sephiroth-j
commented
3 months ago Not within the plugin and there are no plans to do so. Once #130 is implemented, you can define a policy in Dependency Track that should cover your needs.
Closed ankursharma180 closed 2 months ago
sephiroth-j
commented
3 months ago Not within the plugin and there are no plans to do so. Once #130 is implemented, you can define a policy in Dependency Track that should cover your needs.
Is your feature request related to a problem? Please describe.
I have a scenario, where I need to fail my Jenkins build on a particular critical finding, let's say I have 5 Critical Finding and I need to break my Jenkins build on just 1 critical issue. The reason is that, in dependencyTrackPublisher stage, we have the option to define values like failedNewCritical etc, but that works on number of critical, medium, total issue etc, I am in a need to break build, if one of the critical issue let's say old version of log4j still getting used and it is one of the critical issue.
Describe the solution you'd like
If we can also pass some other config which matches the below vulnerability data and we can break the build.
Note: The reason is that, if we set the build failure on numeric value of newCritical, medumCritical etc, than those builds will start failing and we don't want that for now, instead, we need something where, we can just stop jenkins build, if a matching issue is found, and this matching can be passed as config in Jenkins dependencyTrackPublisher stage, similar to/along with numeric values passed as shown below
May be, I can specify if failedTotalCritical: 1 and listOfFindingFailedTotalCritical = [{name="log4j", version=["1.2.14","1.2.17"]},{name="snakeyaml", version=["1.17"]} if this is matched, than Jenkins build should stop execution, it should pass otherwise (even though I have other critical issues)
Additional context
I may be wrong, if this solution already exists, please suggest. I check the code though, I couldn't find any trace of my requirement.