Merge pull request #17 from jenkinsci/CONTRAST-21811

CONTRAST-21811 Jenkins - set a flag in Jenkins to use or disregard Co…

README.md

@@ -7,14 +7,14 @@ Repository for the Contrast Jenkins plugin. This plugin adds the ability to conf
 
 ## Variables
 
-| Parameter                   | Description                                             |
-|-----------------------------|---------------------------------------------------------|
-| Contrast Username         | Username/email for your account in Contrast |
-| Contrast API Key          | API Key found in **Organization Settings**                |
+| Parameter                   | Description                                             | Since |
+|-----------------------------|---------------------------------------------------------|-------|
+| Contrast Username         | Username/email for your account in Contrast | 
+| Contrast API Key          | API Key found in **Organization Settings**                | 
 | Contrast Service Key      | Service Key found in **Organization Settings**             |
 | Contrast URL          | API URL to your Contrast instance <BR> Use *https://app.contrastsecurity.com/Contrast/api* if you're a SaaS customer; all others use the URL of your Contrast UI (e.g., *http://contrastserver:8080/Contrast/api*). |
 | Organization UUID | Organization UUID of the configured user found in **Organization Settings** <BR> You can also copy it from the URL when viewing the home page in Contrast. |
-
+|ignoreContrastFindings | Jenkins boolean build parameter. If set to true, builds will not be failed when Vulnerability Threshold Conditions are not met. | 2.3 |
 ---
 
 ## Workflow

src/main/java/com/aspectsecurity/contrast/contrastjenkins/VulnerabilityTrendRecorder.java

@@ -27,13 +27,7 @@
 import org.kohsuke.stapler.StaplerRequest;
 
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 
 /**
@@ -73,6 +67,8 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, final Build
 
         contrastSDK = VulnerabilityTrendHelper.createSDK(profile.getUsername(), profile.getServiceKey(), profile.getApiKey(), profile.getTeamServerUrl());
 
+        boolean ignoreContrastFindings = Boolean.parseBoolean(build.getBuildVariableResolver().resolve("ignoreContrastFindings"));
+
         String applicationId = getApplicationId(contrastSDK, profile.getOrgUuid(), build.getParent().getDisplayName());
         if (applicationId.equals("")) {
             VulnerabilityTrendHelper.logMessage(listener, "Application with name '" + build.getParent().getDisplayName() + "' not found.");
@@ -107,7 +103,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, final Build
 
             int thresholdCount = condition.getThresholdCount(); // Integer.parseInt(condition.getThresholdCount());
 
-            if (traces.getCount() > thresholdCount) {
+            if (traces.getCount() > thresholdCount && !ignoreContrastFindings) {
                 // save results before failing build
                 buildResult(resultTraces, build);
 
@@ -256,7 +252,7 @@ private String getApplicationId(ContrastSDK sdk, String organizationUuid, String
             return "";
         }
 
-        for(Application application: applications.getApplications()) {
+        for (Application application : applications.getApplications()) {
             if (applicationName.equals(application.getName())) {
                 return application.getId();
             }