forked from lftraining-lfs262/secops
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
30 lines (27 loc) · 1.03 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
pipeline {
agent any
stages {
stage('Daily Compliance Run') {
steps{
echo 'Running a compliance scan with inspec....'
script{
def remote = [:]
remote.name = "controlnode"
remote.host = "<VM-external-IP>"
remote.allowAnyHosts = true
withCredentials([sshUserPrivateKey(credentialsId: 'sshUser', keyFileVariable: 'identity', passphraseVariable: '', usernameVariable: 'userName')]) {
remote.user = userName
remote.identityFile = identity
stage("Enforce with Ansible") {
sshCommand remote: remote, sudo: true, command: 'cd /root/secops/ansible && git pull origin'
sshCommand remote: remote, sudo: true, command: 'cd /root/secops/ansible && ansible-playbook compliance.yaml'
}
stage("Scan with InSpec") {
sshCommand remote: remote, sudo: true, command: 'inspec exec --no-distinct-exit /root/linux-baseline/'
}
}
}
}
}
}
}