Program

Run Zap and JuiceShop through shell script…

setsid /opt/zaproxy/zap.sh -daemon  >/dev/null 2>&1 < /dev/null & 

a= $(sudo docker run --rm -d -p 3000:3000 bkimminich/juice-shop)

sleep 20s

cd SeleniumTutorial 

mvn test

sudo docker stop a

import requests

url = 'http://localhost:8000/api/v1/importscan/'

headers = {'content-type': 'application/json','Authorization': 'ApiKey admin:3f55287710e6b8456278c796da027bffaf8ff26a'}

payload= {"minimum_severity": "Low",
  "scan_date": "2019-07-28",
  "verified": "true",
  "file": "/home/praveen/Downloads/a.xml",
  "lead": "/api/v1/users/1/",
  "tags": "",
  "active": "true",
  "engagement": "/api/v1/engagements/1/",
    "scan_type": "ZAP Scan",
"resource_uri": "/api/v1/products/1/"
}

r = requests.post(url, headers=headers, verify=False, json=payload) # set verify to False if ssl cert is self-signed

print(r.headers)
print(r.status_code)
print(r.text)

#!/usr/bin/python

#import the package
from defectdojo_api import defectdojo
import os

#setup DefectDojo connection information

host = 'http://localhost:8000'
api_key = 'af3c3bd25464dd9940e053bd88ed94752ff8b974'
user = 'admin'
time=os.getenv('BUILD_TIMESTAMP')

#instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=True)
time= time.split(" ",1)

#upload the scan
print dd.upload_scan(1,"Snyk Scan", "snyk.json", "True", time[0])

The zap java api

https://github.com/zaproxy/zap-api-java

JenkinsFile:

// Powered by Infostretch 

timestamps {

node () {

	stage ('Pull_Code - Checkout') {
 	 checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '', url: 'https://github.com/bkimminich/juice-shop.git']]]) 
	}
	stage ('Pull_Code - Build') {
 	
// Unable to convert a build step referring to "hudson.plugins.ws__cleanup.PreBuildCleanup". Please verify and convert manually if required.		// Shell build step
sh """ 
npm install 
 """ 
	}
	stage ('DependencyScan-snyk - Build') {
 	
 	sh """#!/bin/bash
 	mkdir testresults
 	snyk test --json --severity-threshold=low > testresults/snyk_report.json
 	exit 0"""

sh """/home/praveen/Shell_Scripts/DependencyScan-snyk/Snyk2DD.sh"""
	archiveArtifacts 'testresults/snyk_report.json'
	}
	stage ('ScanDependency-retirejs - Build') {
            sh """retire --exitwith=0 --outputformat=json --outputpath=testresults/RetireResults.json """	
            sh """/home/praveen/Shell_Scripts/Retirejs-scan/Retire2HTML.sh"""
            sh """/home/praveen/Shell_Scripts/Retirejs-scan/Retire2DD.sh"""
	}
	stage ('SAST_Sonarqube - Build') {
 	
 def scannerHome = tool 'SonarScanner';
    withSonarQubeEnv(installationName:'SonarQube_Sever',credentialsId: 'Sonarid') { // If you have configured more than one global server connection, you can specify its name
      sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=Juice \
  -Dsonar.sources=. \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=b54fc81bcd4dbd8fb9adabfa1d83380c9251d09b"
    }
	}
	stage ('Selelnium+Zap - Checkout') {
 	 checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '', url: 'https://github.com/praveendvd/JuiceShopSelenium.git']]]) 
	}
	stage ('Selelnium+Zap - Build') {
 	
// Unable to convert a build step referring to "hudson.plugins.ws__cleanup.PreBuildCleanup". Please verify and convert manually if required.		// Shell build step
sh """ 
/home/praveen/Downloads/test.sh 
 """		// Shell build step
sh """ 
#!/usr/bin/python

#import the package
from defectdojo_api import defectdojo
import os

#setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = 'f7aa1faf52558e0aa8e775ef37ddb78edc194131'
user = 'admin'
time=os.getenv('BUILD_TIMESTAMP')

#instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=True)
time= time.split(" ",1)

#!/usr/bin/python

#import the package
from defectdojo_api import defectdojo
import os

#setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = 'f7aa1faf52558e0aa8e775ef37ddb78edc194131'
user = 'admin'
time=os.getenv('BUILD_TIMESTAMP')

#instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=True)
time= time.split(" ",1)

print dd.upload_scan(1,"ZAP Scan", "./SeleniumTutorial/target/testoutfinal.xml", "True", time[0]) 
 """
		archiveArtifacts allowEmptyArchive: false, artifacts: 'SeleniumTutorial/target/testoutfinal.*,SeleniumTutorial/target/surefire-reports', caseSensitive: true, defaultExcludes: true, fingerprint: false, onlyIfSuccessful: false 
	}
}
}

Share this: