changed build process and include dotnet restore before trivy scan

2026-05-11 21:07:18 +02:00
parent 47ea86224a
commit 89410a8b07
30 changed files with 28 additions and 17 deletions
--- a/12
+++ b/12
@@ -45,17 +45,25 @@ pipeline {
 				// Führt den Build-Befehl im spezialisierten Container aus
 				container('dotnet8') {
 					sh 'dotnet --version' // Zur Bestätigung der Version
-					sh 'dotnet build'
+
+					sh 'dotnet build --configuration Release'   // optimierter Build Prozess ohne Debug und ungenutzt Pfade
 				}
 			}	
 		}

        stage('Security: Trivy Scan') {
            steps {
+                // Wiederherstellen der project.assets.json in obj/ für Trivy zum finden der transtiven Abhängigkeiten
+                container('dotnet8') {
+                    sh 'dotnet restore' 
+                }
+
                container('trivy') {
                    // Wir erstellen ein Verzeichnis für den Report
                    sh 'mkdir -p reports'
                    
+                    // Wichtig: trivy ersetzt -> dotnet list package --vulnerable --include-transitive
+
                    // Der Befehl erzeugt die HTML-Datei
                    // --format template: Nutzt ein Layout
                    // --template "@/contrib/html.tpl": Das Standard-Trivy-Layout
@@ -118,6 +126,8 @@ pipeline {
            }
        }

