2020-02-06 17:16:34 +02:00
import com.sap.piper.JenkinsUtils
2020-05-05 15:21:59 +02:00
import com.sap.piper.MapUtils
2020-02-06 17:16:34 +02:00
import com.sap.piper.PiperGoUtils
import com.sap.piper.Utils
import groovy.transform.Field
import static com . sap . piper . Prerequisites . checkScript
@Field String STEP_NAME = getClass ( ) . getName ( )
@Field String METADATA_FILE = 'metadata/protecode.yaml'
/ * *
* Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries . It can be used to scan docker images but is supports many other programming languages especially those of the C family . You can find more details on its capabilities in the [ OS3 - Open Source Software Security JAM ] ( https: //jam4.sapjam.com/groups/XgeUs0CXItfeWyuI4k7lM3/overview_page/aoAsA0k4TbezGFyOkhsXFs). For getting access to Protecode please visit the [guide](https://go.sap.corp/protecode).
* /
void call ( Map parameters = [ : ] ) {
handlePipelineStepErrors ( stepName: STEP_NAME , stepParameters: parameters , failOnError: true ) {
def script = checkScript ( this , parameters ) ? : this
def utils = parameters . juStabUtils ? : new Utils ( )
2020-05-05 15:21:59 +02:00
parameters . juStabUtils = null
2020-02-06 17:16:34 +02:00
def jenkinsUtils = parameters . jenkinsUtilsStub ? : new JenkinsUtils ( )
2020-05-05 15:21:59 +02:00
parameters . jenkinsUtilsStub = null
2020-02-06 17:16:34 +02:00
new PiperGoUtils ( this , utils ) . unstashPiperBin ( )
utils . unstash ( 'pipelineConfigAndTests' )
2020-05-05 15:21:59 +02:00
writeFile ( file: ".pipeline/tmp/${METADATA_FILE}" , text: libraryResource ( METADATA_FILE ) )
2020-02-06 17:16:34 +02:00
withEnv ( [
2020-05-05 15:21:59 +02:00
"PIPER_parametersJSON=${getParametersJSON(parameters)}" ,
2020-02-06 17:16:34 +02:00
] ) {
// get context configuration
2020-05-05 15:21:59 +02:00
Map config = readJSON ( text: sh ( returnStdout: true , script: "./piper getConfig --contextConfig --stepMetadata '.pipeline/tmp/${METADATA_FILE}'" ) )
2020-02-06 17:16:34 +02:00
def creds = [ ]
2020-05-04 16:50:17 +02:00
if ( config . protecodeCredentialsId ) creds . add ( usernamePassword ( credentialsId: config . protecodeCredentialsId , passwordVariable: 'PIPER_password' , usernameVariable: 'PIPER_username' ) )
2020-05-06 16:07:10 +02:00
if ( config . dockerCredentialsId ) creds . add ( file ( credentialsId: config . dockerCredentialsId , variable: 'DOCKER_CONFIG' ) )
2020-02-06 17:16:34 +02:00
// execute step
withCredentials ( creds ) {
2020-05-06 16:07:10 +02:00
sh "./piper protecodeExecuteScan"
2020-02-06 17:16:34 +02:00
}
def json = readJSON ( file: "protecodescan_vulns.json" )
def report = readJSON ( file: 'protecodeExecuteScan.json' )
archiveArtifacts artifacts: report [ 'target' ] , allowEmptyArchive: ! report [ 'mandatory' ]
archiveArtifacts artifacts: "protecodeExecuteScan.json" , allowEmptyArchive: false
archiveArtifacts artifacts: "protecodescan_vulns.json" , allowEmptyArchive: false
jenkinsUtils . removeJobSideBarLinks ( "artifact/${report['target']}" )
jenkinsUtils . addJobSideBarLink ( "artifact/${report['target']}" , "Protecode Report" , "images/24x24/graph.png" )
jenkinsUtils . addRunSideBarLink ( "artifact/${report['target']}" , "Protecode Report" , "images/24x24/graph.png" )
jenkinsUtils . addRunSideBarLink ( "${report['protecodeServerUrl']}/products/${report['productID']}/" , "Protecode WebUI" , "images/24x24/graph.png" )
}
}
}
2020-05-05 15:21:59 +02:00
String getParametersJSON ( Map parameters = [ : ] ) {
Map stepParameters = [ : ] . plus ( parameters )
// Remove script parameter etc.
stepParameters . remove ( 'script' )
stepParameters . remove ( 'juStabUtils' )
stepParameters . remove ( 'jenkinsUtilsStub' )
// When converting to JSON and back again, entries which had a 'null' value will now have a value
// of type 'net.sf.json.JSONNull', for which the Groovy Truth resolves to 'true' in for example if-conditions
stepParameters = MapUtils . pruneNulls ( stepParameters )
return groovy . json . JsonOutput . toJson ( stepParameters )
}
