Create Jenkinsfile-npm-install-with-snyk-filter.groovy (#60)

Added Jenkinsfile example using plugin & snyk-filter

Jenkins/Jenkinsfile-npm-install-with-snyk-filter.groovy

@@ -0,0 +1,47 @@
+// This example utilizes the pipeline plugin:
+// https://www.jenkins.io/solutions/pipeline/
+
+// Please read this file in its entirety and ensure that you've replaced the installations, tokens, URLs, etc. match your organization's
+
+pipeline {
+    agent any
+
+    tools {
+        nodejs 'nodeInstallationName'
+    }
+    stages {
+        stage('Git Clone') {
+            steps {
+                git url: 'https://github.com/snyk-labs/nodejs-goof' 
+            }
+        }
+
+        stage('Install Snyk-Filter') {
+            steps {
+                // snyk-filter requires node-jq and snyk-filter to be installed
+                sh 'npm install --location=global node-jq snyk-filter'
+            }
+        }
+
+        stage('Build') {
+            steps {
+                // Add your build instructions in this stage
+            }
+        }
+
+        stage('Snyk Test using plugin') {
+            // Run snyk test to check for vulnerabilities and fail the build if any are found
+            steps {
+                // Run snyk test, output results as json and then run snyk-filter using that json and the location of the filter.
+                snykSecurity( 
+                    snykInstallation: 'snykInstallationName', 
+                    snykTokenId: 'snykTokenId', 
+                    monitorProjectOnBuild: false, // snyk-filter is not supported with monitor, so this should be set to false.
+                    failOnIssues: 'false', // if the build fails in the snykSecurity step, snyk-filter will not run, which is why failOnIssues is set to false.
+                    additionalArguments: '--json-file-output=all-vulnerabilities.json'
+                )
+                sh 'snyk-filter -i all-vulnerabilities.json -f snyk-filter/exploitable_cvss_9.yml'
+            }
+        }
+    }
+}

Jenkins/README.md

@@ -8,6 +8,20 @@ The [example](./Jenkinsfile-npm-install-generic.groovy) listed in this folder wi
 
 The scripts may depend on various plugins. Please follow the information within the scripts to install them.
 
+## Using snyk-filter with Jenkins
+
+The [example with snyk-filter](./Jenkinsfile-npm-install-with-snyk-filter.groovy) in this folder will scan using Snyk's open source product and outputs the results as a json file. It will then run [snyk-filter](https://github.com/snyk-tech-services/snyk-filter) which accepts that json file and the location to the [filter](./exploitable_cvss_9.yml) as inputs. 
+
+### Example of filter
+
+```
+version: 2
+customFilters:
+  filter: ".vulnerabilities |= map(if (  select(.exploit != null and .exploit != \"Not Defined\" and .exploit != \"Unproven\" and .cvssScore>=9.0)) then . else empty end)"
+  pass: ".vulnerabilities[] | select(.exploit != null and .exploit != \"Not Defined\" and .exploit != \"Unproven\" and .cvssScore>=9.0) | length"
+  msg: "Exploitable Vulnerabilities with CVSS Score of 9 or higher found"
+```
+
 ## Samples
 
 Trend lines across all of Snyks products.

Jenkins/exploitable_cvss_9.yml

@@ -0,0 +1,7 @@
+# This is an example of a filter to be used with snyk-filter in Jenkins example. 
+# Please see the snyk-filter repo for more information and formatting guidelines: https://github.com/snyk-tech-services/snyk-filter
+version: 2
+customFilters:
+  filter: ".vulnerabilities |= map(if (  select(.exploit != null and .exploit != \"Not Defined\" and .exploit != \"Unproven\" and .cvssScore>=9.0)) then . else empty end)"
+  pass: ".vulnerabilities[] | select(.exploit != null and .exploit != \"Not Defined\" and .exploit != \"Unproven\" and .cvssScore>=9.0) | length"
+  msg: "Exploitable Vulnerabilities with CVSS Score of 9 or higher found"