diff --git a/Jenkinsfile b/Jenkinsfile index c2306fa..3712cbf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -68,17 +68,10 @@ pipeline { } } } - stage('Frontend') { + stage('Build') { steps { sh './scripts/ci/build-frontend' - } - } - stage('Backend') { - steps { - withCredentials([usernamePassword(credentialsId: 'oss-index-token', passwordVariable: 'NANCY_TOKEN', usernameVariable: 'NANCY_USER')]) { - sh './scripts/ci/test-backend' - } - // Build all the golang binaries + sh './scripts/ci/test-backend' sh './scripts/ci/build-backend' // Build the docker image used for testing below sh '''docker build --pull --no-cache \\ diff --git a/backend/.nancy-ignore b/backend/.nancy-ignore deleted file mode 100644 index 9361485..0000000 --- a/backend/.nancy-ignore +++ /dev/null @@ -1,37 +0,0 @@ -# If you need to ignore any of nancy's warnings add them -# here with a reference to the package/version that -# triggers them and rational for ignoring it. -# pkg:golang/github.com/coreos/etcd@3.3.10 -# etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation -CVE-2020-15115 - -# pkg:golang/github.com/coreos/etcd@3.3.10 -# In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records -CVE-2020-15136 - -# pkg:golang/github.com/coreos/etcd@3.3.10 -# In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access -CVE-2020-15114 - -# pkg:golang/github.com/gorilla/websocket@1.4.0 -# Integer Overflow or Wraparound -CWE-190 - -# jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict... -CVE-2020-26160 - -# https://ossindex.sonatype.org/vulnerability/sonatype-2021-1485 -sonatype-2021-1485 - -# CWE-770: Allocation of Resources Without Limits or Throttling -CVE-2022-41717 -CVE-2022-41723 - -# CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') -CVE-2022-41723 - -# CWE-20: Improper Input Validation -CVE-2023-26125 - -# CWE-494: Download of Code Without Integrity Check -CVE-2023-29401 diff --git a/scripts/ci/test-backend b/scripts/ci/test-backend index 82c8587..2614f20 100755 --- a/scripts/ci/test-backend +++ b/scripts/ci/test-backend @@ -31,14 +31,13 @@ echo " NOW: $NOW" if [ "${1:-}" = "--inside-docker" ]; then mkdir -p /workspace - echo -e "${BLUE}❯ ${CYAN}Nancy setup${RESET}" + echo -e "${BLUE}❯ ${CYAN}govulncheck setup${RESET}" cd /workspace - # go get github.com/sonatype-nexus-community/nancy - cp /app/backend/go.mod /app/backend/go.sum /app/backend/.nancy-ignore . + cp /app/backend/go.mod /app/backend/go.sum . go mod download - echo -e "${BLUE}❯ ${CYAN}Nancy testing${RESET}" - go list -json -m all | nancy sleuth --quiet --username "${NANCY_USER}" --token "${NANCY_TOKEN:-}" + echo -e "${BLUE}❯ ${CYAN}govulncheck testing${RESET}" + govulncheck ./... rm -rf /workspace echo -e "${BLUE}❯ ${CYAN}Testing backend code${RESET}"