Jenkinsfile Build Image Override Not Allowed (SL015)
Flags Jenkinsfile buildServiceProject image overrides and recommends using the default latest build image.
Description
Scans the project’s root Jenkinsfile for buildServiceProject(…) invocations. If an explicit build image override is provided (for example, using the named parameter 'mavenImage'), an ERROR is reported instructing to use the latest default build image and remove the override.
Rationale
Centralizing the build image to the shared library default ensures services always use the latest approved image without per-repo drift.
Findings
-
INFO
-
Jenkinsfile contains buildServiceProject(…) with an explicit build image override (e.g., mavenImage)
-
Noncompliant
Jenkinsfile overriding build image
// Noncompliant Jenkinsfile example: overrides build image
@Library('scanhub') _
library(identifier: 'jenkins-shared-libs@main', retriever: modernSCM([
[$class: 'GitSCMSource',
remote: 'https://coderepo.mobilehealth.va.gov/scm/ckm/jenkins-shared-libs.git',
credentialsId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx']
]))
// Explicitly overriding the build image is not allowed by SL015
buildServiceProject(mavenImage: 'ckm/map-maven-base-image:2.0.4-JDK21-latest')Compliant
Jenkinsfile using default build image
// Compliant Jenkinsfile example: uses default build image from shared library
@Library('scanhub') _
library(identifier: 'jenkins-shared-libs@main', retriever: modernSCM([
[$class: 'GitSCMSource',
remote: 'https://coderepo.mobilehealth.va.gov/scm/ckm/jenkins-shared-libs.git',
credentialsId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx']
]))
// Do not override the build image; rely on the library default
buildServiceProject()