-
Notifications
You must be signed in to change notification settings - Fork 43
/
cloudbuild.yaml
98 lines (87 loc) · 3.81 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Integrate Fortify ScanCentral Static AppSec Testing (SAST) into your Google Cloud Build pipeline
# Please refer to \devops-integrations\gcp\cloudbuild_fortify_sast_fod.yaml to integrate this build with Fortify On Demand
# The following Google Cloud Build Secrets must be defined before using this job
# - $$FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN
# - $$FCLI_DEFAULT_SSC_USER
# - $$FCLI_DEFAULT_SSC_PASSWORD
# - $$FCLI_DEFAULT_SSC_CI_TOKEN
# - $$FCLI_DEFAULT_SSC_URL
# - $$SSC_APP_VERSION_ID
steps:
- name: maven:3.9.7
entrypoint: 'mvn'
args: ['-q', 'clean', 'package', '-DskipTests']
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '-t', 'gcr.io/$PROJECT_ID/iwa_java:latest', '-t', 'gcr.io/$PROJECT_ID/iwa_java:$COMMIT_SHA', '-t', 'gcr.io/$PROJECT_ID/iwa_java:$BUILD_ID', '.']
id: 'build-image-IWAJava'
- name: 'fortifydocker/fortify-ci-tools:5.4.1-jdk-17'
entrypoint: bash
args:
- -c
- |
echo Setting connection with Fortify Platform
fcli ssc session login
fcli sc-sast session login
scancentral package -bt mvn -o package.zip
fcli sc-sast scan start --publish-to=$$SSC_APP_VERSION_ID --sensor-version=$$SC_SAST_SENSOR_VERSION --package-file=package.zip --store=Id
fcli sc-sast scan wait-for ::Id:: --interval=30s
fcli ssc issue count --appversion=$$SSC_APP_VERSION_ID
echo Terminating connection with Fortify Platform
fcli sc-sast session logout
fcli ssc session logout
secretEnv: ['FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN', 'FCLI_DEFAULT_SSC_USER', 'FCLI_DEFAULT_SSC_PASSWORD', 'FCLI_DEFAULT_SSC_CI_TOKEN', 'FCLI_DEFAULT_SSC_URL']
env:
- 'FORTIFY_IP=${_PUBLIC_IP}'
- 'SSC_APP_VERSION_ID=${_SSC_APP_VERSION_ID}'
- 'SC_SAST_SENSOR_VERSION=24.2'
id: 'fortify-static-scan'
waitFor: ['build-image-IWAJava']
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'gcr.io/$PROJECT_ID/iwa_java:$COMMIT_SHA']
id: 'push-image-to-container-registry'
- name: 'gcr.io/cloud-builders/gcloud'
args:
- 'run'
- 'deploy'
- 'iwajava'
- '--image'
- 'gcr.io/$PROJECT_ID/iwa_java:$COMMIT_SHA'
- '--region'
- 'us-central1'
- '--platform'
- 'managed'
- '--allow-unauthenticated'
id: 'deploy-to-cloud-run'
- name: 'fortifydocker/fortify-ci-tools:5.4.1-jdk-17'
entrypoint: "bash"
args:
- "-c"
- |
echo Setting connection with Fortify Platform
fcli ssc session login
fcli sc-dast session login
fcli sc-dast scan start --name=$$SC_DAST_SCAN_NAME --settings=$$SC_DAST_CICD_IDENTIFIER
echo Terminating connection with Fortify Platform
fcli sc-dast session logout
fcli ssc session logout
secretEnv: ['FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN', 'FCLI_DEFAULT_SSC_USER', 'FCLI_DEFAULT_SSC_PASSWORD', 'FCLI_DEFAULT_SSC_CI_TOKEN', 'FCLI_DEFAULT_SSC_URL']
env:
- 'FORTIFY_IP=${_PUBLIC_IP}'
- 'SC_DAST_CICD_IDENTIFIER=${_SC_DAST_CICD_IDENTIFIER}'
- 'SC_DAST_SCAN_NAME=IWA_DAST_GCP'
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/fcli_default_sc_sast_client_auth_token/versions/latest
env: 'FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN'
- versionName: projects/$PROJECT_ID/secrets/fcli_default_ssc_user/versions/latest
env: 'FCLI_DEFAULT_SSC_USER'
- versionName: projects/$PROJECT_ID/secrets/fcli_default_ssc_password/versions/latest
env: 'FCLI_DEFAULT_SSC_PASSWORD'
- versionName: projects/$PROJECT_ID/secrets/fcli_default_ssc_ci_token/versions/latest
env: 'FCLI_DEFAULT_SSC_CI_TOKEN'
- versionName: projects/$PROJECT_ID/secrets/fcli_default_ssc_url/versions/latest
env: 'FCLI_DEFAULT_SSC_URL'
images:
- 'gcr.io/$PROJECT_ID/iwa_java:latest'
- 'gcr.io/$PROJECT_ID/iwa_java:$COMMIT_SHA'
- 'gcr.io/$PROJECT_ID/iwa_java:$BUILD_ID'