MLE-22024: Add BlackDuck scan for latest images #359
Conversation
rwinieski
requested review from
Copilot and
vitalykorolev
and removed request for
Copilot
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull Request Overview
Adds a new option to trigger BlackDuck scans against all “latest” MarkLogic Docker images from DockerHub, with scheduling support.
- Extended
scanWithBlackDuckto accept ascanTypeparameter (currentorlatest) and fetch tags viacurl/jq. - Introduced
SCAN_LATEST_IMAGESboolean parameter and a dedicated pipeline stage for manual or scheduled “latest” scans. - Updated
parameterizedCronto run weekly scans of all latest images on Mondays at 1 AM.
Comments suppressed due to low confidence (2)
Jenkinsfile:591
- There are no tests verifying the new 'latest' scan path; consider adding unit or integration tests for
scanWithBlackDuck('latest')to ensure tag parsing and job triggering behave as expected.
when {
Jenkinsfile:484
- [nitpick] While the parameter description is clear, consider updating the top-level pipeline comments or README to explain the new SCAN_LATEST_IMAGES flag and its scheduled usage for maintainers.
booleanParam(name: 'SCAN_LATEST_IMAGES', defaultValue: false, description: 'Scan all latest standard MarkLogic Docker images from DockerHub with BlackDuck')
| // Use only the standard MarkLogic Docker images | ||
| def allImages = dockerHubImages | ||
|
|
||
| // Filter out empty lines and create comma-separated list | ||
| def imageList = allImages.split('\n').findAll { it.trim() != '' }.join(',') |
There was a problem hiding this comment.
The variable 'allImages' simply aliases 'dockerHubImages'; consider removing this redundant assignment and using 'dockerHubImages' directly to reduce indirection.
| // Use only the standard MarkLogic Docker images | |
| def allImages = dockerHubImages | |
| // Filter out empty lines and create comma-separated list | |
| def imageList = allImages.split('\n').findAll { it.trim() != '' }.join(',') | |
| // Filter out empty lines and create comma-separated list | |
| def imageList = dockerHubImages.split('\n').findAll { it.trim() != '' }.join(',') |
Copilot uses AI. Check for mistakes.
| curl -s "https://hub.docker.com/v2/repositories/marklogic/marklogic-server/tags?page_size=100" | \ | ||
| jq -r '.results[] | select(.name | startswith("latest-")) | "marklogic/marklogic-server:" + .name' |
There was a problem hiding this comment.
Limiting 'page_size=100' may miss tags if the repository grows beyond 100; consider implementing pagination to ensure all 'latest-*' tags are retrieved.
| curl -s "https://hub.docker.com/v2/repositories/marklogic/marklogic-server/tags?page_size=100" | \ | |
| jq -r '.results[] | select(.name | startswith("latest-")) | "marklogic/marklogic-server:" + .name' | |
| page=1 | |
| all_tags="" | |
| while true; do | |
| response=$(curl -s "https://hub.docker.com/v2/repositories/marklogic/marklogic-server/tags?page_size=100&page=$page") | |
| tags=$(echo "$response" | jq -r '.results[] | select(.name | startswith("latest-")) | "marklogic/marklogic-server:" + .name') | |
| if [ -z "$tags" ]; then | |
| break | |
| fi | |
| all_tags="$all_tags\n$tags" | |
| page=$((page + 1)) | |
| done | |
| echo -e "$all_tags" | sed '/^$/d' |
Copilot uses AI. Check for mistakes.
| } | ||
| } | ||
| steps { | ||
| scanWithBlackDuck() | ||
| } | ||
| } | ||
|
|
||
| // Stage: Scan all latest standard MarkLogic images from DockerHub | ||
| stage('Scan-Latest-Docker-Images') { |
There was a problem hiding this comment.
[nitpick] This stage can be triggered on any branch when SCAN_LATEST_IMAGES=true; consider adding a branch filter (e.g., only on 'develop') to avoid unintended scans on feature or release branches.
Copilot uses AI. Check for mistakes.
Description
Checklist:
Owner:
JIRA_ID as part of branch/PR name
Rebase the branch with upstream
Squashed all commits into a single commit
Added Tests
Reviewer:
Reviewed Tests
Added to Release Wiki/Jira