I'm trying to break the dependency check report generated by my Jenkins CI pipeline into multiple reports (one per module) because having one giant report can get rather large and hard to read. This is the code I have so far to accomplish this:
if(fileExists('pom.xml')) {
def pom = readMavenPom file: 'pom.xml'
pom.modules.each {
dependencyCheck additionalArguments: "--scan ./${it} --format CSV --out owasp-reports/${it}-dependency-check-report.csv", odcInstallation: "${env.DEPENDENCY_CHECK}"
dependencyCheck additionalArguments: "--scan ./${it} --format JSON --out owasp-reports/${it}-dependency-check-report.json", odcInstallation: "${env.DEPENDENCY_CHECK}"
dependencyCheck additionalArguments: "--scan ./${it} --format HTML --out owasp-reports/${it}-dependency-check-report.html", odcInstallation: "${env.DEPENDENCY_CHECK}"
}
I'm getting files generated with the appropriate names, but no dependencies are scanned. However, this appropriately generates a large report containing all the child modules
dependencyCheck additionalArguments: '--scan ./ --format XML --format JSON --format HTML --format CSV --out owasp-reports', odcInstallation: "${env.DEPENDENCY_CHECK}"
Any suggestions would be appreciated.
For anyone else this may help, this is the solution I came up with:
if(fileExists('pom.xml')) {
def pom = readMavenPom file: 'pom.xml'
pom.modules.each {
dir("${it}"){
sh "mvn org.owasp:dependency-check-maven:aggregate"
sh "mv target/dependency-check-report.html ../owasp-reports/${it}-dependency-check-report.html"
}
}
}
Apparently the problem with using the Jenkins plugin call is that the Jenkins plugin wraps the CLI commands, which don't recognize pom files.
Source: dependecy check could not analyze pom.xml for java