rabobank · martinvisser · Feb 5, 2026 · Feb 5, 2026 · Feb 5, 2026
@@ -1,18 +1,112 @@
-trigger:
+pr:
   branches:
     include:
       - '*'
     exclude:
       - main
+      - release/*
+
+variables:
+  - group: secure-vars
 
 pool:
   name: 'Shared-EU-VM-Linux-Legacy-M-Prod'
 
-steps:
-- script: echo Hello, world!
-  displayName: 'Run a one-line script'
+stages:
+  - stage: Build
+    jobs:
+      - job: BuildJob
+        steps:
+            - task: DownloadSecureFile@1
+              name: mvnsettings
+              inputs:
+                secureFile: mvn-settings.xml
+
+            - script: |
+                echo "Commenting out the Maven Central Release plugin"
+                awk 'BEGIN{p=0}/<plugin>/{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/<groupId>org\.sonatype\.central<\/groupId>/&&buf~/<artifactId>central-publishing-maven-plugin<\/artifactId>/){print "<!--\n"buf"\n-->"}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml
+              displayName: 'Comment Out Maven Central Release Plugin'
+
+            - script: |
+                echo "adding distribution management to POM"
+                awk '/<\/project>/ { print "  <distributionManagement>\n    <repository>\n      <id>Release</id>\n      <url>$(NEXUS_DIST_MANAGEMENT_RELEASES)</url>\n    </repository>\n    <snapshotRepository>\n      <id>Snapshot</id>\n      <url>$(NEXUS_DIST_MANAGEMENT_SNAPSHOTS)</url>\n    </snapshotRepository>\n  </distributionManagement>"; } 1' pom.xml > pom.tmp && mv pom.tmp pom.xml
+              displayName: 'Add Distribution Management'
+
+            - script: |
+                echo "ECHO POM"
+                cat pom.xml
+              displayName: 'Show updated POM'
+
+            - task: Maven@4
+              displayName: Maven Build
+              inputs:
+                mavenOptions: '-Xmx3072m'
+                mavenPomFile: 'pom.xml'
+                goals: 'clean verify'
+                jdkVersionOption: '1.17'
+
+            - task: RabobankCQSTask@1
+              inputs:
+                sqServiceConnection: 'Rabobank CQS Service Connection - TEST'
+                scannerMode: 'maven'
+                jdkVersion: '1.17'
+                sqGateName: 'Name of your Quality Gate'
+                debugMode: 'DEBUG'
+                qualityGateBreak: false
+                qualityGateTimeout: '600'
+                mavenPomFile: 'pom.xml'
+                extraProperties: |
+                  sonar.verbose=true
+                  sonar.exclusions=**/maven/**  
+
+            - task: Maven@4
+              inputs:
+                mavenPomFile: 'pom.xml'
+                goals: 'clean deploy'
+                options: '-B -gs $(mvnsettings.secureFilePath) -DrepositoryId=Snapshot'
+                publishJUnitResults: true
+                testResultsFiles: '**/surefire-reports/TEST-*.xml'
+                javaHomeOption: 'JDKVersion'
+                jdkVersionOption: '1.17'
+                mavenOptions: '-Xmx3072m -Daether.dependencyCollector.impl=bf -Daether.dependencyCollector.bf.threads=10 -Daether.dependencyCollector.pool.artifact=hard -Daether.dependencyCollector.pool.dependency=hard '
+                mavenAuthenticateFeed: false
+                effectivePomSkip: false
+                sonarQubeRunAnalysis: false
+
+      - job: Checkmarx
+        displayName: Rabobank Checkmarx Scan
+        pool: Shared-EU-Container-Linux-Compliancy-S-Prod
+        steps:
+          - task: Rabobank Checkmarx@2
+            inputs:
+              CheckmarxService: 'Checkmarx-MSC'
+
+      - job:
+        displayName: Rabobank Secret Scanner
+        pool: Shared-EU-Container-Linux-Compliancy-S-Prod
+        steps:
+          - task: secret-scanning-task@0
+
+      - job: NexusIQ
+        displayName: Nexus IQ Scan
+        steps:
+          - task: JavaToolInstaller@0
+            displayName: "Use Java 17"
+            inputs:
+              versionSpec: 17
+              jdkArchitectureOption: x64
+              jdkSourceOption: PreInstalled
+
+          - task: Maven@4
+            displayName: 'MavenNexusIQ'
+            inputs:
+              goals: 'com.sonatype.clm:clm-maven-plugin:index'
+              jdkVersion: '17'
 
-- script: |
-    echo Add other tasks to build, test, and deploy your project.
-    echo See https://aka.ms/yaml
-  displayName: 'Run a multi-line script'
+          - task: NexusIqPipelineTask@1
+            displayName: 'SonatypeEvaluate'
+            inputs:
+              nexusIqService: 'Rabobank SCA NexusIQ' # Name of default service connection
+              applicationId: 'CF-Metrics-Exporter' # REPLACE with applicationId Name of the application in NexusIQ, by default same name as pipeline
+              stage: 'Build'
+              scanTargets: "**/module.xml"