The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Black Duck Security Scan

View this plugin on the Plugins site

security_scan: Black Duck Security Scan

  • bitbucket_token : String (optional)
  • bitbucket_username : String (optional)
  • blackduck_args : String (optional)
  • blackduck_config_path : String (optional)
  • blackduck_download_url : String (optional)
  • blackduck_execution_path : String (optional)
  • blackduck_install_directory : String (optional)
  • blackduck_prComment_enabled : boolean (optional)
  • blackduck_reports_sarif_create : boolean (optional)
  • blackduck_reports_sarif_file_path : String (optional)
  • blackduck_reports_sarif_groupSCAIssues : boolean (optional)
  • blackduck_reports_sarif_severities : String (optional)
  • blackduck_scan_failure_severities : String (optional)
  • blackduck_scan_full : boolean (optional)
  • blackduck_search_depth : int (optional)
  • blackduck_token : String (optional)
  • blackduck_url : String (optional)
  • blackduck_waitForScan : boolean (optional)
  • blackducksca_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • blackducksca_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • blackducksca_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Black Duck SCA scan result. Supported values: true or false. Requires SCM Token.
  • blackducksca_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • blackducksca_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackducksca_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackducksca_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackducksca_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackducksca_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck SCA. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackducksca_scan_full : boolean (optional)
    Specifies whether full scan is required or not. Supported values: true or false
  • blackducksca_token : String (optional)
  • blackducksca_url : String (optional)
  • blackducksca_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, SARIF etc will not be applicable.
  • bridgecli_download_url : String (optional)
  • bridgecli_download_version : String (optional)
  • bridgecli_install_directory : String (optional)
  • coverity_args : String (optional)
    Additional Coverity Arguments separated by space.
  • coverity_build_command : String (optional)
    Build command for Coverity.
  • coverity_clean_command : String (optional)
    Clean command for Coverity.
  • coverity_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • coverity_execution_path : String (optional)
  • coverity_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Check this box if you are using Coverity Connect. Defaults to Cloud Native Coverity
  • coverity_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Coverity scan result. Supported values: true or false. Requires SCM Token.
  • coverity_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • coverity_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment etc will not be applicable.
  • detect_args : String (optional)
    Additional Detect Arguments separated by space.
  • detect_config_path : String (optional)
    Detect config file path (.properties/.yml).
  • detect_download_url : String (optional)
    Specify Detect download URL
  • detect_execution_path : String (optional)
  • detect_install_directory : String (optional)
  • detect_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
  • mark_build_status : String (optional)
  • network_airgap : boolean (optional)
    If provided, Black Duck Security Scan Plugin will be using local network to download and execute bridge-CLI.
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name in Polaris Server. If not provided, SCM repository name will be set as default value.
  • polaris_assessment_mode : String (optional)
    The test mode type of this scan. Supported values: CI or SOURCE_UPLOAD
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_branch_parent_name : String (optional)
    Parent branch name in the Polaris Server
  • polaris_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • polaris_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • polaris_prComment_enabled : boolean (optional)
    Add automatic pull request comment based on Polaris scan result. Supported values: true or false. Requires SCM Token.
  • polaris_prComment_severities : String (optional)
    Comma separated list of severities. Comments are created for issues where the issue severity matches one of the values specified using this option. Supported values: CRITICAL,HIGH,MEDIUM,LOW,INFORMATIONAL
  • polaris_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • polaris_project_name : String (optional)
    Project name in Polaris Server. If not provided, SCM repository name will be set as default value.
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_server_url : String (optional)
  • polaris_test_sca_type : String (optional)
    Polaris test type to trigger signature scan or package manager scan. Default value: SCA-PACKAGE. Supported values: SCA-PACKAGE or SCA-SIGNATURE
  • polaris_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like PR comment, SARIF etc will not be applicable.
  • product : String (optional)
    Please select the Black Duck Security Product. Supported products are Black Duck SCA, Coverity, Polaris and Software Risk Manager (SRM)
  • project_directory : String (optional)
  • project_source_archive : String (optional)
    The zipped source file path. It overrides the project directory setting above
  • project_source_excludes : String (optional)
    A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
  • project_source_preserveSymLinks : boolean (optional)
    Flag indicating whether to preserve symlinks in the source zip
  • return_status : boolean (optional)
    If true (checked), returns the status code of the Black Duck Security Scan instead of failing the workflow. Supported values: true or false
  • srm_apikey : String (optional)
  • srm_assessment_types : String (optional)
    SRM assessment types. Supported values: SCA or SAST or both SCA, SAST
  • srm_branch_name : String (optional)
    Branch name in SRM server.
  • srm_branch_parent : String (optional)
    Parent Branch name in SRM server.
  • srm_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • srm_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • srm_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • srm_project_id : String (optional)
    Project ID in SRM server.
  • srm_project_name : String (optional)
    Project name in SRM server. If not provided, SCM repository name will be set as default value.
  • srm_url : String (optional)
  • srm_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows will not be applicable.
  • synopsys_bridge_download_url : String (optional)
  • synopsys_bridge_download_version : String (optional)
  • synopsys_bridge_install_directory : String (optional)

