我们正在使用“Warnings Next Generation Plugin”中的
recordIssues结果由
生成 recordIssues(enabledForFailure: true,
aggregatingResults: true,
qualityGates: [[threshold: 1, type: 'TOTAL_ERROR', unstable: true]],
filters: [
excludeType('CVE-2017-15095'),
excludeType('CVE-2017-17485'),
],
tools: [issues(pattern: '*-issues.json', reportEncoding: 'UTF-8')])
我有大约。 180 个 CVE 可以忽略,因为它们不会影响我们的软件。我想从外部文件动态生成数组,而不是添加 180 次
excludeType('CVE-2017-17485'),更新
根据 Matts 的回答,脚本现在看起来像这样:
stages {
stage("Scan") {
steps {
sh """#!/bin/bash
echo "do some stuff"
"""
script {
List<String> cve = readYaml file: 'ignored_cves.yaml'
}
recordIssues(enabledForFailure: true,
aggregatingResults: true,
qualityGates: [[threshold: 1, type: 'TOTAL_ERROR', unstable: true]],
filters: cve.collect {excludeType(it)},
tools: [issues(pattern: '*-issues.json', reportEncoding: 'UTF-8')])
}
}
}
但是当在 Jenkins 中运行时我收到:
groovy.lang.MissingPropertyException: No such property: cve for class: groovy.lang.Binding
at groovy.lang.Binding.getVariable(Binding.java:63)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:271)
我想知道如何访问
cverecordIssue我认为这是因为你的
cvescript { ... }要么拿出来:
List<String> cve = null // <--- out of script { ... } block
pipeline {
...
stages {
stage("Scan") {
steps {
...
script {
cve = readYaml file: 'ignored_cves.yaml'
}
recordIssues(...,
...,
...,
filters: cve.collect {excludeType(it)},
...)
}
}
}
...
}
...或将
recordIssuesscript { ... } stages {
stage("Scan") {
steps {
...
script {
List<String> cve = readYaml file: 'ignored_cves.yaml'
recordIssues(... // <--- within script { ... } block
...
...
filters: cve.collect {excludeType(it)},
...)
}
}
}
}