pipeline {
agent any
environment {
WORKDIR = 'Workspace'
SCAN_KEY = credentials('SLS_SCAN_KEY')
SLS_CLIENT_ID = credentials('SLS_CLIENT_ID')
SLS_CLIENT_SECRET = credentials('SLS_CLIENT_SECRET')
}
stages{
stage ('Git Checkout') {
steps {
dir("${WORKDIR}") {
git branch: 'master', url: 'https://github.com/<org>/<repo>.git'
}
}
}
stage ('ScanProject'){
steps {
sh 'docker login -u ${SLS_CLIENT_ID} -p ${SLS_CLIENT_SECRET} tauruseer.azurecr.io'
// Run SCA Scan
sh 'docker pull tauruseer.azurecr.io/sca-scanner-pipeline:latest'
sh 'docker run -v ${WORKSPACE}:/source tauruseer.azurecr.io/sca-scanner-pipeline:latest --scan-key=${SCAN_KEY}'
// Run SAST Scan
sh 'docker pull tauruseer.azurecr.io/sast-scanner-pipeline:latest'
sh 'docker run -v ${WORKSPACE}:/source tauruseer.azurecr.io/sast-scanner-pipeline:latest --scan-key=${SCAN_KEY}'
}
}
}
}
The job will pass the credentials to the scanner as environment variables.