Merge pull request #6 from Vigilnz/api_integration

Api integration

Author: Susenthiran28

README.md

@@ -1,28 +1,185 @@
-# .
+# Vigilnz Security Plugin
 
-## Introduction
+[![Jenkins Plugin](https://img.shields.io/jenkins/plugin/v/vigilnz-security.svg)](https://plugins.jenkins.io/vigilnz-security)
+[![Jenkins Plugin Installs](https://img.shields.io/jenkins/plugin/i/vigilnz-security.svg?color=blue)](https://plugins.jenkins.io/vigilnz-security)
 
-TODO Describe what your plugin does here
+Vigilnz Security Plugin integrates comprehensive security scanning capabilities into Jenkins CI/CD pipelines. Run CVE, SAST, SBOM, and other security scans as part of your build process.
 
-## Getting started
+## Features
 
-TODO Tell users how to configure your plugin here, include screenshots, pipeline examples and 
-configuration-as-code examples.
+- 🔒 **Multiple Scan Types**: Support for CVE, SAST, SBOM, and more
+- 🔐 **Secure Credential Management**: Store and manage Vigilnz API tokens securely
+- 🚀 **Freestyle & Pipeline Support**: Works with both traditional and modern Jenkins jobs
+- 📊 **Detailed Results**: View scan results directly in the Jenkins build sidebar
+- ⚙️ **Flexible Configuration**: Select which scan types to run per build
+- 🔄 **Token Management**: Automatic token refresh and caching
 
-## Issues
+## Requirements
 
-TODO Decide where you're going to host your issues, the default is Jenkins JIRA, but you can also enable GitHub issues,
-If you use GitHub issues there's no need for this section; else add the following line:
+- Jenkins 2.516.3 or later
+- Java 17 or later
+- Vigilnz API access (API key required)
 
-Report issues and enhancements in the [Jenkins issue tracker](https://issues.jenkins.io/).
+## Installation
+
+### From Jenkins Update Center
+
+1. Go to **Manage Jenkins** → **Manage Plugins**
+2. Search for "Vigilnz Security"
+3. Click **Install without restart** or **Download now and install after restart**
+
+### Manual Installation
+
+1. Download the latest `.hpi` file from [GitHub Releases](https://github.com/your-org/vigilnz-security-plugin/releases)
+2. Go to **Manage Jenkins** → **Manage Plugins** → **Advanced**
+3. Upload the `.hpi` file under **Upload Plugin**
+4. Restart Jenkins
+
+## Getting Started
+
+### 1. Configure Vigilnz Credentials
+
+1. Go to **Manage Jenkins** → **Manage Credentials**
+2. Click **Add Credentials**
+3. Select **Vigilnz Security Token** from the kind dropdown
+4. Enter:
+   - **Token**: Your Vigilnz API key
+   - **ID**: Unique identifier (optional, auto-generated if not provided)
+   - **Description**: Description for this credential
+5. Click **OK**
+
+### 2. Use in Freestyle Job
+
+1. Create a new Freestyle project or edit an existing one
+2. In **Build Steps**, click **Add build step** → **Invoke Vigilnz Security Task**
+3. Configure:
+   - **Token**: Select your Vigilnz credential
+   - **Target File**: (Optional) File or path to scan
+   - **Scan Types**: Select at least one scan type (CVE, SAST, SBOM)
+4. Save and run the build
+
+### 3. Use in Pipeline
+
+```groovy
+pipeline {
+    agent any
+
+    stages {
+        stage('Security Scan') {
+            steps {
+                vigilnzScan(
+                    token: 'my-vigilnz-token',
+                    scanTypes: ['cve', 'sast', 'sbom']
+                )
+            }
+        }
+    }
+}
+```
+
+## Configuration
+
+### Environment Variables
+
+You can configure API endpoints using environment variables or system properties:
+
+- `VIGILNZ_AUTH_URL` or `-Dvigilnz.auth.url`: Authentication API URL (default: `http://localhost:1337/auth/api-key`)
+- `VIGILNZ_SCAN_URL` or `-Dvigilnz.scan.url`: Multi-scan API URL (default: `http://localhost:8000/scan-targets/multi-scan`)
+
+### Scan Types
+
+- **CVE**: Common Vulnerabilities and Exposures scan
+- **SAST**: Static Application Security Testing
+- **SBOM**: Software Bill of Materials
+
+## Viewing Results
+
+After a build completes:
+
+1. **Sidebar Summary**: View a quick summary in the build page sidebar
+2. **Full Details**: Click "View Details →" in the sidebar to see complete scan results
+3. **Console Output**: Check the build console for detailed scan logs
+
+## Pipeline Examples
+
+### Basic Usage
+
+```groovy
+vigilnzScan(
+    token: 'my-vigilnz-token',
+    scanTypes: ['cve']
+)
+```
+
+### Multiple Scan Types
+
+```groovy
+vigilnzScan(
+    token: 'my-vigilnz-token',
+    scanTypes: ['cve', 'sast', 'sbom']
+)
+```
+
+### With Credentials Binding
+
+```groovy
+pipeline {
+    agent any
+
+    stages {
+        stage('Security Scan') {
+            steps {
+                withCredentials([string(credentialsId: 'vigilnz-token', variable: 'VIGILNZ_TOKEN')]) {
+                    vigilnzScan(
+                        token: 'vigilnz-token',
+                        scanTypes: ['cve', 'sast']
+                    )
+                }
+            }
+        }
+    }
+}
+```
+
+## Troubleshooting
+
+### Authentication Failed
+
+- Verify your API key is correct
+- Check that the authentication URL is accessible
+- Ensure the token has not expired
+
+### Scan Types Not Selected
+
+- At least one scan type must be selected
+- Check the checkbox selections in the build configuration
+
+### No Results in Sidebar
+
+- Ensure the build completed successfully
+- Check the build console for any errors
+- Verify the API response was successful
+
+## Support
+
+- **Issues**: Report issues on [GitHub Issues](https://github.com/your-org/vigilnz-security-plugin/issues)
+- **Documentation**: [Plugin Wiki](https://github.com/your-org/vigilnz-security-plugin/wiki)
+- **Email**: [email protected]
 
