperimental
Step 8: Click on Save Button to save the project.
Now we will see how to integrate the Dependency Check Freestyle project in the CI Pipeline.
Step 1: Go to the pipeline project and open the configuration.
Step 2: In the configuration page, go to the pipeline script section and define the variable and the values that we are going to pass in the Dependency check build job
Step 3: After defining the variables, create one stage for Dependency check SCA that will trigger the Dependency check freestyle project with parameters and values, also publish the HTML report in Jenkins Dashboard using the HTML Publisher plugin
stage('Dependency Check (SCA)'){
build job: 'Dependency Check (SCA)', parameters: [string(name: 'Scan_Path', value: "${DC_Scan_Path}"), string(name: 'Report_Path', value: "${DC_Report_Path}"), string(name: 'Project_Name', value: "${DC_Project_Name}")]
publishHTML([allowMissing: false, alwaysLinkToLastBuild: false, keepAll: false, reportDir: '.', reportFiles: 'dependency_check.html', reportName: 'Dependency Check Report', reportTitles: '', useWrapperFileDirectly: true])
}
Step 4: Now Save the project and trigger the build, once the build is complete, we can open the dependency check report from Pipeline Dashboard
Step 4: Now Save the project and trigger the build, once the build is complete, we can open the dependency check report from Pipeline Dashboard
Alternative method
We can also use the OWASP Dependency-Check Jenkins plugin to integrate Dependency Check with Jenkins.
Tags:
SCA