jenkins-lib

Jenkins shared library
git clone https://git.in0rdr.ch/jenkins-lib.git
Log | Files | Refs | README

commit 439b5971be0820d3dc81ffa737924720fe71e6be
parent 34489be4474c9a34d31e15f1ed1bc4c282ebdd6d
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Tue,  4 Jun 2024 23:07:19 +0200

feat(gitleaks): remove try/catch

Diffstat:
Mvars/gitleaks.groovy | 26+++++++++++---------------
1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/vars/gitleaks.groovy b/vars/gitleaks.groovy @@ -1,21 +1,17 @@ def call() { node('podman') { stage('scan') { - docker.image('ghcr.io/gitleaks/gitleaks:v8.18.2').inside('-u root --entrypoint=""') { - try { - sh returnStatus: true, script: ''' - gitleaks detect \ - --verbose --no-color --no-banner \ - --report-path gitleaks-report.json \ - ''' - archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true - } catch (err) { - def report = readJSON file: 'gitleaks-report.json' - if (!report.isEmpty) { - unstable(message: "Secrets detected in ${BUILD_URL}") - } else { - error(message: $err) - } + docker.image('ghcr.io/gitleaks/gitleaks:v8.18.3').inside('-u root --entrypoint=""') { + sh returnStatus: true, script: ''' + gitleaks detect \ + --no-color --no-banner \ + --gitleaks-ignore-path .gitleaksignore \ + --report-path gitleaks-report.json + ''' + archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true + def r = readJSON file: 'gitleaks-report.json' + if (!r.isEmpty()) { + unstable(message: "Secrets detected in ${BUILD_URL}") } } }