The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Black Duck Security Scan

View this plugin on the Plugins site

security_scan: Black Duck Security Scan

  • bitbucket_token : String (optional)
  • bitbucket_username : String (optional)
  • blackduck_args : String (optional)
  • blackduck_config_path : String (optional)
  • blackduck_download_url : String (optional)
  • blackduck_execution_path : String (optional)
  • blackduck_install_directory : String (optional)
  • blackduck_prComment_enabled : boolean (optional)
  • blackduck_reports_sarif_create : boolean (optional)
  • blackduck_reports_sarif_file_path : String (optional)
  • blackduck_reports_sarif_groupSCAIssues : boolean (optional)
  • blackduck_reports_sarif_severities : String (optional)
  • blackduck_scan_failure_severities : String (optional)
  • blackduck_scan_full : boolean (optional)
  • blackduck_search_depth : int (optional)
  • blackduck_token : String (optional)
  • blackduck_url : String (optional)
  • blackduck_waitForScan : boolean (optional)
  • blackducksca_fixpr_enabled : boolean (optional)
    Flag to enable/disable the automatic fix pull request creations for Black Duck SCA. Default value is false.
  • blackducksca_fixpr_filter_severities : String (optional)
    Filter the vulnerabilities by given severities, Fix PR(s) will be created only for issues where the issue severity matches one of the values specified using this option Values. Default is CRITICAL, HIGH.
  • blackducksca_fixpr_maxCount : int (optional)
    Maximum number of pull requests to be created that violate policies. PR is created for each vulnerable component
  • blackducksca_fixpr_useUpgradeGuidance : String (optional)
    Configure Short Term or Long Term Guidance- Blackduck SCA upgrade guidance Values. Default is SHORT_TERM, LONG_TERM
  • blackducksca_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • blackducksca_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • blackducksca_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Black Duck SCA scan result. Supported values: true or false. Requires SCM Token.
  • blackducksca_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • blackducksca_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackducksca_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackducksca_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackducksca_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackducksca_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck SCA. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackducksca_scan_full : String (optional)
    Specify the scan mode to use. Recommended Auto mode uses Rapid scan for PR scans and Intelligent scans for non-PR scans. All post scan features such as PR comments are only supported in this mode. Use Intelligent or Rapid scan modes only if you want to set the scan type for both PR and non-PR contexts but note that post scan features such as PR comments are not supported.
  • blackducksca_token : String (optional)
  • blackducksca_url : String (optional)
  • blackducksca_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, SARIF, Fix PR etc will not be applicable.
  • bridgecli_download_url : String (optional)
  • bridgecli_download_version : String (optional)
  • bridgecli_install_directory : String (optional)
  • coverity_args : String (optional)
    Additional Coverity Arguments separated by space.
  • coverity_build_command : String (optional)
    Build command for Coverity.
  • coverity_clean_command : String (optional)
    Clean command for Coverity.
  • coverity_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • coverity_execution_path : String (optional)
  • coverity_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Check to run analysis locally. If unchecked, scan will be performed on scan farm.
  • coverity_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Coverity scan result. Supported values: true or false. Requires SCM Token.
  • coverity_prComment_impacts : String (optional)
    Comments are created for issues whose impact matches one of the values specified in the Filter PR comments by Coverity Impact. The default value is HIGH. Supported values are HIGH, MEDIUM, LOW, and AUDIT
  • coverity_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • coverity_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment etc will not be applicable.
  • detect_args : String (optional)
    Additional Detect Arguments separated by space.
