Skip to content

ethiack/jenkins-shared-library

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github
.github
 
 
assets
assets
 
 
src/com/ethiack
src/com/ethiack
 
 
vars
vars
 
 
.gitignore
.gitignore
 
 
.releaserc.yaml
.releaserc.yaml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation


logo

Ethiack Jenkins Shared Library

Integration of Ethiack's Public API with Jenkins CI/CD

GitHub Release MIT License LinkedIn

IntroductionInstallationCredentials SetupUsageLicense

Introduction

This Jenkins shared library facilitates the integration of Ethiack's Public API (API docs) for launching scans through Jenkins pipelines. By using this library, you can seamlessly incorporate Ethiack's security scanning capabilities into your Jenkins workflows, enhancing your CI/CD pipeline with automated security testing.

(back to top)

Installation

Note

For more information on these and other installation methods, please refer to the Jenkins' extensive documentation on shared libraries.

Method #1: Using Global Shared Libraries (Recommended)

  1. Navigate to Dashboard » Manage Jenkins » System » Global Pipeline Libraries on the Jenkins dashboard.

  2. Under the Global Pipeline Libraries section, provide the following configuration:

    Name: ethiack-library
    Default Version: main
    Load implicitly: ☐
    Allow default version to be overridden: ☑
    Include @Library changes in job recent changes: ☑
    Cache fetched versions on controller for quick retrieval: ☐

    Retrieval Method: Modern SCM

    Source Code Management: Git

    Project Repository: https://github.com/ethiack/jenkins-library Credentials: - none -

    Fresh clone per build: ☑

The shared library can then be imported in a pipeline with:

@Library("ethiack-library") _

Method #2: Using the Github Groovy Libraries plugin

The Github Groovy Libraries plugin allows pipelines to be loaded on the fly from GitHub repositories. If the plugin is installed, simply import the library repository in the working pipeline:

@Library('github.com/ethiack/jenkins-library@main') _

(back to top)

Credentials Setup

Using Ethiack's API - and, therefore, this shared library - requires authentication using an API Key and API Secret, which can be retrieved in Ethiack's Portal settings page. These credentials must be available as environment variables ETHIACK_API_KEY and ETHIACK_API_SECRET, repectively, whenever the shared library is used.

To setup these credentials in Jenkins:

  1. Navigate to Dashboard » Manage Jenkins » Credentials on the Jenkins homepage.
  2. Select the desired store/domain
  3. Add API Key:

    New Credential

    Kind: Secret Text

    Secret: [YOUR API KEY]
    ID: ethiack-api-key
    Description: Optional

  4. Add API Secret:

    New Credential

    Kind: Secret Text

    Secret: [YOUR API SECRET]
    ID: ethiack-api-secret
    Description: Optional

Caution

Ensure that the store/domain used for storing the API Key and the API Secret has an adequate scope and access rules.

Note

For more information, see https://www.jenkins.io/doc/book/using/using-credentials/.

(back to top)

Usage

Note

This shared library is fundamentally a wrapper around Ethiack's Public API. For more information, see the API docs.

Example: Launching a job and waiting for its conclusion

This pipeline launches a scan for the domain https://example.ethiack.com and waits until it finishes.

@Library("ethiack-library")_
import groovy.json.JsonSlurper

pipeline {
    agent any
    
    environment {
        ETHIACK_API_KEY = credentials('ethiack-api-key')
        ETHIACK_API_SECRET = credentials('ethiack-api-secret')
    }

    stages {
        stage('Ethiack Scan') {
            steps {
                script {                 
                    def job = ethiack.launchJob("https://example.ethiack.com:443")
                    def resp = ethiack.awaitJob(job.uuid, Severity.MEDIUM, false)
                    def job_info = ethiack.getJobInfo(job.uuid)
                    println job_info
                    if(resp.success == false) {
                        error(resp.message)
                    }
                }
            }
        }
    }
}

Example: Using beacon_id and event_slug parameters

This example demonstrates how to use the optional parameters for tracking and integration purposes.

