-
Notifications
You must be signed in to change notification settings - Fork 26
/
jenkins-runtime-latest.yml
53 lines (49 loc) · 2.35 KB
/
jenkins-runtime-latest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
tools_base_dir: "/opt/tools"
install_maven: "1"
update_maven: "0"
maven_build: "3.5.2"
maven_download_url: "http://www-us.apache.org/dist/maven/maven-3/{{maven_build}}/binaries/apache-maven-{{maven_build}}-bin.tar.gz"
m2_home: "{{tools_base_dir}}/apache-maven"
m2: "{{tools_base_dir}}/apache-maven/bin"
install_nvd: "1"
update_nvd: "0"
proxy_params: ""
wget_proxy_params: ""
maven_proxy_params: ""
java_proxy_params: ""
owasp_proxy_params: ""
jenkins_home: "/var/jenkins_home"
path: "{{tools_base_dir}}/apache-maven/bin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:$PATH"
install_maven_task: "{{playbook_dir}}/roles/install/tasks/install-maven.yml"
install_nvd_task: "{{playbook_dir}}/roles/install/tasks/install-nvd.yml"
install_depchecker_task: "{{playbook_dir}}/roles/install/tasks/install-depchecker.yml"
nvd_depcheck_dir: "{{tools_base_dir}}/depcheck"
nvd_depcheck: "{{nvd_depcheck_dir}}/dependency-check-cli/target/release/bin/dependency-check.sh"
# if you're using your own fork say on github enterprise or behind a proxy:
nvd_depcheck_m2_settings: ""
nvd_depcheck_repo: "https://github.com/jeremylong/DependencyCheck.git"
nvd_depcheck_key: "/root/.ssh/id_rsa.pub"
nist_dl_dir: "{{tools_base_dir}}/nvd"
nist_dl: "{{nist_dl_dir}}/target/nist-data-mirror.jar"
nist_dl_data_dir: "/opt/nvd"
# if you're using your own fork say on github enterprise or behind a proxy
nist_dl_proxy_params: ""
nist_dl_m2_settings: ""
nist_dl_repo: "https://github.com/stevespringett/nist-data-mirror.git"
nist_dl_key: "/root/.ssh/id_rsa.pub"
bandit_scan_dir: "/opt/scanthisdir"
bandit_num_lines: "3"
bandit_level: "-ll"
bandit_formatter: "html"
bandit_report_dir: "/opt/reports"
bandit_report_file: "{{bandit_report_dir}}/bandit-report.html"
bandit_args: "-r {{bandit_scan_dir}} -n {{bandit_num_lines}} {{bandit_level}} -f {{bandit_formatter}} -o {{bandit_report_file}}"
owasp_scan_dir: "/opt/scanthisdir"
owasp_python_args: "--enableExperimental true"
owasp_run_report: "1"
owasp_pom: "{{playbook_dir}}/roles/install/files/initial-pom.xml"
owasp_project_label: "analyze-this-code"
owasp_report_dir: "/opt/reports"
owasp_report_file: "{{owasp_report_dir}}/owasp-report.html"
owasp_build_h2_db_arg: "-n"
owasp_args: "{{owasp_proxy_params}} {{owasp_build_h2_db_arg}} {{owasp_python_args}} --out {{owasp_report_file}} --scan {{owasp_scan_dir}} -P {{owasp_pom}} --project {{owasp_project_label}} --data {{nist_dl_data_dir}}"