sap-jenkins-library/documentation/docs/steps/protecodeExecuteScan.md

# ${docGenStepName}

## ${docGenDescription}

## Prerequisites

1. Create a Username / Password credential with the Protecode user in your Jenkins credential store
1. Lookup your Group ID using REST API via `curl -u <username> "https://<protecode host>/api/groups/"`.

If the image is on a protected registry you can provide a Docker `config.json` file containing the credential information for the registry.
You can create it like explained in the Docker Success Center in the article about [how to generate a new auth in the config.json file](https://success.docker.com/article/generate-new-auth-in-config-json-file).

## ${docGenParameters}

### Details

* The Protecode scan step is able to send a file addressed via parameter `filePath` to the backend for scanning it for known vulnerabilities.
* Alternatively an HTTP URL can be specified via `fetchUrl`. Protecode will then download the artifact from there and scan it.
* To support docker image scanning please provide `scanImage` with a docker like URL poiting to the image tag within the docker registry being used.
* To receive the result it polls until the job completes.
* Once the job has completed a PDF report is pulled from the backend and archived in the build
* Finally the scan result is being analysed for critical findings with a CVSS v3 score >= 7.0 and if such findings are detected the build is failed based on the configuration setting `failOnSevereVulnerabilities`.
* During the analysis all CVEs which are triaged are ignored and will not provoke the build to fail.

## ${docGenConfiguration}
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`# ${docGenStepName}`

			`## ${docGenDescription}`

			`## Prerequisites`
docs: remove outdates prerequisites from Protecode step (#1905) * remove outdates prerequisites * fix code climate issue 2020-08-11 11:31:40 +02:00
			`1. Create a Username / Password credential with the Protecode user in your Jenkins credential store`
			1. Lookup your Group ID using REST API via `curl -u <username> "https://<protecode host>/api/groups/"`.
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
refactor(protecode): add explicit parameter for Docker config.json file (#1914) * add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources 2020-08-12 14:57:11 +02:00			If the image is on a protected registry you can provide a Docker `config.json` file containing the credential information for the registry.
			`You can create it like explained in the Docker Success Center in the article about [how to generate a new auth in the config.json file](https://success.docker.com/article/generate-new-auth-in-config-json-file).`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			`## ${docGenParameters}`

docs: remove colon from headlines (#1896) 2020-08-07 22:10:43 +02:00			`### Details`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			* The Protecode scan step is able to send a file addressed via parameter `filePath` to the backend for scanning it for known vulnerabilities.
			* Alternatively an HTTP URL can be specified via `fetchUrl`. Protecode will then download the artifact from there and scan it.
refactor(protecode): add explicit parameter for Docker config.json file (#1914) * add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources 2020-08-12 14:57:11 +02:00			* To support docker image scanning please provide `scanImage` with a docker like URL poiting to the image tag within the docker registry being used.
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`* To receive the result it polls until the job completes.`
			`* Once the job has completed a PDF report is pulled from the backend and archived in the build`
refactor(protecode): add explicit parameter for Docker config.json file (#1914) * add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources 2020-08-12 14:57:11 +02:00			* Finally the scan result is being analysed for critical findings with a CVSS v3 score >= 7.0 and if such findings are detected the build is failed based on the configuration setting `failOnSevereVulnerabilities`.
			`* During the analysis all CVEs which are triaged are ignored and will not provoke the build to fail.`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			`## ${docGenConfiguration}`