Setting up a Jenkins job to fail depending on the amount of priority issues

  • Document ID:KM03660119
  • Creation Date:29-Jun-2020
  • Modified Date:13-Jul-2020
    • Micro Focus Products:
      fortify software security center server
      fortify software security center

Summary

Jenkins pipeline example on how to fail a job if the number of priority issues surpasses a certain threshold.

Question

We require assistance in having a custom fail condition for the Jenkins job for Fortify SSC upon encountering a certrain threshold of priority issues. Is there a possibility to do this? If so, please provide assistance.

 

Answer

This example is using Jenkins v2.229 and Fortify Jenkins plugin v20.1.32 on a Windows environment.
 
If a Jenkins job is using a pipeline script, create a stage condition to call fprutility to check if there is an X amount of critical|high issues and return an error code 1 (FAILED) or 0 (PASSED).
 
Here are examples using the fprutility to display any critical or high issues which includes any issues suppressed or removed.
eg
fprutility -information -includeSuppressed -includeRemoved -search -query "[fortify priority order]:critical" -project path\filename.fpr
fprutility -information -includeSuppressed -includeRemoved -search -query "[fortify priority order]:high" -project path\filename.fpr
 
The following pipeline calls a Windows batch fle passing the generated FPR as input to the fprutility.
 
eg
pipeline {
 
  agent any
  
    stages {
        stage('Fortify clean') {
            steps{
                echo 'Cleaning'
                fortifyClean buildID: '${JOB_NAME}_${BUILD_NUMBER}'
            }
        }
        stage('Fortify Translate') {
            steps{
                echo 'Translating'
                fortifyTranslate buildID: '${JOB_NAME}_${BUILD_NUMBER}',
                projectScanType: fortifyJava(javaSrcFiles: 'C:\\Fortify_SCA_and_Apps_20.1.0\\Samples\\basic\\eightball\\EightBall.java', javaVersion: '1.8')
            }        
        }
        stage('Fortify Scan') {         
            steps{
                echo 'Scanning'
                fortifyScan buildID: '${JOB_NAME}_${BUILD_NUMBER}', resultsFile: '${FPR}'
            }
        }
        stage('Check Criticals') {
            steps{
                bat 'C:\\test.bat "C:\\Jenkins\\workspace\\Jenkins_Pipeline_Example\\scan.fpr"'
            }
        }
        stage('Upload to SSC'){
            steps{
                fortifyUpload appName: 'EightBall', appVersion: '1.0', failureCriteria: '', filterSet: '', pollingInterval: '', resultsFile: '${FPR}'
            }
        }
    }
}
 
The example Windows batch script, eg test.bat, to return an exit code 1 (FAILED) if number of criticals found in FPR is greater than equal to 1.
 

@echo off
set NumIssues=
 
call fprutility -information -includeSuppressed -includeRemoved -search -query "[fortify priority order]:high" -project "%1" -f "C:\Jenkins\workspace\output.txt"
 
for /f "tokens=1" %%i in (C:\Jenkins\workspace\output.txt) do set NumIssues=%%i
 
if %NumIssues% GEQ 1 (
 exit 1 
) else ( 
 exit 0
)
 
:end
 
 
Example of the pipeline console output which shows the stage and will not upload the FPR if the fprutilty check fails.
 
[Pipeline] stage
[Pipeline] { (Check Criticals)
[Pipeline] bat

C:\Jenkins\workspace\Jenkins_Pipeline_Example>
C:\Jenkins\workspace\test.bat "C:\Jenkins\workspace\Jenkins_Pipeline_Example\scan.fpr" 
[2020-06-29T14:00:05 INFO] Log4j2 was configured successfully
[2020-06-29T14:00:05 INFO] Performing search on project: C:\Jenkins\workspace\Jenkins_Pipeline_Example\scan.fpr
[2020-06-29T14:00:05 INFO] Properties file does not exist in user directory third-party-parsers.properties
[2020-06-29T14:00:06 INFO] Embedded external metadata file loaded
[2020-06-29T14:00:06 INFO] Properties file does not exist in user directory fortify.properties
[2020-06-29T14:00:06 INFO] Properties file does not exist in user directory fortify.properties
[2020-06-29T14:00:08 INFO] Default issue template loaded
[2020-06-29T14:00:08 INFO] Properties file does not exist in user directory custom.groupings.properties
[2020-06-29T14:00:09 INFO] Properties file does not exist in user directory issue-correlation.properties
[2020-06-29T14:00:09 WARN] WARNING: LocalExecutorService is using 8 of 8 possible threads for processing.
[2020-06-29T14:00:10 INFO] SCAIntegrationUtil not initialized
[2020-06-29T14:00:10 INFO] SCAIntegrationUtil not initialized
[2020-06-29T14:00:11 INFO] Total Issue Count: 7
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Upload to SSC)
Stage "Upload to SSC" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE