Examples
This is an example containing only one "red" finding - so easy to understand.
|
ℹ️
|
With SecHub release 0.20.0 two new features were introduced into the html report. You can find the direct link to the CWE MITRE article of the corresponding CWE-Id within the Type column. This can help you with learning more about the corresponding security finding. In the Description column you can now expand the whole callstack analog to the callstack within the JSON report.
|
Here is a real output from an older SecHub scan (scanned itself) - you will find output files to download below picture.
|
ℹ️
|
The scan was done with SecHub server V0.20.0 |
A working example of a Jenkinsfile can be found within the SecHub project in the continous-integration-multibranch-pipeline.jenkins file.
For the documentation of the SecHub client please refer to SecHub Client.
You can run the SecHub Client in synchronous and asynchronous mode. In synchronous mode your build will break if it isn’t "green" (sechub scan). Whereat in asynchronous mode it will not break your CI/CD pipeline (sechub scanAsync).
Run the SecHub client within your source folder with parameters and default named sechub.json file:
stage('Security scan') {
// set the environment variables within the scan-stage
environment {
SECHUB_USERID = credentials('sechub-userid')
SECHUB_APITOKEN = credentials('sechub-api-token')
SECHUB_SERVER= credentials('sechub-server')
}
steps {
script {
sh "sechub -project ${projectName} scan"
}
}
}Or provide a configuration file (JSON) as parameter:
sh "sechub -configfile otherconfig.json scan"For details to the SecHub configuration file please see SecHub configuration.