Add semgrep

2026-03-25 19:27:40 +01:00
parent 90d1c1b562
commit 253308dcc5
1 changed files with 19 additions and 1 deletions
--- a/20
+++ b/20
@@ -35,7 +35,24 @@ pipeline {
        sh """
          docker run --rm -v "\$(pwd):/src" \
            returntocorp/semgrep \
-            semgrep scan --config=auto /cmd /internal
+            semgrep scan --config=auto \
+            --sarif --output /src/semgrep.sarif \
+            /src/internal /src/cmd
+        """
+      }
+    }
+
+    stage('Upload to DefectDojo') {
+      steps {
+        sh """
+          curl -X POST "${DD_URL}/api/v2/import-scan/" \
+            -H "Authorization: Token ${DD_API_KEY}" \
+            -F "scan_type=SARIF" \
+            -F "file=@\$(pwd)/semgrep.sarif" \
+            -F "product_name=ReSendit" \
+            -F "engagement_name=Jenkins-CI" \
+            -F "auto_create_context=true" \
+            -F "close_old_findings=true"
        """
      }
    }
@@ -89,6 +106,7 @@ pipeline {
      sh 'docker logout ${REGISTRY} || true'
      sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
      sh 'docker image prune -f || true'
+      sh 'rm -f semgrep.sarif || true'
    }
  }
 }