sap-jenkins-library/resources/metadata/malwareExecuteScan.yaml

metadata:
  name: malwareExecuteScan
  description: Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).
  longDescription: |
    Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).
spec:
  inputs:
    secrets:
      - name: malwareScanCredentialsId
        description: Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.
        type: jenkins
    params:
      - name: buildTool
        type: string
        description: "Defines the tool which is used for building the artifact."
        mandatory: true
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        resourceRef:
          - name: commonPipelineEnvironment
            param: buildTool
      - name: dockerConfigJSON
        type: string
        description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        resourceRef:
          - name: commonPipelineEnvironment
            param: custom/dockerConfigJSON
          - name: dockerConfigJsonCredentialsId
            type: secret
          - type: vaultSecretFile
            name: dockerConfigFileVaultSecretName
            default: docker-config
      - name: containerRegistryPassword
        description: "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment."
        type: string
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        resourceRef:
          - name: commonPipelineEnvironment
            param: container/repositoryPassword
          - name: commonPipelineEnvironment
            param: custom/repositoryPassword
      - name: containerRegistryUser
        description: "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment."
        type: string
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        resourceRef:
          - name: commonPipelineEnvironment
            param: container/repositoryUsername
          - name: commonPipelineEnvironment
            param: custom/repositoryUsername
      - name: host
        type: string
        description: "malware scanning host."
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        mandatory: true
      - name: username
        type: string
        description: "User"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        mandatory: true
        secret: true
        resourceRef:
          - name: malwareScanCredentialsId
            type: secret
            param: username
          - name: malwareScanUsernameVaultSecretName
            type: vaultSecret
            default: malware-scan
      - name: password
        type: string
        description: "Password"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        mandatory: true
        secret: true
        resourceRef:
          - name: malwareScanCredentialsId
            type: secret
            param: password
          - name: malwareScanPasswordVaultSecretName
            type: vaultSecret
            default: malware-scan
      - name: scanImage
        type: string
        description: "For `buildTool: docker`: Defines the docker image which should be scanned."
        resourceRef:
          - name: commonPipelineEnvironment
            param: container/imageNameTag
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: scanImageRegistryUrl
        type: string
        description: "For `buildTool: docker`: Defines the registry where the scanImage is located."
        resourceRef:
          - name: commonPipelineEnvironment
            param: container/registryUrl
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: scanFile
        aliases:
          - name: file
            deprecated: true
        type: string
        description: "The file which is scanned for malware"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: timeout
        type: string
        description: "timeout for http layer in seconds"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        mandatory: false
        default: 600
      - name: reportFileName
        type: string
        description: The file name of the report to be created
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: malwarescan_report.json
  outputs:
    resources:
      - name: reports
        type: reports
        params:
          - filePattern: "**/toolrun_malwarescan_*.json"
            type: malwarescan
          - paramRef: reportFileName
            type: malwarescan
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`metadata:`
			`name: malwareExecuteScan`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`description: Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`longDescription: \|`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`spec:`
			`inputs:`
Malware scan metadata update (#1483) 2020-05-06 08:52:26 +02:00			`secrets:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: malwareScanCredentialsId`
Add / update Jenkins credential descriptions (#2058) 2020-09-23 13:22:51 +02:00			`description: Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`type: jenkins`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`params:`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`- name: buildTool`
			`type: string`
			`description: "Defines the tool which is used for building the artifact."`
			`mandatory: true`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: buildTool`
			`- name: dockerConfigJSON`
			`type: string`
			description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`secret: true`
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: custom/dockerConfigJSON`
			`- name: dockerConfigJsonCredentialsId`
			`type: secret`
			`- type: vaultSecretFile`
			`name: dockerConfigFileVaultSecretName`
			`default: docker-config`
			`- name: containerRegistryPassword`
			description: "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment."
			`type: string`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`secret: true`
			`resourceRef:`
feat: support cpe credentials for multiple repos (#3641) 2022-03-17 09:01:00 +02:00			`- name: commonPipelineEnvironment`
			`param: container/repositoryPassword`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`- name: commonPipelineEnvironment`
			`param: custom/repositoryPassword`
			`- name: containerRegistryUser`
			description: "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment."
			`type: string`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`secret: true`
			`resourceRef:`
feat: support cpe credentials for multiple repos (#3641) 2022-03-17 09:01:00 +02:00			`- name: commonPipelineEnvironment`
			`param: container/repositoryUsername`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`- name: commonPipelineEnvironment`
			`param: custom/repositoryUsername`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`- name: host`
			`type: string`
			`description: "malware scanning host."`
			`scope:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`mandatory: true`
Malware scan metadata update (#1483) 2020-05-06 08:52:26 +02:00			`- name: username`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`type: string`
			`description: "User"`
			`scope:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`mandatory: true`
Malware scan metadata update (#1483) 2020-05-06 08:52:26 +02:00			`secret: true`
docs: link credentialIDs to parameter (#1961) 2020-08-28 15:38:15 +02:00			`resourceRef:`
			`- name: malwareScanCredentialsId`
			`type: secret`
			`param: username`
feat(malwareExecuteScan): support for vault (#3346) Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2021-12-13 12:58:33 +02:00			`- name: malwareScanUsernameVaultSecretName`
			`type: vaultSecret`
			`default: malware-scan`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`- name: password`
			`type: string`
			`description: "Password"`
			`scope:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`mandatory: true`
Malware scan metadata update (#1483) 2020-05-06 08:52:26 +02:00			`secret: true`
docs: link credentialIDs to parameter (#1961) 2020-08-28 15:38:15 +02:00			`resourceRef:`
			`- name: malwareScanCredentialsId`
			`type: secret`
			`param: password`
feat(malwareExecuteScan): support for vault (#3346) Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2021-12-13 12:58:33 +02:00			`- name: malwareScanPasswordVaultSecretName`
			`type: vaultSecret`
			`default: malware-scan`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`- name: scanImage`
			`type: string`
			description: "For `buildTool: docker`: Defines the docker image which should be scanned."
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: container/imageNameTag`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: scanImageRegistryUrl`
			`type: string`
			description: "For `buildTool: docker`: Defines the registry where the scanImage is located."
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: container/registryUrl`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: scanFile`
			`aliases:`
			`- name: file`
			`deprecated: true`
Provide tooling for malware scanning (#1329) Tooling for malwareScanning. Co-authored-by: Stengel <r.stengel@sap.com> 2020-04-23 09:12:10 +02:00			`type: string`
			`description: "The file which is scanned for malware"`
			`scope:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
Timeout for malwarescan (#1623) Provide a timeout parameters to malwarescan step. This is forwarded to the piper http layer. The default used there is 10 seconds with is not useable for that use case for larger files. 2020-06-03 11:08:34 +02:00			`- name: timeout`
			`type: string`
			`description: "timeout for http layer in seconds"`
			`scope:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
Timeout for malwarescan (#1623) Provide a timeout parameters to malwarescan step. This is forwarded to the piper http layer. The default used there is 10 seconds with is not useable for that use case for larger files. 2020-06-03 11:08:34 +02:00			`mandatory: false`
			`default: 600`
feat(malwareExecuteScan): refactoring and docker support (#3421) * feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter 2022-01-24 10:48:01 +02:00			`- name: reportFileName`
			`type: string`
			`description: The file name of the report to be created`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: malwarescan_report.json`
			`outputs:`
			`resources:`
			`- name: reports`
			`type: reports`
			`params:`
			`- filePattern: "*/toolrun_malwarescan_.json"`
			`type: malwarescan`
			`- paramRef: reportFileName`
			`type: malwarescan`