step([$class: 'SecurityScanFreestyle']): Black Duck Security Scan

  • bitbucket_token : String (optional)
  • bitbucket_username : String (optional)
  • blackducksca_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • blackducksca_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • blackducksca_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • blackducksca_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • blackducksca_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • blackducksca_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • blackducksca_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • blackducksca_scan_failure_severities : String (optional)
    Specify scan failure severities of Black Duck SCA. Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
  • blackducksca_scan_full : boolean (optional)
    Specifies whether full scan is required or not. Supported values: true or false
  • blackducksca_token : String (optional)
  • blackducksca_url : String (optional)
  • blackducksca_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like SARIF etc will not be applicable.
  • bridgecli_download_url : String (optional)
  • bridgecli_download_version : String (optional)
  • bridgecli_install_directory : String (optional)
  • coverity_args : String (optional)
    Additional Coverity Arguments separated by space.
  • coverity_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • coverity_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • coverity_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • coverity_execution_path : String (optional)
  • coverity_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • coverity_install_directory : String (optional)
  • coverity_local : boolean (optional)
    Check this box if you are using Coverity Connect. Defaults to Cloud Native Coverity
  • coverity_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • coverity_passphrase : String (optional)
  • coverity_policy_view : String (optional)
    ID number/Name of a saved view to apply as a 'break the build' policy
  • coverity_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • coverity_project_name : String (optional)
    The project name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_stream_name : String (optional)
    The stream name in Coverity is optional for multi-branch pipeline jobs, but it is mandatory for freestyle and pipeline jobs.
  • coverity_url : String (optional)
  • coverity_user : String (optional)
  • coverity_version : String (optional)
    Specific Coverity version to download, rather than opting for the latest version
  • coverity_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows will not be applicable.
  • detect_args : String (optional)
    Additional Detect Arguments separated by space.
  • detect_config_path : String (optional)
    Detect config file path (.properties/.yml).
  • detect_download_url : String (optional)
    Specify Detect download URL
  • detect_execution_path : String (optional)
  • detect_install_directory : String (optional)
  • detect_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • github_token : String (optional)
  • gitlab_token : String (optional)
  • include_diagnostics : boolean (optional)
  • mark_build_status : String (optional)
  • network_airgap : boolean (optional)
    If provided, Black Duck Security Scan Plugin will be using local network to download and execute bridge-CLI.
  • polaris_access_token : String (optional)
  • polaris_application_name : String (optional)
    Application name in Polaris Server
  • polaris_assessment_mode : String (optional)
    The test mode type of this scan. Supported values: CI or SOURCE_UPLOAD
  • polaris_assessment_types : String (optional)
    Polaris assessment types. Supported values: SCA or SAST or both SCA, SAST
  • polaris_branch_name : String (optional)
    Branch name in the Polaris Server
  • polaris_branch_parent_name : String (optional)
  • polaris_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • polaris_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • polaris_prComment_severities : String (optional)
  • polaris_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • polaris_project_name : String (optional)
