0

I have a plugin in Jenkins for Checkmarx which scans the source code for static code analysis. Is there to make that plugin be compulsory for every job in jenkins?

For that matter any plugin.

Scooby
  • 3,371
  • 8
  • 44
  • 84

4 Answers4

1

The answer, that you probably don't want to hear, is: No.

The only way you can enforce something to happen at all times, is by writing your own plugin for your own "Project type" (instead of Maven or Free-style), and then enforce that everyone uses your project type.

Slav
  • 27,057
  • 11
  • 80
  • 104
  • 1
    Found a implicit way to do it. Using jenkins rest api - run through all job config.xml. Download the jobConfig.xml, update the xml with the plugin(checkmark)and upload(POST) it back to jenkins server. Run this on a schedule and it shall force everyone to use it. As I said its an implicit way of doing it. – Scooby Jan 22 '15 at 18:22
1

Found a implicit way to do it.

  1. Using jenkins rest api(batch,python,ruby) - run through all job config.xml.
  2. Download the jobConfig.xml
  3. Update the xml with the plugin(checkmarx in this case) config
  4. Upload(POST) it back to jenkins server.

Run this on a schedule and it shall force everyone to use it.

As I said its an implicit way of doing it.

Scooby
  • 3,371
  • 8
  • 44
  • 84
  • This doesn't answer the question. It's a work-around through manual (scripted or not) intervention through modification. If your script runs on a nightly schedule, anyone that creates and executes the job the same day, won't get your modifications. And even after the script had run, I can go back to job configuration and remove the parts that the script had added. – Slav Jan 22 '15 at 18:31
  • yes all you said is true, but as I said its a work around(read - implicit). You can do all that, but with this script running nightly, its something that would eventually be enforced. In any case this is something that can be done to work around my problem. Hoping this might help someone else too. – Scooby Jan 22 '15 at 19:58
0

Checkmarx plugin provides a build step, so it will run every time the job runs. No need to force, if I understand the question correctly. Just make sure the "Skip scan if triggered by SCM Changes" flag is unchecked, which is the default. See more info about the plugin here: https://checkmarx.atlassian.net/wiki/display/KC/Configuring+a+Scan+Action

Denis Krivitski
  • 654
  • 8
  • 11
  • Okay I will rephrase I want to make it compulsory for every job and not just every build - all jobs in jenkins. – Scooby Jan 19 '15 at 16:42
0

Downloading the config.xml for the job and posting it back is a bad idea for several reasons. First checkmarx does not require the code to be compiled so you are wasting precious cycles on a build slave. Second Jenkins jobs can do more than compile and they could deploy to production accidentally. Just don't do it. The best way to do what you want to do is to download the config.xml file and then extract the repository url. You can use the Checkmarx rest api to perform a scan. You can probably name the program in checkmarx in some way to relate it back to the jenkins job.

ojblass
  • 21,146
  • 22
  • 83
  • 132