jenkins-lib

Jenkins shared library
git clone https://git.in0rdr.ch/jenkins-lib.git
Log | Files | Refs | Pull requests | README

gitleaks.groovy (997B)

      1 def call() {
      2     pipeline {
      3         agent {
      4             docker {
      5               label 'podman'
      6               image 'ghcr.io/gitleaks/gitleaks:v8.18.3'
      7               args '-u root --entrypoint='
      8             }
      9         }
     10 
     11         stages {
     12             stage('scan') {
     13                 steps {
     14                     script {
     15                         sh returnStatus: true, script: '''
     16                         gitleaks detect \
     17                           --no-color --no-banner \
     18                           --report-path gitleaks-report.json
     19                         '''
     20                         def r = readJSON file: 'gitleaks-report.json'
     21                         if (!r.isEmpty()) {
     22                             unstable(message: "Secrets detected in ${BUILD_URL}")
     23                         }
     24                     }
     25                 }
     26             }
     27         }
     28         post {
     29             always {
     30                 archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true
     31             }
     32         }
     33     }
     34 }