Jenkins Plugin

Introduction

The Jenkins plugin allows you to perform code scans, with the results available to view in Jenkins interface format. From Jenkins, you can trigger instances using the standard Jenkins Build Steps to produce the analysis. When the scan is complete, the Jenkins plugin will detect the Quality Clouds scan and facilitate a link to the dashboard.

The following information below provides instructions to get started and use the Quality Clouds Jenkins plugin.

Key Features

The Quality Clouds Jenkins plugin is able to:

  • Integrate with a Jenkins build pipeline
  • Receive all its configuration parameters from the Jenkins UI: These are the parameters required to use the API - i.e. the OAuth parameters
  • Run a Quality Clouds Scan via the API: Note: Running the scan in the "Issues only" mode can significantly reduce the scan time
  • Integration with issue tracking system (Jira / Team Foundation Server / ...): A potentially desirable feature of the plugin would be to automatically create issues on an issue tracking system (ITS)

Creating a Jenkins Project for use with Quality Clouds

View the following steps to proceed with the creation of a Jenkins Project with Quality Clouds:

  1. Jenkins needs to be installed
  2. Create a freestyle project
  3. Add build step QCScan
  4. Input parameter are as below: 
    • String "Instance URL" : ServiceNow/Salesforce instance URL to scan
    • String "API Token" : customer token
    • Integer "Issues Count Threshold" : Maximum issues count to have a success build
    • Integer "Technical Debt Threshold"  : Maximum technical dept count to have a success build
    • Integer "QualityCloud Threshold" : Minimum QC to have a success build
    • Integer "High Severity Issues Threshold" : Maximum High Severity issues count to have a success build

Recommendations

  • It isn't recommended to run an issues-only scan from a local file which points to a GIT checkout directory. This would be like an on-premise installation, and it would be impossible to look at the results of the previous scan to decide whether to pass or break the build
  • Avoid creating duplicated issues after completing two consecutive scans by following one of these two options:
    • The plugin would need to query the ITS to see if an issue already exists with the same primary key
    • The plugin (or the API) would need to return a list of NEW issues. This is a useful feature in itself
  • Notify yourself whether the build should pass or break, depending on the results of the Quality Clouds Scan
    • It is not realistic to expect that a scan will return no issues. Therefore there are a number of options:
      • Pass the build as long as the scan's completion is successful. It is not the most useful option, as it just guarantees that a scan runs, which you can do with our scheduling
      • Pass the build if the number of issues has not increased since the last successful scan. 

Jenkins Plugin Development Resources


Official Jenkins documentation for plugin development: https://jenkins.io/doc/developer/


Jenkins plugin page: https://plugins.jenkins.io/

What's here