From 49be2fdc5f4b7883100a0bcb619b8664942f54f2 Mon Sep 17 00:00:00 2001 From: tdruez Date: Wed, 22 Oct 2025 10:32:17 +0400 Subject: [PATCH 1/3] Add support for Jenkins Signed-off-by: tdruez --- .github/workflows/test-jenkinsfile.yml | 21 +++++++++++++++++++++ jenkins/Jenkinsfile | 16 ++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 .github/workflows/test-jenkinsfile.yml create mode 100644 jenkins/Jenkinsfile diff --git a/.github/workflows/test-jenkinsfile.yml b/.github/workflows/test-jenkinsfile.yml new file mode 100644 index 0000000..2b6a1a2 --- /dev/null +++ b/.github/workflows/test-jenkinsfile.yml @@ -0,0 +1,21 @@ +name: Test Jenkinsfile + +on: [push] + +jobs: + test-jenkinsfile: + name: Scan codebase using the Jenkinsfile + runs-on: ubuntu-24.04 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Run Jenkinsfile + run: | + docker run --rm \ + -v "$PWD":/workspace \ + -w /workspace \ + jenkins/jenkinsfile-runner:latest \ + -w /workspace \ + -f /workspace/jenkins/Jenkinsfile diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile new file mode 100644 index 0000000..171536a --- /dev/null +++ b/jenkins/Jenkinsfile @@ -0,0 +1,16 @@ +pipeline { + agent any + stages { + stage('Scan') { + steps { + sh ''' + docker run --rm \ + -v "$PWD":/codebase \ + ghcr.io/aboutcode-org/scancode.io:latest \ + run scan_codebase /codebase \ + > results.json + ''' + } + } + } +} From c0edf68230803f6f2aefa9a29203a7fe5575d905 Mon Sep 17 00:00:00 2001 From: tdruez Date: Wed, 22 Oct 2025 10:35:07 +0400 Subject: [PATCH 2/3] Fix the Jenkins runner command and upload artifact Signed-off-by: tdruez --- .github/workflows/test-jenkinsfile.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-jenkinsfile.yml b/.github/workflows/test-jenkinsfile.yml index 2b6a1a2..6c2a30f 100644 --- a/.github/workflows/test-jenkinsfile.yml +++ b/.github/workflows/test-jenkinsfile.yml @@ -17,5 +17,11 @@ jobs: -v "$PWD":/workspace \ -w /workspace \ jenkins/jenkinsfile-runner:latest \ - -w /workspace \ + run \ -f /workspace/jenkins/Jenkinsfile + + - name: Upload results.json + uses: actions/upload-artifact@v4 + with: + name: jenkinsfile-results + path: results.json From fc1873fdb62437f81c9f5f36f145207a3cd2cfe6 Mon Sep 17 00:00:00 2001 From: tdruez Date: Tue, 28 Oct 2025 11:20:59 +0400 Subject: [PATCH 3/3] Add Jenkins pipeline example and README documentation Signed-off-by: tdruez --- .github/workflows/test-jenkinsfile.yml | 27 ----- jenkins/Jenkinsfile | 30 ++++-- jenkins/README.md | 136 +++++++++++++++++++++++++ 3 files changed, 160 insertions(+), 33 deletions(-) delete mode 100644 .github/workflows/test-jenkinsfile.yml create mode 100644 jenkins/README.md diff --git a/.github/workflows/test-jenkinsfile.yml b/.github/workflows/test-jenkinsfile.yml deleted file mode 100644 index 6c2a30f..0000000 --- a/.github/workflows/test-jenkinsfile.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Test Jenkinsfile - -on: [push] - -jobs: - test-jenkinsfile: - name: Scan codebase using the Jenkinsfile - runs-on: ubuntu-24.04 - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Run Jenkinsfile - run: | - docker run --rm \ - -v "$PWD":/workspace \ - -w /workspace \ - jenkins/jenkinsfile-runner:latest \ - run \ - -f /workspace/jenkins/Jenkinsfile - - - name: Upload results.json - uses: actions/upload-artifact@v4 - with: - name: jenkinsfile-results - path: results.json diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index 171536a..df92783 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,16 +1,34 @@ +// Jenkins Pipeline with ScanCode.io Integration +// This pipeline scans your codebase and archives the results + pipeline { agent any + stages { - stage('Scan') { + stage('Scan codebase') { steps { + echo 'Running ScanCode.io scan...' + + // Run