  • detect_config_path : String (optional)
    Detect config file path (.properties/.yml).
  • detect_download_url : String (optional)
    Specify Detect download URL
  • detect_execution_path : String (optional)
  • detect_install_directory : String (optional)
  • detect_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
  • mark_build_status : String (optional)
  • network_airgap : boolean (optional)
    If provided, Black Duck Security Scan Plugin will be using local network to download and execute bridge-CLI.
  • network_ssl_cert_file : String (optional)
  • network_ssl_trustAll : boolean (optional)
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name in Polaris Server. If not provided, SCM repository name will be set as default value.
  • polaris_assessment_mode : String (optional)
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_branch_parent_name : String (optional)
    Parent branch name in the Polaris Server
  • polaris_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • polaris_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • polaris_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Polaris scan result. Supported values: true or false. Requires SCM Token.
  • polaris_prComment_severities : String (optional)
    Comma separated list of severities. Comments are created for issues where the issue severity matches one of the values specified using this option. Supported values: CRITICAL,HIGH,MEDIUM,LOW,INFORMATIONAL
  • polaris_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • polaris_project_name : String (optional)
    Project name in Polaris Server. If not provided, SCM repository name will be set as default value.
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_server_url : String (optional)
  • polaris_test_sast_location : String (optional)
    Polaris SAST test location. Default value: HYBRID. Supported values: LOCAL or HYBRID or REMOTE
    NOTE: Polaris Assessment Mode is deprecated. Use Polaris SAST Test Location as REMOTE for source upload scans instead.
  • polaris_test_sast_type : String (optional)
    Polaris test type to trigger sigma rapid scan or full scan. Supported values: SAST_RAPID or SAST_FULL
  • polaris_test_sca_location : String (optional)
    Polaris SCA test location. Default value: HYBRID. Supported values: HYBRID or REMOTE
    NOTE: Polaris Assessment Mode is deprecated. Use Polaris SCA Test Location as REMOTE for source upload scans instead.
  • polaris_test_sca_type : String (optional)
    Polaris test type to trigger signature scan or package manager scan. Default value: SCA-PACKAGE. Supported values: SCA-PACKAGE or SCA-SIGNATURE or both SCA-PACKAGE, SCA-SIGNATURE
  • polaris_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, SARIF etc will not be applicable.
  • product : String (optional)
    Please select the Black Duck Security Product. Supported products are Black Duck SCA, Coverity, Polaris and Software Risk Manager (SRM)
  • project_directory : String (optional)
  • project_source_archive : String (optional)
    The zipped source file path. It overrides the project directory setting above
  • project_source_excludes : String (optional)
    A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
  • project_source_preserveSymLinks : boolean (optional)
    Flag indicating whether to preserve symlinks in the source zip
  • return_status : boolean (optional)
    If true (checked), returns the status code of the Black Duck Security Scan instead of failing the workflow. Supported values: true or false
  • srm_apikey : String (optional)
  • srm_assessment_types : String (optional)
    SRM assessment types. Supported values: SCA or SAST or both SCA, SAST
  • srm_branch_name : String (optional)
    Branch name in SRM server.
  • srm_branch_parent : String (optional)
    Parent Branch name in SRM server.
  • srm_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • srm_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • srm_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • srm_project_id : String (optional)
    Project ID in SRM server.
  • srm_project_name : String (optional)
    Project name in SRM server. If not provided, SCM repository name will be set as default value.
  • srm_url : String (optional)
  • srm_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows will not be applicable.
  • synopsys_bridge_download_url : String (optional)
  • synopsys_bridge_download_version : String (optional)
  • synopsys_bridge_install_directory : String (optional)

