Create a Jenkins Shared Library for use with Semgrep scans
Jenkins Pipelines supports the creation of Shared Libraries, which allow you to share parts of Pipelines between multiple projects.
When integrating Semgrep into your Jenkins instances, you can define a single Semgrep configuration file and use it with multiple Pipelines. This reduces the work required to set up the integration and simplifies maintenance. Instead of updating each Pipeline, you can update the Shared Library, which each Pipeline uses to obtain its configuration file.
Create the Shared Library
- Create a new Git repository.
- Within your repository, create a new Groovy file in the
vars/folder, such asvars/semgrepFullScan.groovy. - In your new Groovy file, add your Semgrep configuration.
- Log in to your Jenkins deployment, and declare your Shared Library:
- Click Manage Jenkins.
- Go to System Configuration > System.
- In Global Trusted Pipeline Libraries, click Add.
- Provide the Name of your library, the Default version, and Project Repository. The Project Repository value is the URL of your repository.
- Click Save.
Use the Shared Library
Once you've created the Shared Library, you can use it in your Pipeline by calling it at the top of your Jenkinsfile:
@Library('semgrep') _
pipeline {
agent any
environment {
// The following variable is required for a Semgrep AppSec Platform-connected scan:
SEMGREP_APP_TOKEN = credentials('SEMGREP_APP_TOKEN')
}
stages {
stage('Semgrep-Scan') {
steps {
semgrepFullScan()
}
}
}
}
The library name in your Jenkinsfile must match the library name you provided in the Jenkins dashboard, and the function invoked must match the name of the Groovy file in your repository. For example, in the preceding example, the library name is semgrep, and the function invoked is semgrepFullScan(), which matches the name of the Groovy file in your repository semgrepFullScan.groovy.
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.