Jenkins
Integrate netbobr firewall rule analysis into Jenkins pipelines. Jenkins supports SARIF import via the Warnings Next Generation plugin and provides granular exit code handling through scripted pipeline blocks.
Declarative Pipeline
A minimal Jenkinsfile stage that fails on high or critical findings:
pipeline {
agent any
tools {
nodejs 'Node-20'
}
stages {
stage('Firewall Analysis') {
steps {
sh 'npx @netbobr/cli analyze firewall-rules.json --fail-on high'
}
}
}
}Jenkins fails the stage when the shell command returns a non-zero exit code. The --fail-on high threshold means medium findings pass while high or critical findings fail the build.
Node.js tool prerequisite
nodejs 'Node-20' tool reference requires the NodeJS Plugin with a Node.js 20 installation named "Node-20" configured in Manage Jenkins > Tools.With SARIF Report
Import findings into Jenkins using the Warnings Next Generation plugin:
pipeline {
agent any
tools {
nodejs 'Node-20'
}
stages {
stage('Firewall Analysis') {
steps {
sh 'npx @netbobr/cli analyze firewall-rules.json --output sarif > results.sarif || true'
recordIssues tool: sarif(pattern: 'results.sarif')
}
}
}
}The || true ensures the SARIF file is written even when findings cause a non-zero exit code. The Warnings Next Generation Plugin imports the SARIF report and displays findings in the build results.
With PDF Artifact
Generate a PDF compliance report and archive it as a build artifact:
pipeline {
agent any
tools {
nodejs 'Node-20'
}
stages {
stage('Firewall Analysis') {
steps {
sh 'npx @netbobr/cli analyze rules.json --output pdf --output-file report.pdf'
archiveArtifacts artifacts: 'report.pdf'
}
}
}
}The PDF report is downloadable from the build page under Build Artifacts.
Custom Exit Code Handling
Use a scripted block for granular control over how different severity levels affect the build:
pipeline {
agent any
tools {
nodejs 'Node-20'
}
stages {
stage('Firewall Analysis') {
steps {
script {
def exitCode = sh(
script: 'npx @netbobr/cli analyze rules.json --quiet',
returnStatus: true
)
if (exitCode >= 2) {
error "High or Critical severity findings detected (exit code: ${exitCode})"
} else if (exitCode == 1) {
unstable "Medium severity findings detected"
}
}
}
}
}
}This marks the build as UNSTABLE for medium findings (exit code 1) and FAILED for high or critical findings (exit code 2 or 3). Clean results (exit code 0) pass normally.
With Configuration
Load custom rules, zones, and risk score weights from a browser-exported session:
sh 'npx @netbobr/cli analyze rules.json --config netbobr-config.json --fail-on medium'Exit Code Reference
| Exit Code | Severity | Meaning |
|---|---|---|
| 0 | Low / None | All flows are low risk or clean |
| 1 | Medium | At least one medium-severity finding |
| 2 | High | At least one high-severity finding |
| 3 | Critical | At least one critical-severity finding |
Use --fail-on <severity> to set the threshold. Severities below the threshold are treated as passing (exit code 0).