forked from Countable-us/attr_encrypted
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathJenkinsfile
More file actions
34 lines (33 loc) · 2.21 KB
/
Jenkinsfile
File metadata and controls
34 lines (33 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
pipeline {
// Removal or Modification of the following Jenkins file for the integration of WizCLI is a violation of company policy and can result in disciplinary action. If you have any questions or issues, please reach out to Cloud Security Engineering Cloud Security Engineering(https://onemain.atlassian.net/wiki/spaces/CE/pages/19352388162/Cloud+Security+Engineering). We appreciate your support in ensuring we operate safely and securely.
agent any
stages {
stage('Download_WizCLI') {
steps {
// Download_WizCLI
sh 'echo "Downloading wizcli..."'
sh 'curl -o wizcli https://wizcli.app.wiz.io/wizcli'
sh 'chmod +x wizcli'
}
}
stage('Auth_With_Wiz') {
steps {
// Auth with Wiz
sh 'echo "Authenticating to the Wiz API..."'
withCredentials([usernamePassword(credentialsId: 'wizcli', usernameVariable: 'ID', passwordVariable: 'SECRET')]) {
sh './wizcli auth --id $ID --secret $SECRET'}
}
}
stage('Wiz IAC scan') {
steps {
script {
// Wiz IAC scan
// Removal or Modification of the following Jenkins file for the integration of WizCLI is a violation of company policy and can result in disciplinary action. If you have any questions or issues, please reach out to Cloud Security Engineering Cloud Security Engineering(https://onemain.atlassian.net/wiki/spaces/CE/pages/19352388162/Cloud+Security+Engineering). We appreciate your support in ensuring we operate safely and securely.
env.GIT_REPO_NAME = env.GIT_URL.replaceFirst(/^.*\/([^\/]+?).git$/, '$1')
sh "./wizcli iac scan --path . --tag repo=springleaf-$GIT_REPO_NAME --tag branch=$GIT_BRANCH --tag commit=$GIT_COMMIT -p custom-policy-secrets --policy-hits-only "
sh "./wizcli iac scan --path . --tag repo=springleaf-$GIT_REPO_NAME --tag branch=$GIT_BRANCH --tag commit=$GIT_COMMIT -p custom-policy-high-critical-severity-misconfigurations --policy-hits-only "
}
}
}
}
}