Newer
Older
command: ssh -o StrictHostKeyChecking=no -f -N -L localhost:9390:scans.cloud.infn.it:9390 jenkins@scans.cloud.infn.it
- name: Copy utilities module
copy:
dest: "{{ paas_ci_workdir + '/scan_utilities.py' }}"
- name: Copy gvm_library module
copy:
dest: "{{ paas_ci_workdir + '/scan_gvm_library.py' }}"
- name: Adding execution permission to scan script
file:
- name: Load depdep log
command: cat "{{ paas_ci_workdir + '/dep.json' }}"
register: dep_json
- name: import depdep_log
set_fact:
imported_depdep_log: "{{ dep_json.stdout }}"
- name: Show depdep log
debug:
var: imported_depdep_log
- name: Show paas_ci_test.endpoints_to_scan log
- name: Run scan without endpoints_to_scan variable
command: "{{ paas_ci_workdir + '/scan.py' }} --dep-json {{ paas_ci_workdir + '/dep.json'}} --output-dir {{ paas_ci_workdir }}"
register: scan_output
when: paas_ci_test.endpoints_to_scan is undefined
- name: Run scan with endpoints_to_scan variable
command: "{{ paas_ci_workdir + '/scan.py' }} --endpoint-keys {{ paas_ci_test.endpoints_to_scan }} --dep-json {{ paas_ci_workdir + '/dep.json'}} --output-dir {{ paas_ci_workdir }}"
when: paas_ci_test.endpoints_to_scan is defined
- name: Show scan output
debug:
msg: "{{ scan_output }}"
patterns: '*-report.txt'
shell: cat "{{ paas_ci_workdir + '/summary-report.json' }}"
summary_report_json: "{{ summary_report.stdout | from_json }}"
msg: "{{ lookup('file', item.path) }}"
with_items: "{{ report_files.files }}"
when: summary_report_json.global == 'NOK'
- name: Show scan log if vulnerability detected
block:
- name: Load log
command: cat "{{ paas_ci_workdir + '/scan.log' }}"
register: log
- name: import log
set_fact:
imported_log: "{{ log.stdout }}"
- name: Show log
debug:
var: imported_log
when: summary_report_json.global == 'NOK'
- name: Detailed report summary
debug:
- summary_report_json.global == 'OK'
fail_msg: "SCAN FAILED - deployment: {{ summary_report_json.deployment }}"
success_msg: "SCAN PASSED - deployment: {{ summary_report_json.deployment }}"