Add BlackDuck scan

Author: Vitaly Korolev

Jenkinsfile

@@ -149,7 +149,8 @@ void imageScan() {
     sh '''rm -f dep-image-scan.txt'''
 
     // trigger BlackDuck scan
-    def imageList = readFile(file: 'helm_image.list').trim()
+    def rawImageList = readFile(file: 'helm_image.list').trim()
+    def imageList = rawImageList.endsWith(',') ? rawImageList[0..-2] : rawImageList
     build job: 'securityscans/Blackduck/cloud/kubernetes-helm', wait: false, parameters: [ string(name: 'branch', value: "${env.BRANCH_NAME}"), string(name: 'CONTAINER_IMAGES', value: "${imageList}") ]
 }
 

makefile

@@ -233,12 +233,11 @@ upgrade-test: prepare
 .PHONY: image-scan
 image-scan:
 
+	@rm -f helm_image.list dep-image-scan.txt
 	@echo "=====Scan dependent Docker images in charts/values.yaml" $(if $(saveOutput), | tee -a dep-image-scan.txt,)
 	@for depImage in $(shell grep -E "^\s*\bimage:\s+(.*)" charts/values.yaml | sed 's/image: //g' | sed 's/"//g'); do\
 		echo -n "$${depImage}," >> helm_image.list ; \
 		echo "= $${depImage}:" $(if $(saveOutput), | tee -a dep-image-scan.txt,) ; \
 		docker run --rm -v /var/run/docker.sock:/var/run/docker.sock anchore/grype:latest --output json $${depImage} | jq -r '[(.matches[] | [.artifact.name, .artifact.version, .vulnerability.id, .vulnerability.severity])] | .[] | @tsv' | sort -k4 | column -t $(if $(saveOutput), | tee -a dep-image-scan.txt,);\
 		echo $(if $(saveOutput), | tee -a dep-image-scan.txt,) ;\
 	done
-	@sed -i 's/,$//' helm_image.list
-