 ## Contributing
 
-TODO review the default [CONTRIBUTING](https://github.com/jenkinsci/.github/blob/master/CONTRIBUTING.md) file and make sure it is appropriate for your plugin, if not then add your own one adapted from the base file
+Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## Changelog
 
-Refer to our [contribution guidelines](https://github.com/jenkinsci/.github/blob/master/CONTRIBUTING.md)
+### Version 1.0
 
-## LICENSE
+- Initial release
+- Support for CVE, SAST, SBOM scan types
+- Freestyle and Pipeline job support
+- Secure credential management
+- Build sidebar results display
 
-Licensed under MIT, see [LICENSE](LICENSE.md)
+## License
 
+Licensed under MIT License. See [LICENSE](LICENSE.md) for details.

pom.xml

@@ -17,7 +17,8 @@
 
     <!--  Plugin Name  -->
     <name>Vigilnz Security</name>
-    <url>https://dev.vigilnz.com/</url>
+    <description>Vigilnz Security Plugin integrates security scanning capabilities into Jenkins. Run CVE, SAST, SBOM, and other security scans as part of your CI/CD pipeline.</description>
+    <url>https://github.com/${gitHubRepo}</url>
     <licenses>
         <license>
             <name>MIT License</name>
@@ -31,10 +32,18 @@
         <tag>${scmTag}</tag>
         <url>https://github.com/${gitHubRepo}</url>
     </scm>
+    
+    <developers>
+        <developer>
+            <id>vigilnz</id>
+            <name>Vigilnz Team</name>
+            <email>[email protected]</email>
+        </developer>
+    </developers>
 
     <properties>
         <revision>1.0</revision>
-        <changelist>-SNAPSHOT</changelist>
+        <changelist></changelist>
         <!-- https://www.jenkins.io/doc/developer/plugin-development/choosing-jenkins-baseline/ -->
         <jenkins.baseline>2.516</jenkins.baseline>
         <jenkins.version>${jenkins.baseline}.3</jenkins.version>
@@ -43,6 +52,7 @@
         <spotless.check.skip>false</spotless.check.skip>
         <ban-junit4-imports.skip>false</ban-junit4-imports.skip>
         <hpi.strictBundledArtifacts>true</hpi.strictBundledArtifacts>
+        <hpi.bundledArtifacts>jackson-annotations,jackson-core,jackson-databind</hpi.bundledArtifacts>
     </properties>
 
     <dependencyManagement>
@@ -101,6 +111,13 @@
             <version>1.3.2</version>
             <scope>provided</scope>
         </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.20.1</version>
+        </dependency>
+
     </dependencies>
 
     <repositories>