    Project name in Polaris Server.
  • polaris_reports_sarif_create : boolean (optional)
    SARIF report will be uploaded as a Jenkins Archive Artifact.
  • polaris_reports_sarif_file_path : String (optional)
    File path (including file name) where SARIF report is created.
  • polaris_reports_sarif_groupSCAIssues : boolean (optional)
    Uncheck this to disable grouping by component and list SCA issues by vulnerability.
  • polaris_reports_sarif_issue_types : String (optional)
    Comma separated list of issues types to include in SARIF report. Supported values: SAST, SCA
  • polaris_reports_sarif_severities : String (optional)
    Comma separated list of issue severities to include in SARIF report. Supported values: CRITICAL,HIGH,MEDIUM,LOW
  • polaris_sast_args : String (optional)
    Additional Coverity Arguments separated by space.
  • polaris_sast_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • polaris_sast_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • polaris_sast_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • polaris_sca_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • polaris_sca_config_path : String (optional)
    Black Duck config file path(.properties/.yml).
  • polaris_sca_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • polaris_server_url : String (optional)
  • polaris_test_sca_type : String (optional)
    Polaris test type to trigger signature scan or package manager scan. Default value: SCA-PACKAGE. Supported values: SCA-PACKAGE or SCA-SIGNATURE
  • polaris_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows like SARIF etc will not be applicable.
  • product : String (optional)
    Please select the Black Duck Security Product. Supported products are Black Duck SCA, Coverity, Polaris and Software Risk Manager (SRM)
  • project_directory : String (optional)
  • project_source_archive : String (optional)
    The zipped source file path. It overrides the project directory setting above
  • project_source_excludes : String (optional)
    A list of git ignore pattern strings that indicate the files need to be excluded from the zip file
  • project_source_preserveSymLinks : boolean (optional)
    Flag indicating whether to preserve symlinks in the source zip
  • srm_apikey : String (optional)
  • srm_assessment_types : String (optional)
    SRM assessment types. Supported values: SCA or SAST or both SCA, SAST
  • srm_branch_name : String (optional)
    Branch name in SRM server.
  • srm_branch_parent : String (optional)
    Parent Branch name in SRM server.
  • srm_include_diagnostics : boolean (optional)
    Bridge diagnostics will be uploaded in Jenkins Archive Artifact. Supported values: true or false
  • srm_mark_build_status : String (optional)
    Specify the build status to use if policy violating issues are found. Default value: FAILURE. Supported values: FAILURE, UNSTABLE, SUCCESS
  • srm_project_directory : String (optional)
    The project source directory. Defaults to the repository root directory. Set this to specify a custom folder that is other than repository root
  • srm_project_id : String (optional)
    Project ID in SRM server.
  • srm_project_name : String (optional)
    Project name in SRM server.
  • srm_sast_args : String (optional)
    Additional Coverity Arguments separated by space.
  • srm_sast_build_command : String (optional)
    Comma separated list of build command for Coverity.
  • srm_sast_clean_command : String (optional)
    Comma separated list of clean command for Coverity.
  • srm_sast_config_path : String (optional)
    Coverity config file path (.yaml/.yml/.json).
  • srm_sca_args : String (optional)
    Additional Black Duck Arguments separated by space.
  • srm_sca_config_path : String (optional)
    Black Duck config file path(.properties/.yml).
  • srm_sca_search_depth : int (optional)
    Number indicating the search depth in the source directory.
  • srm_url : String (optional)
  • srm_waitForScan : boolean (optional)
    Specifies if the workflow should wait for the analysis to complete. Default value: true. If set to false, post merge workflows will not be applicable.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.