step([$class: 'SecurityScanFreestyle']): Black Duck Security Scan

  • bitbucket_token : String (optional)
  • bitbucket_username : String (optional)
  • blackducksca_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • blackducksca_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • blackducksca_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • blackducksca_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackducksca_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackducksca_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackducksca_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackducksca_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck SCA. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackducksca_scan_full : String (optional)
    Specify the scan mode to use. Recommended Auto mode uses Rapid scan for PR scans and Intelligent scans for non-PR scans. All post scan features such as PR comments are only supported in this mode. Use Intelligent or Rapid scan modes only if you want to set the scan type for both PR and non-PR contexts but note that post scan features such as PR comments are not supported.
  • blackducksca_token : String (optional)
  • blackducksca_url : String (optional)
  • blackducksca_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like SARIF etc will not be applicable.
  • bridgecli_download_url : String (optional)
  • bridgecli_download_version : String (optional)
  • bridgecli_install_directory : String (optional)
  • coverity_args : String (optional)
    Additional Coverity Arguments separated by space.
  • coverity_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • coverity_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • coverity_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • coverity_execution_path : String (optional)
  • coverity_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Check to run analysis locally. If unchecked, scan will be performed on scan farm.
  • coverity_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • coverity_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows will not be applicable.
  • detect_args : String (optional)
    Additional Detect Arguments separated by space.
  • detect_config_path : String (optional)
    Detect config file path (.properties/.yml).
  • detect_download_url : String (optional)
    Specify Detect download URL
  • detect_execution_path : String (optional)
  • detect_install_directory : String (optional)
  • detect_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
  • mark_build_status : String (optional)
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name in Polaris Server
  • polaris_assessment_mode : String (optional)
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_branch_parent_name : String (optional)
  • polaris_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • polaris_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • polaris_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • polaris_project_name : String (optional)
    Project name in Polaris Server.
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_sast_args : String (optional)
    Additional Coverity Arguments separated by space.
  • polaris_sast_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • polaris_sast_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • polaris_sast_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • polaris_sca_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • polaris_sca_config_path : String (optional)
    Black Duck config file path(.properties/.yml).
  • polaris_sca_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • polaris_server_url : String (optional)
  • polaris_test_sast_location : String (optional)
    Polaris SAST test location. Default value: HYBRID. Supported values: LOCAL or HYBRID or REMOTE
    NOTE: Polaris Assessment Mode is deprecated. Use Polaris SAST Test Location as REMOTE for source upload scans instead.
  • polaris_test_sast_type : String (optional)
    Polaris test type to trigger sigma rapid scan or full scan. Supported values: SAST_RAPID or SAST_FULL
  • polaris_test_sca_location : String (optional)
    Polaris SCA test location. Default value: HYBRID. Supported values: HYBRID or REMOTE
    NOTE: Polaris Assessment Mode is deprecated. Use Polaris SCA Test Location as REMOTE for source upload scans instead.
  • polaris_test_sca_type : String (optional)
    Polaris test type to trigger signature scan or package manager scan. Default value: SCA-PACKAGE. Supported values: SCA-PACKAGE or SCA-SIGNATURE or both SCA-PACKAGE, SCA-SIGNATURE
  • polaris_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like SARIF etc will not be applicable.
  • product : String (optional)
    Please select the Black Duck Security Product. Supported products are Black Duck SCA, Coverity, Polaris and Software Risk Manager (SRM)
  • project_directory : String (optional)
  • project_source_archive : String (optional)
    The zipped source file path. It overrides the project directory setting above
  • project_source_excludes : String (optional)
    A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
  • project_source_preserveSymLinks : boolean (optional)
    Flag indicating whether to preserve symlinks in the source zip
  • srm_apikey : String (optional)
  • srm_assessment_types : String (optional)
    SRM assessment types. Supported values: SCA or SAST or both SCA, SAST
  • srm_branch_name : String (optional)
    Branch name in SRM server.
  • srm_branch_parent : String (optional)
    Parent Branch name in SRM server.
  • srm_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • srm_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • srm_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • srm_project_id : String (optional)
    Project ID in SRM server.
  • srm_project_name : String (optional)
    Project name in SRM server.
  • srm_sast_args : String (optional)
    Additional Coverity Arguments separated by space.
  • srm_sast_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • srm_sast_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • srm_sast_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • srm_sca_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • srm_sca_config_path : String (optional)
    Black Duck config file path(.properties/.yml).
  • srm_sca_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • srm_url : String (optional)
  • srm_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows will not be applicable.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.