Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72712

Add a new installation method that automatically installs the latest version of dependency-check

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Won't Do
    • Icon: Minor Minor
    • dependency-check-jenkins-plugin
    • None
    • Jenkins 2.401.3
      OWASP Dependency-Check 5.4.6

      Add a new installation method that automatically installs the latest version of dependency-check. 

       

      Currently I have to manually select the version of dependency-check that I want to install when using the installation method "Install from github.com". 

       

      I propose the following changes: 

      1. "dependency-check-latest" should show up in the dropdown menu of the "install from github.com" installation method
      2. The installation method should be able to regularly schedule checks for a latest version. 

       

      I have achieved this result by adding a shell build step in my job that checks our project for CVE. Here is my script: 

      #!/bin/bash

# This script will update the installation of dependency-check to the latest version

# Any error will immediately exit the script with an error code
set -e

# Define directories 
dependency_checker_dir="/srv/jenkins/tools/org.jenkinsci.plugins.DependencyCheck.tools.DependencyCheckInstallation/"
dependency_checker_latest="${dependency_checker_dir}dependency-check_latest/"
dependency_checker_download="${dependency_checker_dir}download/"

# Get currently installed version
current_version=$(cat "${dependency_checker_latest}currentVersion.txt")

# Get latest version
latest_version=$(curl -s https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest | grep -oP '"tag_name": "v\K(.*)(?=")')

echo "Current version of dependency checker: $current_version"
echo "Latest version of dependency checker: $latest_version"

# TODO: Maybe use numeric comparison?
if [[ "$current_version" != "$latest_version" ]]; then
echo "Current version and latest version do not match. Attempting to update the version."

# Clear download folder
rm -r ${dependency_checker_download}*

# Download the latest version
wget --no-verbose -P $dependency_checker_download "https://github.com/jeremylong/DependencyCheck/releases/download/v$latest_version/dependency-check-$latest_version-release.zip"

# Unzip the downloaded file
unzip -q -o "${dependency_checker_download}dependency-check-$latest_version-release.zip" -d "${dependency_checker_download}"        

# Delete old version
rm -rf ${dependency_checker_latest}*

# Move files
mv ${dependency_checker_download}dependency-check/* ${dependency_checker_latest}        

# Save current version
echo "$latest_version" > ${dependency_checker_latest}currentVersion.txt

echo "Dependency Check updated successfully."

else

echo "Dependency Check is already up to date."

fi

       

            nfalco Nikolas Falco
            simon_sohrt Simon Sohrt
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: