add and modify files for Jenkins Update Center publishing

- Updated plugin metadata and configuration for compatibility with Jenkins Update Center
- Added required files for publishing workflow
- Adjusted existing files to align with update center requirements

Author: Susenthiran28

README.md

@@ -1,28 +1,185 @@
-# .
+# Vigilnz Security Plugin
 
-## Introduction
+[![Jenkins Plugin](https://img.shields.io/jenkins/plugin/v/vigilnz-security.svg)](https://plugins.jenkins.io/vigilnz-security)
+[![Jenkins Plugin Installs](https://img.shields.io/jenkins/plugin/i/vigilnz-security.svg?color=blue)](https://plugins.jenkins.io/vigilnz-security)
 
-TODO Describe what your plugin does here
+Vigilnz Security Plugin integrates comprehensive security scanning capabilities into Jenkins CI/CD pipelines. Run CVE, SAST, SBOM, and other security scans as part of your build process.
 
-## Getting started
+## Features
 
-TODO Tell users how to configure your plugin here, include screenshots, pipeline examples and 
-configuration-as-code examples.
+- 🔒 **Multiple Scan Types**: Support for CVE, SAST, SBOM, and more
+- 🔐 **Secure Credential Management**: Store and manage Vigilnz API tokens securely
+- 🚀 **Freestyle & Pipeline Support**: Works with both traditional and modern Jenkins jobs
+- 📊 **Detailed Results**: View scan results directly in the Jenkins build sidebar
+- ⚙️ **Flexible Configuration**: Select which scan types to run per build
+- 🔄 **Token Management**: Automatic token refresh and caching
 
-## Issues
+## Requirements
 
-TODO Decide where you're going to host your issues, the default is Jenkins JIRA, but you can also enable GitHub issues,
-If you use GitHub issues there's no need for this section; else add the following line:
+- Jenkins 2.516.3 or later
+- Java 17 or later
+- Vigilnz API access (API key required)
 
-Report issues and enhancements in the [Jenkins issue tracker](https://issues.jenkins.io/).
+## Installation
+
+### From Jenkins Update Center
+
+1. Go to **Manage Jenkins** → **Manage Plugins**
+2. Search for "Vigilnz Security"
+3. Click **Install without restart** or **Download now and install after restart**
+
+### Manual Installation
+
+1. Download the latest `.hpi` file from [GitHub Releases](https://github.com/your-org/vigilnz-security-plugin/releases)
+2. Go to **Manage Jenkins** → **Manage Plugins** → **Advanced**
+3. Upload the `.hpi` file under **Upload Plugin**
+4. Restart Jenkins
+
+## Getting Started
+
+### 1. Configure Vigilnz Credentials
+
+1. Go to **Manage Jenkins** → **Manage Credentials**
+2. Click **Add Credentials**
+3. Select **Vigilnz Security Token** from the kind dropdown
+4. Enter:
+   - **Token**: Your Vigilnz API key
+   - **ID**: Unique identifier (optional, auto-generated if not provided)
+   - **Description**: Description for this credential
+5. Click **OK**
+
+### 2. Use in Freestyle Job
+
+1. Create a new Freestyle project or edit an existing one
+2. In **Build Steps**, click **Add build step** → **Invoke Vigilnz Security Task**
+3. Configure:
+   - **Token**: Select your Vigilnz credential
+   - **Target File**: (Optional) File or path to scan
+   - **Scan Types**: Select at least one scan type (CVE, SAST, SBOM)
+4. Save and run the build
+
+### 3. Use in Pipeline
+
+```groovy
+pipeline {
+    agent any
+
+    stages {
+        stage('Security Scan') {
+            steps {
+                vigilnzScan(
+                    token: 'my-vigilnz-token',
+                    scanTypes: ['cve', 'sast', 'sbom']
+                )
+            }
+        }
+    }
+}
+```
+
+## Configuration
+
+### Environment Variables
+
+You can configure API endpoints using environment variables or system properties:
+
+- `VIGILNZ_AUTH_URL` or `-Dvigilnz.auth.url`: Authentication API URL (default: `http://localhost:1337/auth/api-key`)
+- `VIGILNZ_SCAN_URL` or `-Dvigilnz.scan.url`: Multi-scan API URL (default: `http://localhost:8000/scan-targets/multi-scan`)
+
+### Scan Types
+
+- **CVE**: Common Vulnerabilities and Exposures scan
+- **SAST**: Static Application Security Testing
+- **SBOM**: Software Bill of Materials
+
+## Viewing Results
+
+After a build completes:
+
+1. **Sidebar Summary**: View a quick summary in the build page sidebar
+2. **Full Details**: Click "View Details →" in the sidebar to see complete scan results
+3. **Console Output**: Check the build console for detailed scan logs
+
+## Pipeline Examples
+
+### Basic Usage
+
+```groovy
+vigilnzScan(
+    token: 'my-vigilnz-token',
+    scanTypes: ['cve']
+)
+```
+
+### Multiple Scan Types
+
+```groovy
+vigilnzScan(
+    token: 'my-vigilnz-token',
+    scanTypes: ['cve', 'sast', 'sbom']
+)
+```
+
+### With Credentials Binding
+
+```groovy
+pipeline {
+    agent any
+
+    stages {
+        stage('Security Scan') {
+            steps {
+                withCredentials([string(credentialsId: 'vigilnz-token', variable: 'VIGILNZ_TOKEN')]) {
+                    vigilnzScan(
+                        token: 'vigilnz-token',
+                        scanTypes: ['cve', 'sast']
+                    )
+                }
+            }
+        }
+    }
+}
+```
+
+## Troubleshooting
+
+### Authentication Failed
+
+- Verify your API key is correct
+- Check that the authentication URL is accessible
+- Ensure the token has not expired
+
+### Scan Types Not Selected
+
+- At least one scan type must be selected
+- Check the checkbox selections in the build configuration
+
+### No Results in Sidebar
+
+- Ensure the build completed successfully
+- Check the build console for any errors
+- Verify the API response was successful
+
+## Support
+
+- **Issues**: Report issues on [GitHub Issues](https://github.com/your-org/vigilnz-security-plugin/issues)
+- **Documentation**: [Plugin Wiki](https://github.com/your-org/vigilnz-security-plugin/wiki)
+- **Email**: [email protected]
 
 ## Contributing
 
-TODO review the default [CONTRIBUTING](https://github.com/jenkinsci/.github/blob/master/CONTRIBUTING.md) file and make sure it is appropriate for your plugin, if not then add your own one adapted from the base file
+Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## Changelog
 
-Refer to our [contribution guidelines](https://github.com/jenkinsci/.github/blob/master/CONTRIBUTING.md)
+### Version 1.0
 
-## LICENSE
+- Initial release
+- Support for CVE, SAST, SBOM scan types
+- Freestyle and Pipeline job support
+- Secure credential management
+- Build sidebar results display
 
-Licensed under MIT, see [LICENSE](LICENSE.md)
+## License
 
+Licensed under MIT License. See [LICENSE](LICENSE.md) for details.

pom.xml

@@ -17,7 +17,8 @@
 
     <!--  Plugin Name  -->
     <name>Vigilnz Security</name>
-    <url>https://dev.vigilnz.com/</url>
+    <description>Vigilnz Security Plugin integrates security scanning capabilities into Jenkins. Run CVE, SAST, SBOM, and other security scans as part of your CI/CD pipeline.</description>
+    <url>https://github.com/${gitHubRepo}</url>
     <licenses>
         <license>
             <name>MIT License</name>
@@ -31,6 +32,14 @@
         <tag>${scmTag}</tag>
         <url>https://github.com/${gitHubRepo}</url>
     </scm>
+    
+    <developers>
+        <developer>
+            <id>vigilnz</id>
+            <name>Vigilnz Team</name>
+            <email>[email protected]</email>
+        </developer>
+    </developers>
 
     <properties>
         <revision>1.0</revision>
@@ -43,7 +52,7 @@
         <spotless.check.skip>false</spotless.check.skip>
         <ban-junit4-imports.skip>false</ban-junit4-imports.skip>
         <hpi.strictBundledArtifacts>true</hpi.strictBundledArtifacts>
-        <hpi.bundledArtifacts>gson,json</hpi.bundledArtifacts>
+        <hpi.bundledArtifacts>jackson-annotations,jackson-core,jackson-databind</hpi.bundledArtifacts>
     </properties>
 
     <dependencyManagement>
@@ -104,15 +113,9 @@
         </dependency>
 
         <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.8.9</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.json</groupId>
-            <artifactId>json</artifactId>
-            <version>20231013</version>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.20.1</version>
         </dependency>
 
     </dependencies>

src/main/java/io/jenkins/plugins/ApiService.java

@@ -2,6 +2,7 @@
 
 import hudson.EnvVars;
 import hudson.model.TaskListener;
+import io.jenkins.plugins.models.AuthResponse;
 import net.sf.json.JSONObject;
 
 import java.io.BufferedReader;
@@ -126,9 +127,12 @@ public static String triggerScan(String token, String targetFile, List<String> s
             JSONObject json = new JSONObject();
             // Send scan types as array
             json.put("scanTypes", scanTypes);
-            json.put("project", targetFile);
             json.put("gitRepoUrl", repoUrl);
-            if (targetFile != null) json.put("targetFile", targetFile);
+            // Optional fields
+            if (targetFile != null && !targetFile.trim().isEmpty()) {
+                json.put("project", targetFile);
+                json.put("targetFile", targetFile);
+            }
 
             String body = json.toString();
 
@@ -158,35 +162,4 @@ public static String triggerScan(String token, String targetFile, List<String> s
         }
     }
 
-    /** Authentication response model  */
-    public static class AuthResponse {
-        private String accessToken;
-        private String refreshToken;
-        private long expiresIn;
-        private String tokenType;
-
-        public AuthResponse(String accessToken, String refreshToken, long expiresIn, String tokenType) {
-            this.accessToken = accessToken;
-            this.refreshToken = refreshToken;
-            this.expiresIn = expiresIn;
-            this.tokenType = tokenType;
-        }
-
-        public String getAccessToken() {
-            return accessToken;
-        }
-
-        public String getRefreshToken() {
-            return refreshToken;
-        }
-
-        public long getExpiresIn() {
-            return expiresIn;
-        }
-
-        public String getTokenType() {
-            return tokenType;
-        }
-    }
-
 }

src/main/java/io/jenkins/plugins/PipelineStep.java

@@ -8,23 +8,28 @@
 import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
 import org.jenkinsci.plugins.workflow.steps.StepExecution;
 import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
 
 import java.util.List;
 import java.util.Set;
 
 public class PipelineStep extends Step {
 
     private final String token;
-    private final String targetFile;
     private final List<String> scanTypes;
+    private String targetFile;  // Optional parameter
 
     @DataBoundConstructor
-    public PipelineStep(String token, String targetFile, List<String> scanTypes) {
+    public PipelineStep(String token, List<String> scanTypes) {
         this.token = token;
-        this.targetFile = targetFile;
         this.scanTypes = scanTypes != null ? scanTypes : List.of();
     }
 
+    @DataBoundSetter
+    public void setTargetFile(String targetFile) {
+        this.targetFile = targetFile;
+    }
+
     public String getToken() {
         return token;
     }

src/main/java/io/jenkins/plugins/PipelineStepExecution.java

@@ -106,11 +106,14 @@ public boolean start() throws Exception {
             listener.getLogger().println("Selected Scan Types: " + String.join(", ", scanTypes));
             String result = ApiService.triggerScan(token, step.getTargetFile(), scanTypes, env, listener);
 
+            run.addAction(new ScanResultAction(result));
+
             if (result == null || result.isEmpty()) {
                 listener.error("Scan failed");
                 getContext().onFailure(new AbortException("Scan failed"));
                 return false;
             }
+
         } else {
             listener.getLogger().println("No Vigilnz Token credential found");
             getContext().onFailure(new AbortException("No Vigilnz Token credential found"));

src/main/java/io/jenkins/plugins/ScanResultAction.java

@@ -1,23 +1,26 @@
 package io.jenkins.plugins;
 
-import com.google.gson.Gson;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import hudson.model.Action;
 import io.jenkins.plugins.models.ApiResponse;
 
 public class ScanResultAction implements Action {
     private final ApiResponse response;
 
-    public ScanResultAction(String scanSummary) {
+    public ScanResultAction(String scanSummary) throws JsonProcessingException {
 
         // Convert JSON string to ApiResponse
-        Gson gson = new Gson();
-        ApiResponse apiResponse = gson.fromJson(scanSummary, ApiResponse.class);
+        ObjectMapper mapper = new ObjectMapper();
+        ApiResponse apiResponse;
+        apiResponse = mapper.readValue(scanSummary, ApiResponse.class);
         this.response = apiResponse;
     }
 
     @Override
     public String getIconFileName() {
-        return "clipboard.png"; // or a custom icon
+//        return "clipboard.png"; // or a custom icon
+        return "symbol-reader-outline plugin-ionicons-api"; // or a custom icon
     }
 
     @Override