Provide example of how to use AuditJS in Jenkins Pipeline, etc... in README

[DarthHater]

In our README provide an example of how to use auditjs in Jenkins or other similar on prem solutions for others to copy pasta and have fun with!

[vinishakurapati]

Hi! Is there any update on this one? Currently facing an issue with auditjs step to integrate in a jenkins build, Able to run it on cli but is no results even though nexus plugin is used?

[bhamail]

@vinishakurapati Thanks for asking!

Here's an approach I have used in a CI build. Perhaps you could try it out, and let us know if it works for you? Even better, create a PR with an update to the README.md! :)

npx auditjs@latest ossi --xml

If you want to capture the output to a file, see below:

mkdir reports
npx auditjs@latest ossi --xml > reports/dependency-results.xml

If you want to run against Sonatype Lifecycle (IQ) instead of OSSI:

npx auditjs@latest iq -a app_id_in_iq_server -s build -u $IQ_USERNAME -p $IQ_PASSWORD -h https://iq_server_url/

[vinishakurapati]

@bhamail Thanks for responding. I did use " npx auditjs@latest iq -a app_id_in_iq_server -s build -u $IQ_USERNAME -p $IQ_PASSWORD -h https://iq_server_url/' " and it works but my question here if the result produced by the command is something that can be scanned with the Nexus plugin used in jenkins where it needs to directly send the results to the Server after the build steps are done in jenkins. so how do i incorporate this command through jenkins

[bhamail]

The command I gave is basically just like any other shell command in a Jenkins build: if the CLI command fails, the build will fail.

As far as getting pretty results integrated into the Jenkins report, I'm not sure. The stdout from the command will be captured, and include warnings/results, but it is not a "separate" report or anything like that.

Not sure how that Nexus plugin is related here - the Nexus plugin is a separate tool entirely, and I don't know of a way to integrate these two. (Sorry if I'm missing the point).

[vinishakurapati]

Let me put it this way, so when this command is run like a shell command in jenkins build it gives report in the build console output like in the first attached image, but usually because of nexus plugin integrated, whenever build is run it usually it should display a view link option alongside a smaller display of number of violations in build information

[vinishakurapati]

@bhamail hope this gives you a clear idea of what I'm referring to

[bhamail]

@vinishakurapati What you are describing is basically a Jenkins plugin. You could probably write a Jenkins plugin that would include the output of auditjs. I don't know how to do that. Might be worth following up on a Jenkins list.