The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Synopsys Security Scan

step([$class: 'SecurityScanFreestyle']): Synopsys Security Scan

  • bitbucket_token : String (optional)
  • blackduck_automation_prcomment : boolean (optional)
    Add automatic pull request comment based on Black Duck scan result. Supported values: true or false
  • blackduck_download_url : String (optional)
    Specify Black Duck download URL
  • blackduck_install_directory : String (optional)
  • blackduck_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackduck_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackduck_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackduck_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackduck_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackduck_scan_full : boolean (optional)
    Specifies whether full scan is required or not. Supported values: true or false
  • blackduck_token : String (optional)
  • blackduck_url : String (optional)
  • coverity_automation_prcomment : boolean (optional)
    Coverity security testing as pull request comment. Supported values: true or false
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Coverity Local Analysis. Supported values: true or false
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • network_airgap : boolean (optional)
    Network airgap. Supported values: true or false
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name created in the Polaris server
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_project_name : String (optional)
    Project name created in the Polaris server
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_server_url : String (optional)
  • polaris_triage : String (optional)
    Polaris Triage. Supported values: REQUIRED or NOT_REQUIRED or NOT_ENTITLED
  • product : String (optional)
    Please select the synopsys security product. Supported products are Black Duck, Coverity and Polaris
  • return_status : boolean (optional)
  • synopsys_bridge_download_url : String (optional)
  • synopsys_bridge_download_version : String (optional)
  • synopsys_bridge_install_directory : String (optional)

synopsys_scan: Synopsys Security Scan

  • bitbucket_token : String (optional)
  • blackduck_automation_prcomment : boolean (optional)
    Add automatic pull request comment based on Black Duck scan result. Supported values: true or false
  • blackduck_download_url : String (optional)
    Specify Black Duck download URL
  • blackduck_install_directory : String (optional)
  • blackduck_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackduck_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackduck_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackduck_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackduck_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackduck_scan_full : boolean (optional)
    Specifies whether full scan is required or not. Supported values: true or false
  • blackduck_token : String (optional)
  • blackduck_url : String (optional)
  • coverity_automation_prcomment : boolean (optional)
    Coverity security testing as pull request comment. Supported values: true or false
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Coverity Local Analysis. Supported values: true or false
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • network_airgap : boolean (optional)
    Network airgap. Supported values: true or false
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name created in the Polaris server
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_project_name : String (optional)
    Project name created in the Polaris server
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_server_url : String (optional)
  • polaris_triage : String (optional)
    Polaris Triage. Supported values: REQUIRED or NOT_REQUIRED or NOT_ENTITLED
  • product : String (optional)
    Please select the synopsys security product. Supported products are Black Duck, Coverity and Polaris
  • return_status : boolean (optional)
    If true (checked), returns the status code of the Synopsys Security Scan instead of failing the workflow. Supported values: true or false
  • synopsys_bridge_download_url : String (optional)
  • synopsys_bridge_download_version : String (optional)
  • synopsys_bridge_install_directory : String (optional)

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.