Skip to main content

Pipeline Scan example for using Gradle with Jenkins

This example Groovy code shows how to add a Pipeline Scan as a build stage in a Jenkins build pipeline that uses Gradle.

The example includes a script that downloads and unzips, to ensure you have the latest version, then runs pipeline-scan.jar using your API credentials. For improved stability, Veracode recommends that you change these scripts to use the Pipeline Scan Docker image.

pipeline {
agent { label <'any-with-jdk8-gradle-curl-unzip'> }
stages {
stage('Gradle Build') {
steps {
sh 'gradle clean build'
stage('Veracode Pipeline Scan') {
steps {
sh 'curl -O'
sh 'unzip pipeline-scan.jar'
sh 'java -jar pipeline-scan.jar \
--veracode_api_id "${VERACODE_API_ID}" \
--veracode_api_key "${VERACODE_API_SECRET}" \
--file "build/libs/sample.jar" \
--fail_on_severity="Very High, High" \
--fail_on_cwe="80" \
--baseline_file "${CI_BASELINE_PATH}" \
--timeout "${CI_TIMEOUT}" \
--project_name "${env.JOB_NAME}" \
--project_url "${env.GIT_URL}" \
--project_ref "${env.GIT_COMMIT}"'
post {
always {
archiveArtifacts artifacts: 'results.json', fingerprint: true