SecurityUniversalOrg · bkaiserinfosec · Mar 9, 2024 · Dec 30, 2023 · Dec 30, 2023 · Dec 30, 2023
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -51,7 +51,7 @@ pipeline {
         stage('Unit Testing') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins:latest'
+                    image 'securityuniversal/jenkins-python-agent:latest'
                 }
             }
             when {
@@ -75,7 +75,7 @@ pipeline {
         stage('Secret Scanning') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins-secret-agent:latest'
+                    image 'securityuniversal/jenkins-sectesting-agent:latest'
                 }
             }
             when {
@@ -99,7 +99,7 @@ pipeline {
         stage('Software Composition Analysis') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins:latest'
+                    image 'securityuniversal/jenkins-sectesting-agent:latest'
                 }
             }
             when {
@@ -127,7 +127,7 @@ pipeline {
         stage('Static Application Security Testing') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins:latest'
+                    image 'securityuniversal/jenkins-sectesting-agent:latest'
                 }
             }
             when {
@@ -155,7 +155,7 @@ pipeline {
         stage('Infrastructure-as-Code Security Testing') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins-iac-agent:latest'
+                    image 'securityuniversal/jenkins-sectesting-agent:latest'
                     args '--group-add 999'
                 }
             }
@@ -199,7 +199,8 @@ pipeline {
                 jslStageWrapper('Build Docker Service') {
                     script {
                         jslBuildDocker([
-                            'serviceName': env.appName
+                            'serviceName': env.appName,
+                            'dockerReg': 'secunicontainerregistry.azurecr.io'
                         ])
                     }
                 }
@@ -209,7 +210,7 @@ pipeline {
         stage('Docker Container Scanning') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins-iac-agent:latest'
+                    image 'securityuniversal/jenkins-sectesting-agent:latest'
                     args '--group-add 999'
                 }
             }
@@ -230,7 +231,7 @@ pipeline {
                         def stageConfig = jslReadYamlConfig('containerScan')
                         def containerName = stageConfig?.containerName
                         def containerTag = stageConfig?.containerTag
-                        jslContainerSecurityScanning(containerName, containerTag)
+                        jslContainerSecurityScanning(containerName, containerTag, 'secunicontainerregistry.azurecr.io')
                     }
                 }
             }
@@ -293,6 +294,12 @@ pipeline {
 
         ////////// Quality Gate //////////
         stage("Quality Gate - Security") {
+            agent {
+                docker {
+                    image 'securityuniversal/jenkins-sectesting-agent:latest'
+                    args '--group-add 999'
+                }
+            }
             when {
                  expression {
                     def config = jslReadYamlConfig('securityQualityGate')
@@ -326,7 +333,7 @@ pipeline {
                     // Condition for a Test-* branch
                     expression {
                         // Split the branch name by '/' and check if the last segment starts with 'Test-'
-                        env.BRANCH_NAME.split('/').last().startsWith('staging')
+                        env.BRANCH_NAME.split('/').last().startsWith('staging') || env.BRANCH_NAME.split('/').last().startsWith('Prod')
                     }
                 }
             }
@@ -342,6 +349,8 @@ pipeline {
                             'secretsSetStrings': stageConfig?.secretsSetStrings,
                             'serviceCredentials': stageConfig?.serviceCredentials,
                             'serviceSetStrings': stageConfig?.serviceSetStrings,
+                            'dockerReg': 'secunicontainerregistry.azurecr.io',
+                            'imgPullSecret': 'acrCreds'
                         ])
 
                     }

@@ -83,7 +83,7 @@ volumes:
     claimName: su-webapp-pv-claim
 
 ingress:
-  enabled: true
+  enabled: false
 
 serviceAccount:
   # Specifies whether a service account should be created

diff --git a/pipeline-config.yaml b/pipeline-config.yaml
@@ -12,7 +12,7 @@ stages:
     enabled: false
     branches: []
   secretScanning:
-    enabled: true
+    enabled: false
     branches:
       - release
   sca:
@@ -29,7 +29,7 @@ stages:
     codeLanguages:
       - Python
   iac:
-    enabled: true
+    enabled: false
     branches:
       - release
   buildDocker:
@@ -75,14 +75,14 @@ stages:
       azure.azTenantId: 'azTenantId'
     serviceCredentials: {}
     serviceSetStrings:
-      app.env: test
-      app.extUrl: "192.168.0.150"
+      app.env: prod
+      app.extUrl: "secusphere.securityuniversal.com"
       app.db.prodDbUriRef: "PROD-DB-URI"
       app.smtp.host: "smtp.sendgrid.net:587"
       app.smtp.user: apikey
       app.smtp.adminEmail: "admin@securityuniversal.com"
-      app.smtp.passwordRef: "SENDGRID-SMTP-PW"
-      app.az.keyVaultName: "BkDevSecOpsKeyVault"
+      app.smtp.passwordRef: "SMTP-PW"
+      app.az.keyVaultName: "ss-keyvault"
   post:
     enabled: true
     branches:

@@ -2,7 +2,7 @@
 import requests
 from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
     LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
-    AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER
+    AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, JENKINS_ENABLED
 from flask import Flask
 from flask_bootstrap import Bootstrap
 from flask_login import LoginManager
@@ -448,4 +448,5 @@ def get_jenkins_data():
 
 # Call the Jobs Here #
 train_model_every_six_hours()
-get_jenkins_data_every_hour()
+if JENKINS_ENABLED == 'yes':
+    get_jenkins_data_every_hour()
@@ -132,7 +132,7 @@ def update_vulnerabilities_status(app_cmdb_id, scan_id, req_raw):
 def add_vulns_background_process(req_raw):
     now = datetime.datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")
     app_name = req_raw['appName']
-    git_url = req_raw['giturl']
+    git_url = req_raw['gitUrl']
     git_branch = req_raw['branch']
     findings = req_raw['findings']
     scan_type = req_raw['scanType']