+
+
        stage('Security: Trivy Image Scan') {
            when {
                branch 'master'
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/MyHelloWorld.Tests.deps.json
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/MyHelloWorld.Tests.deps.json
@@ -10,6 +10,7 @@
        "dependencies": {
          "JunitXml.TestLogger": "8.0.0",
          "Microsoft.NET.Test.Sdk": "17.8.0",
+          "Newtonsoft.Json": "13.0.3",
          "SecDevOpsLab": "1.0.0",
          "coverlet.collector": "6.0.0",
          "xunit": "2.5.3",
@@ -140,7 +141,7 @@
      "Microsoft.TestPlatform.TestHost/17.8.0": {
        "dependencies": {
          "Microsoft.TestPlatform.ObjectModel": "17.8.0",
-          "Newtonsoft.Json": "13.0.1"
+          "Newtonsoft.Json": "13.0.3"
        },
        "runtime": {
          "lib/netcoreapp3.1/Microsoft.TestPlatform.CommunicationUtilities.dll": {
@@ -339,11 +340,11 @@
          "System.Xml.XDocument": "4.3.0"
        }
      },
-      "Newtonsoft.Json/13.0.1": {
+      "Newtonsoft.Json/13.0.3": {
        "runtime": {
-          "lib/netstandard2.0/Newtonsoft.Json.dll": {
+          "lib/net6.0/Newtonsoft.Json.dll": {
            "assemblyVersion": "13.0.0.0",
-            "fileVersion": "13.0.1.25517"
+            "fileVersion": "13.0.3.27908"
          }
        }
      },
@@ -1109,12 +1110,12 @@
      "path": "netstandard.library/1.6.1",
      "hashPath": "netstandard.library.1.6.1.nupkg.sha512"
    },
-    "Newtonsoft.Json/13.0.1": {
+    "Newtonsoft.Json/13.0.3": {
      "type": "package",
      "serviceable": true,
-      "sha512": "sha512-ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A==",
-      "path": "newtonsoft.json/13.0.1",
-      "hashPath": "newtonsoft.json.13.0.1.nupkg.sha512"
+      "sha512": "sha512-HrC5BXdl00IP9zeV+0Z848QWPAoCr9P3bDEZguI+gkLcBKAOxix/tLEAAHC+UvDNPv4a2d18lOReHMOagPa+zQ==",
+      "path": "newtonsoft.json/13.0.3",
+      "hashPath": "newtonsoft.json.13.0.3.nupkg.sha512"
    },
    "NuGet.Frameworks/6.5.0": {
      "type": "package",
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/MyHelloWorld.Tests.dll
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/MyHelloWorld.Tests.dll
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/MyHelloWorld.Tests.pdb
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/MyHelloWorld.Tests.pdb
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/Newtonsoft.Json.dll
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/Newtonsoft.Json.dll
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/SecDevOpsLab.dll
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/SecDevOpsLab.dll
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/SecDevOpsLab.exe
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/SecDevOpsLab.exe
--- a/MyHelloWorld.Tests/bin/Debug/net8.0/SecDevOpsLab.pdb
+++ b/MyHelloWorld.Tests/bin/Debug/net8.0/SecDevOpsLab.pdb
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.AssemblyInfo.cs
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.AssemblyInfo.cs
@@ -13,7 +13,7 @@ using System.Reflection;
 [assembly: System.Reflection.AssemblyCompanyAttribute("MyHelloWorld.Tests")]
 [assembly: System.Reflection.AssemblyConfigurationAttribute("Debug")]
 [assembly: System.Reflection.AssemblyFileVersionAttribute("1.0.0.0")]
-[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0+2a2cda83516ce65663761989b33a809969a5a453")]
+[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0+47ea86224afdcca89c69895ee50e86576822c790")]
 [assembly: System.Reflection.AssemblyProductAttribute("MyHelloWorld.Tests")]
 [assembly: System.Reflection.AssemblyTitleAttribute("MyHelloWorld.Tests")]
 [assembly: System.Reflection.AssemblyVersionAttribute("1.0.0.0")]
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.AssemblyInfoInputs.cache
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.AssemblyInfoInputs.cache
@@ -1 +1 @@
-848ea101e6b9dce5b48f1bd51dc9674bd80f476562e7a438fd7f5aafc5724865
+cf62497c726616d92aa32f6c0bca226de923d9d8477e812572c01323b4d305c5
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.csproj.AssemblyReference.cache
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.csproj.AssemblyReference.cache
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.csproj.CoreCompileInputs.cache
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.csproj.CoreCompileInputs.cache
@@ -1 +1 @@
-c5b18054f385823d2be37ebb0a1a6d0f531e14ffe9ac1374b0c8862827dbd306
+57cb4b9676f210c113acd3e711bdbd2aed56e014f9740547715fbec00148c8d5
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.dll
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.dll
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.genruntimeconfig.cache
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.genruntimeconfig.cache
@@ -1 +1 @@
-663fefc1a27a2bfb43fa913207cd1c4487b91b6320189bfb2cd6d51a2154885f
+26463ae7c847c9643dd32d4ee2707e884d6df2af1738d0d5c4e1bc249ec75629
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.pdb
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/MyHelloWorld.Tests.pdb
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/ref/MyHelloWorld.Tests.dll
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/ref/MyHelloWorld.Tests.dll
--- a/MyHelloWorld.Tests/obj/Debug/net8.0/refint/MyHelloWorld.Tests.dll
+++ b/MyHelloWorld.Tests/obj/Debug/net8.0/refint/MyHelloWorld.Tests.dll
--- a/MyHelloWorld/bin/Debug/net8.0/SecDevOpsLab.dll
+++ b/MyHelloWorld/bin/Debug/net8.0/SecDevOpsLab.dll
--- a/MyHelloWorld/bin/Debug/net8.0/SecDevOpsLab.exe
+++ b/MyHelloWorld/bin/Debug/net8.0/SecDevOpsLab.exe
--- a/MyHelloWorld/bin/Debug/net8.0/SecDevOpsLab.pdb
+++ b/MyHelloWorld/bin/Debug/net8.0/SecDevOpsLab.pdb
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.AssemblyInfo.cs
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.AssemblyInfo.cs
@@ -13,7 +13,7 @@ using System.Reflection;
 [assembly: System.Reflection.AssemblyCompanyAttribute("SecDevOpsLab")]
 [assembly: System.Reflection.AssemblyConfigurationAttribute("Debug")]
 [assembly: System.Reflection.AssemblyFileVersionAttribute("1.0.0.0")]
-[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0+848e51c5555bb6073abd5ea3c0d9542490da8a0b")]
+[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0+47ea86224afdcca89c69895ee50e86576822c790")]
 [assembly: System.Reflection.AssemblyProductAttribute("SecDevOpsLab")]
 [assembly: System.Reflection.AssemblyTitleAttribute("SecDevOpsLab")]
 [assembly: System.Reflection.AssemblyVersionAttribute("1.0.0.0")]
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.AssemblyInfoInputs.cache
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.AssemblyInfoInputs.cache
@@ -1 +1 @@
-140b48efb50b7894d1dcb0441e1dc7dd9676a8d37094d9287d21002bea60c215
+0263a9496fc94fde1179073b83b16a639ba1fa4b7ab3c21cbde0cfecf80daecc
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.GeneratedMSBuildEditorConfig.editorconfig
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.GeneratedMSBuildEditorConfig.editorconfig
@@ -8,6 +8,6 @@ build_property.PlatformNeutralAssembly =
 build_property.EnforceExtendedAnalyzerRules = 
 build_property._SupportedPlatformList = Linux,macOS,Windows
 build_property.RootNamespace = SecDevOpsLab
-build_property.ProjectDir = c:\Users\HermanH\SecDevOpsLab\MyHelloWorld\
+build_property.ProjectDir = C:\Users\HermanH\SecDevOpsLab\MyHelloWorld\
 build_property.EnableComHosting = 
 build_property.EnableGeneratedComInterfaceComImportInterop = 
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.assets.cache
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.assets.cache
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.dll
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.dll
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.genruntimeconfig.cache
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.genruntimeconfig.cache
@@ -1 +1 @@
-926145697d59c66226a21e736a827372d54ed4f75715c3db1a65b25131637a48
+125282d0cf117b8c3b0068b0868f8969c375dd98b549c1b4f80bf79c1f9cca80
--- a/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.pdb
+++ b/MyHelloWorld/obj/Debug/net8.0/SecDevOpsLab.pdb
--- a/MyHelloWorld/obj/Debug/net8.0/apphost.exe
+++ b/MyHelloWorld/obj/Debug/net8.0/apphost.exe
--- a/MyHelloWorld/obj/Debug/net8.0/ref/SecDevOpsLab.dll
+++ b/MyHelloWorld/obj/Debug/net8.0/ref/SecDevOpsLab.dll
--- a/MyHelloWorld/obj/Debug/net8.0/refint/SecDevOpsLab.dll
+++ b/MyHelloWorld/obj/Debug/net8.0/refint/SecDevOpsLab.dll