commit 439b5971be0820d3dc81ffa737924720fe71e6be parent 34489be4474c9a34d31e15f1ed1bc4c282ebdd6d Author: Andreas Gruhler <andreas.gruhler@adfinis.com> Date: Tue, 4 Jun 2024 23:07:19 +0200 feat(gitleaks): remove try/catch Diffstat:
| M | vars/gitleaks.groovy | | | 26 | +++++++++++--------------- |
1 file changed, 11 insertions(+), 15 deletions(-)
diff --git a/vars/gitleaks.groovy b/vars/gitleaks.groovy @@ -1,21 +1,17 @@ def call() { node('podman') { stage('scan') { - docker.image('ghcr.io/gitleaks/gitleaks:v8.18.2').inside('-u root --entrypoint=""') { - try { - sh returnStatus: true, script: ''' - gitleaks detect \ - --verbose --no-color --no-banner \ - --report-path gitleaks-report.json \ - ''' - archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true - } catch (err) { - def report = readJSON file: 'gitleaks-report.json' - if (!report.isEmpty) { - unstable(message: "Secrets detected in ${BUILD_URL}") - } else { - error(message: $err) - } + docker.image('ghcr.io/gitleaks/gitleaks:v8.18.3').inside('-u root --entrypoint=""') { + sh returnStatus: true, script: ''' + gitleaks detect \ + --no-color --no-banner \ + --gitleaks-ignore-path .gitleaksignore \ + --report-path gitleaks-report.json + ''' + archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true + def r = readJSON file: 'gitleaks-report.json' + if (!r.isEmpty()) { + unstable(message: "Secrets detected in ${BUILD_URL}") } } }