Merge pull request #48 from Daimler/develop

Merge develop into master

Author: de-jcup

continous-integration-multibranch-pipeline.jenkins

@@ -14,16 +14,18 @@ pipeline {
 
     environment {
         SECHUB_TRUSTALL= "true" // necessary for integration tests
+        SECHUB_SCAN_ENABLED = getStringCredentialsOrUndefined('sechub-scan-enabled')
+
     }
 
     stages {
 
          stage('Initialize') {
              steps {
                script{
+
                     sechubGitBranch = sh(returnStdout: true, script: "git branch | grep \\* | cut -d ' ' -f2").trim()
                     echo "Branch is $sechubGitBranch"
-
                     if( sechubGitBranch == "master" ) {
                        echo "Cancel build , because master is build on by release-pipeline.jenkins!"
                        currentBuild.result = 'SUCCESS'
@@ -32,7 +34,6 @@ pipeline {
 
                 }
 
-
             }
         }
 
@@ -59,7 +60,7 @@ pipeline {
         }
         stage('Build CLI') {
             steps {
-              script{failed
+              script{
                   callGradleWrapper(':sechub-cli:buildGo :sechub-cli:testGo')
                }
             }
@@ -77,6 +78,29 @@ pipeline {
             }
         }
 
+       stage('Security scan') {
+            when{
+                not {
+                    environment name: 'SECHUB_SCAN_ENABLED', value: '<undefined>'
+                }
+            }
+
+
+            environment {
+               SECHUB_USERID = credentials('sechub-userid')
+               SECHUB_APITOKEN = credentials('sechub-api-token')
+               SECHUB_SERVER= credentials('sechub-server')
+
+            }
+            steps {
+
+              script{
+                 executeSecHubScan()
+               }
+            }
+
+        }
+
         stage('Build Documentation') {
             steps {
               script{
@@ -106,7 +130,6 @@ pipeline {
         }
         always {
             archive '**/integrationtest-server.log'
-
             junit '**/build/test-results/*/TEST-*.xml'
 
         }
@@ -135,6 +158,36 @@ void callGradleWrapper(String gradleCommand) {
      }
 }
 
+void executeSecHubScan() {
+
+     apiToken = env.SECHUB_APITOKEN
+     userid= env.SECHUB_USERID
+     server= env.SECHUB_SERVER
+
+     if (isUnix()) {
+         sh "sechub -project sechub -apitoken ${apiToken} -user ${userid} -server ${server} scan"
+     } else {
+         bat "sechub -project sechub -apitoken ${apiToken} -user ${userid} -server ${server} scan"
+     }
+}
+
+Object getStringCredentialsOrUndefined(String id){
+    if (stringCredentialsExist(id)){
+       return credentials(id)
+    }
+    return '<undefined>'
+}
+
+boolean stringCredentialsExist(String id) {
+  try {
+    withCredentials([string(credentialsId: id, variable: 'irrelevant')]) {
+      true
+    }
+  } catch (_) {
+    false
+  }
+}
+
 /**
  * This class is necessary because jenkins - at least in version 2.150.2 - does not correct handle
  * GIT tags and branches. Multi pipeline builds do not even checkout the tags. Normal pipeline builds do checkout the tags,