the scan and save results sh ''' docker run --rm \ - -v "$PWD":/codebase \ - ghcr.io/aboutcode-org/scancode.io:latest \ - run scan_codebase /codebase \ - > results.json + -v "${WORKSPACE}":/codedrop \ + ghcr.io/aboutcode-org/scancode.io:latest \ + run scan_codebase /codedrop \ + > scancode_results.json ''' + + echo 'Scan completed!' + } + } + + stage('Archive Results') { + steps { + // Save the results as a build artifact + archiveArtifacts artifacts: 'scancode_results.json', fingerprint: true + echo 'Results archived successfully' } } } -} + +} \ No newline at end of file diff --git a/jenkins/README.md b/jenkins/README.md new file mode 100644 index 0000000..6a5858d --- /dev/null +++ b/jenkins/README.md @@ -0,0 +1,136 @@ +# ScanCode.io Jenkins Integration + +Run [ScanCode.io](https://github.com/aboutcode-org/scancode.io) into your Jenkins CI/CD +pipeline. + +- [Overview](#overview) +- [Prerequisites](#prerequisites) +- [Quick Start](#quick-start) +- [Simple Example](#simple-example) +- [Specify Pipeline](#specify-pipeline) +- [Additional Resources](#additional-resources) + +--- + +## Overview + +This integration allows you to automatically scan your code as part of your Jenkins +pipeline: + +- Scans your entire codebase using ScanCode.io +- Generates a comprehensive JSON report +- Archives the results as Jenkins build artifacts +- Runs automatically on every build + +## Prerequisites + +Before you begin, ensure you have: + +1. **Jenkins installed and running** + - Version 2.x or higher recommended + +2. **Docker installed on your Jenkins agent** + - Docker must be accessible to Jenkins + - Test with: `docker --version` + +3. **Required Jenkins Plugins**: + - Docker Pipeline Plugin + - Pipeline Plugin + - Git Plugin (if using Git) + +## Quick Start + +### Step 1: Create a Jenkinsfile + +Create a file named `Jenkinsfile` in the root of your repository with the following +content: + +```groovy +pipeline { + agent any + + stages { + stage('ScanCode.io Scan') { + steps { + echo 'Running ScanCode.io scan...' + + sh ''' + docker run --rm \ + -v "${WORKSPACE}":/codedrop \ + ghcr.io/aboutcode-org/scancode.io:latest \ + run scan_codebase /codedrop \ + > scancode_results.json + ''' + + echo 'Scan completed!' + } + } + + stage('Archive Results') { + steps { + archiveArtifacts artifacts: 'scancode_results.json', fingerprint: true + echo 'Results archived successfully' + } + } + } +} +``` + +### Step 3: Access Your Results + +After the build completes: +1. Go to the build page +2. Click on "Build Artifacts" +3. Download `scancode_results.json` + +## Simple Example + +```groovy +pipeline { + agent any + + stages { + stage('Scan') { + steps { + sh ''' + docker run --rm \ + -v "${WORKSPACE}":/codedrop \ + ghcr.io/aboutcode-org/scancode.io:latest \ + run scan_codebase /codedrop \ + > scancode_results.json + ''' + archiveArtifacts 'scancode_results.json' + } + } + } +} +``` + +This minimal example: +- Runs the scan in a single stage +- Archives the results + +## Specify Pipeline + +Instead of `scan_codebase`, you can use other ScanCode.io pipelines: + +- `scan_single_package` - For scanning a single package +- `analyse_docker_image` - For scanning Docker images +- `load_inventory` - For loading existing scan data + +Example with a different pipeline: +```groovy +sh ''' + docker run --rm \ + -v "${WORKSPACE}":/codedrop \ + ghcr.io/aboutcode-org/scancode.io:latest \ + run analyse_docker_image docker://alpine:3.22.1 \ + > scancode_results.json +''' +``` + +## Additional Resources + +- **ScanCode.io Documentation:** https://scancodeio.readthedocs.io/ +- **ScanCode.io GitHub:** https://github.com/aboutcode-org/scancode.io +- **Jenkins Pipeline Documentation:** https://www.jenkins.io/doc/book/pipeline/