Skip to main content

Build Failure Conditions Configuration

In order to create build failure conditions based on variables in the form of metrics in the post-build step:

  1. Select the desired Item from the list.

Figure 10.20: Jenkins: Select Item
Figure 10.20: Jenkins: Select Item

  1. Click Configure.

Figure 10.21: Jenkins: Select Config
Figure 10.21: Jenkins: Select Config

  1. In the Post-build Actions section, click Add post-build action.

Figure 10.22: Jenkins: Select Post Build Task
Figure 10.22: Jenkins: Select Post Build Task

  1. Select Post build task.

  2. In the Post build task section, set up the build failure conditions as bash script. For instance, script:

if [[ $SCORE < 3.5 || $CRITICAL > 10 || $LOW > 30 ]]; then
    echo "vulnerable app"
    exit 1
else
    exit 0
fi

means that build will fail if the project rating is lower than 3.5, OR the number of critical vulnerabilities exceeds 10, OR the number of low-level vulnerabilities exceeds 30.

Use global variables:

  • Plugin creates environment build variables:

    • PROJECT_ID project UUID in DerScanner
    • SCAN_ID scan UUID in DerScanner
    • SCAN_URL link to scan results in DerScanner
    • SERVER REST API address
    • SERVER_UUID server identifier assigned during global configuration
    • PDF_URL PDF-report address
    • SCORE project score in DerScanner
    • TOTAL total number of vulnerabilities in the project
    • CRITICAL number of critical vulnerabilities
    • MEDIUM number of medium level vulnerabilities
    • LOW number of low level vulnerabilities
    • INFO number of info level vulnerabilities

  • The following parameters are calculated when selecting the Include scan comparison in report checkbox. They are counted relative to the scan which UUID is specified in the UUID of scan for comparison field.

    • NEW_TOTAL total number of new vulnerabilities in the project
    • NEW_CRITICAL number of new critical vulnerabilities
    • NEW_MEDIUM number of new medium level vulnerabilities
    • NEW_LOW number of new low level vulnerabilities
    • NEW_INFO number of new info level vulnerabilities

These variables can then be used for other build steps.

  1. Activate the Escalate script execution status to job status checkbox.

Figure 10.23: Jenkins: Save Post Build Task
Figure 10.23: Jenkins: Save Post Build Task

  1. Click Save.