saret/rpc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into changelog_automation

Browse Source
This commit is contained in:
Matt Primrose
2021-07-06 16:20:35 -07:00
committed by GitHub
parent bea1eb22ef dea97dec64
commit d94302543b
2 changed files with 94 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
Jenkinsfile vendored
View File

@@ -1,16 +1,14 @@
pipeline {
agent none
agent {
label 'docker-amt'
}
options {
buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
timestamps()
timeout(unit: 'HOURS', time: 2)
}
stages {
stage ('Parallel') {
parallel {
stage ('Linux') {
agent { label 'docker-amt' }
stages {
stage ('Cloning Repository') {
steps {
@@ -21,41 +19,15 @@ pipeline {
}
}
}
}
}
stage ('Windows') {
agent { label 'openamt-win' }
stages {
stage ('Cloning Repository') {
steps {
script {
scmCheckout {
clean = true
}
}
}
}
}
}
}
}
stage('Static Code Scan - Protex') {
agent { label 'docker-amt' }
environment{
PROJECT_NAME = 'OpenAMT - RPC'
SCANNERS = 'protex'
}
steps {
script {
staticCodeScan {
// generic
scanners = ['protex']
scannerType = ['c','c++']
protexProjectName = 'OpenAMT - RPC'
// internal, do not change
protexBuildName = 'rrs-generic-protex-build'
rbheStaticCodeScan()
}
}
}
}
stage ('Parallel Builds') {
parallel {
stage ('Linux') {
@@ -71,6 +43,7 @@ pipeline {
steps {
sh './scripts/jenkins-pre-build.sh'
sh './scripts/jenkins-build.sh'
stash includes: 'build/rpc', name: 'linux-rpc-app'
}
}
stage ('Archive') {
@@ -78,7 +51,6 @@ pipeline {
archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
}
}
}
}
stage ('Windows') {
@@ -89,7 +61,7 @@ pipeline {
bat 'scripts\\jenkins-pre-build.cmd'
bat 'scripts\\jenkins-build.cmd'
// prepare stash for the binary scan
stash includes: "**/*.exe", name: 'rpc-app'
stash includes: '**/*.exe', name: 'win-rpc-app'
}
}
stage ('Archive') {
@@ -101,70 +73,81 @@ pipeline {
}
}
}
stage ('Parallel Scans') {
parallel {
stage ('Static Code Scan Linux') {
agent { label 'docker-amt' }
stage('Prep Binary') {
steps {
script {
staticCodeScan {
// generic
scanners = ['bdba','klocwork']
scannerType = 'c++'
sh 'mkdir -p ./bin'
dir('./bin') {
unstash 'linux-rpc-app'
unstash 'win-rpc-app'
}
}
}
stage('Linux Scans') {
environment{
PROJECT_NAME = 'OpenAMT - RPC - Linux'
SCANNERS = 'bdba,klocwork'
protecodeGroup = '25'
protecodeScanName = 'rpc-zip'
protecodeDirectory = './build/rpc'
// protecode details
PROTECODE_BIN_DIR = './bin'
PROTECODE_INCLUDE_SUB_DIRS = true
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = './scripts/jenkins-pre-build.sh'
KLOCWORK_BUILD_COMMAND = './scripts/jenkins-build.sh'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts/Klockwork'){
sh 'cp kw_report.html kw_report_linux.html'
sh 'cp kw_report.csv kw_report_linux.csv'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
}
klockworkPreBuildScript = './scripts/jenkins-pre-build.sh'
klockworkBuildCommand = './scripts/jenkins-build.sh'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
}
}
stage ('Static Code Scan Windows') {
stages {
stage ('Static Code Scan Windows - Klockwork') {
stage('Windows Scans'){
agent { label 'openamt-win' }
steps {
script {
staticCodeScan {
// generic
scanners = ['klocwork']
scannerType = 'c++'
stages{
stage ('Windows Scans - klocwork') {
environment {
PROJECT_NAME = 'OpenAMT - RPC - Windows'
SCANNERS = 'klocwork'
klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd'
klockworkBuildCommand = 'scripts\\jenkins-build.cmd'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
}
}
stage ('Static Code Scan Windows - BDBA') {
agent { label 'docker-amt' }
steps {
script {
sh "mkdir -p bdbaScanDir"
dir("bdbaScanDir") {
unstash 'rpc-app'
}
staticCodeScan {
// generic
scanners = ['bdba']
scannerType = 'c++'
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = 'scripts\\jenkins-pre-build.cmd'
KLOCWORK_BUILD_COMMAND = 'scripts\\jenkins-build.cmd'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
protecodeGroup = '25'
protecodeScanName = 'rpc-zip'
protecodeDirectory = 'bdbaScanDir'
}
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts\\Klockwork'){
bat 'copy kw_report.html kw_report_windows.html'
bat 'copy kw_report.csv kw_report_windows.csv'
stash includes: 'kw_report_windows.*', name: 'win-kwreports'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
}
}
}
}
}
stage('Publish Artifacts'){
steps{
dir('artifacts/Klockwork'){
unstash 'win-kwreports'
}
publishArtifacts()
}
}
}

5
SECURITY.md Normal file
View File

@@ -0,0 +1,5 @@
# Security Policy
Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
## Reporting a Vulnerability
Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).