CCD-6390 :: Add nightly pipeline stage

Jenkinsfile_nightly

@@ -45,4 +45,100 @@ withNightlyPipeline(type, product, component) {
     afterAlways('fortify-scan') {
         steps.archiveArtifacts allowEmptyArchive: true, artifacts: '**/Fortify Scan/**/*'
     }
+
+    afterAlways('fortify-scan') {
+
+        stage('Suppress and Send Slack Notification') {
+
+            def slackNotificationChannel = '#nightly_cve_suppressions'
+            def branch = env.BRANCH_NAME
+
+            sh './gradlew suppressCves'
+            sh 'cat dependency-check-suppressions.xml'
+
+            // Store the list of changed files
+            def changedFiles = ''
+
+            // Store the changes in the suppression file
+            def changes = ''
+
+            script {
+                // Stage all modified tracked files
+                sh 'git add -u'
+
+                changedFiles = sh(
+                    script: 'git diff --cached --name-only',
+                    returnStdout: true
+                ).trim().split("\n").findAll { it?.trim() } as List
+
+                if (changedFiles.size() == 1 && changedFiles[0] == 'dependency-check-suppressions.xml') {
+                    echo "✅ Only suppression file changed. Proceeding..."
+
+                    // Verify it includes CVE-related changes
+                    changes = sh(
+                        script: "git diff --cached dependency-check-suppressions.xml | grep '+' | grep '<cve>'",
+                        returnStdout: true
+                    ).trim()
+
+                    if (changes) {
+                        echo "✅ CVE-related changes found in suppression file."
+                    } else {
+                        echo "⚠️ No CVE-related changes detected."
+                    }
+
+                } else {
+                    echo "✅ Suppression file not changed — marking step as successfull"
+                }
+            }
+
+            if (changes) {
+
+                // Clean and format CVE lines
+                def simplifiedChanges = changes
+                    .readLines()
+                    .collect { it.replaceFirst(/\+/, '').trim() }                // Remove leading '+'
+                    .collect { it.replaceAll(/<\/?[^>]+>/, '') }                 // Strip XML/HTML tags
+                //.collect { it.replace('[Ticket]', '<https://yourtracker.example/TICKET-ID|Ticket>') } // Optional link
+                    .join('\n')
+
+                def message = """
+                                📦 *CVE Suppression File Updated*
+
+                                *Detected CVE changes (Please create Jira backlog ticket):*
+
+                                ${simplifiedChanges}
+
+                                *Build Info:*
+                                • *Job*: ${env.JOB_NAME}
+                                • *Build*: #${env.BUILD_NUMBER}
+                                • *URL*: ${env.BUILD_URL}
+                               """.stripIndent().trim()
+
+                slackSend(
+                    channel: slackNotificationChannel,
+                    color: '#439FE0',
+                    message: message
+                )
+
+                echo "Staged files: ${changedFiles}"
+                echo "Changes: ${changes}"
+
+                echo "Commiting changes into branch ${branch}"
+                sh 'git commit -m "Suppressing CVE - Actions"'
+                echo "Pushing changes"
+
+                def credentialsId = env.GIT_CREDENTIALS_ID
+
+                withCredentials([
+                    gitUsernamePassword(credentialsId: credentialsId, gitToolName: 'Default')
+                ]) {
+                    sh """
+                        git push origin HEAD:${branch}
+                    """
+                }
+            } else {
+                echo "✅ Suppression file not changed — skipping Slack notification"
+            }
+        }
+    }
 }