@Library("ethiack-library")_
import groovy.json.JsonSlurper

pipeline {
    agent any
    
    environment {
        ETHIACK_API_KEY = credentials('ethiack-api-key')
        ETHIACK_API_SECRET = credentials('ethiack-api-secret')
    }

    stages {
        stage('Ethiack Scan') {
            steps {
                script {                 
                    def buildNumber = env.BUILD_NUMBER.toInteger()
                    def releaseVersion = "v1.2.3"
                    
                    // Launch a scan with tracking information
                    def job = ethiack.launchJob(
                        "https://example.ethiack.com:443",
                        buildNumber,  // beacon_id for build tracking
                        "release-${releaseVersion}" // event_slug for release tracking
                    )
                    
                    def resp = ethiack.awaitJob(job.uuid, Severity.MEDIUM, false)
                    if(resp.success == false) {
                        error(resp.message)
                    }
                }
            }
        }
    }
}

Available commands

A complete list of the available commands is provided below.

check

Description: Check if the provided URL is valid and the scan is authorized for the organization.

Signature: Boolean check(String url, Integer beacon_id = null, String event_slug = null, Boolean failOnBadStatus = false) {...}

Parameters:

  • url: URL to check
  • beacon_id: Optional beacon ID to associate with the check
  • event_slug: Optional event slug to associate with the check
  • failOnBadStatus: If true, an error will be raised if the operation fails

Returns:

  • true true if URL is valid and if the organization has scan minutes available, false otherwise

launchJob

Description: Launch a new job for the provided URL if the provided URL is valid and the organization has scan minutes available.

Signature: Map launchJob(String url, Integer beacon_id = null, String event_slug = null, Boolean failOnBadStatus = true) {...}

Parameters:

  • url: URL to scan.
  • beacon_id: Optional beacon ID to associate with the job
  • event_slug: Optional event slug to associate with the job
  • failOnBadStatus: If true, an error will be raised if the operation fails

Returns:

  • Map object with the information about the launched job

cancelJob

Description: Cancel a job. The status of the job will be changed to CANCELED.

Signature: void cancelJob(String jobUuid, Boolean failOnBadStatus = true) {...}

Parameters:

  • jobUuid: UUID of job to cancel
  • failOnBadStatus: If true, an error will be raised if the operation fails

listJobs

Description: Get a list of jobs for the current organization.

Signature: Map listJobs(Boolean failOnBadStatus = true) {...}

Parameters:

  • failOnBadStatus: If true, an error will be raised if the operation fails

Returns:

  • List of jobs

getJobInfo

Description: Get job information, containing the status and a list of findings for the requested job UUID.

Signature: Map getJobInfo(String jobUuid, Boolean failOnBadStatus = true) {...}

Parameters:

  • jobUuid: UUID of the job
  • failOnBadStatus: If true, an error will be raised if the operation fails

Returns:

  • Map object with info about the job's information and its findings

getJobStatus

Description: Get job status of the requested job UUID.

Signature: String getJobStatus(String jobUuid, Boolean failOnBadStatus = true) {...}

Parameters:

  • jobUuid: UUID of the job
  • failOnBadStatus: If true, an error will be raised if the operation fails

Returns:

  • Job status. One of: PENDING, IN_PROGRESS, FINISHED, ERROR, CANCELED

getJobSuccess

Description: Get job success status. A job is considered unsucessful if it contains findings with a greater or equal severity to the one provided.

Signature: Map getJobSuccess(String jobUuid, String severity = null, Boolean failOnBadStatus = true) {...}

Parameters:

  • jobUuid: UUID of the job
  • severity: Minimum severity of findings for which an error should be raised. Defaults to medium.
  • failOnBadStatus: If true, an error will be raised if the operation fails

Returns:

  • Map object with job success status and message

awaitJob

Description: Wait for the job to complete. The success of the job will be queried until it finishes or fails, or the job timeout is reached.

Signature: Map awaitJob(String jobUuid, Integer timeout = 3600, String severity = null, Boolean quiet = true, Boolean failOnBadStatus = true) {...}

Parameters:

  • jobUuid: UUID of the job
  • timeout: Timeout in seconds to wait for job to complete
  • severity: Minimum severity of findings for which an error should be raised
  • quiet: If true, retry information won't be echoed
  • failOnBadStatus: Ff true, an error will be raised if the operation fails

Returns:

  • Map object with job success status and message

(back to top)

License

Distributed under the MIT License. See LICENSE for more information.

(back to top)

About

Integration of Ethiack's Public API with Jenkins CI/CD

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 8

1.1.2 Latest
Oct 15, 2025
+ 7 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages