Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
metadata :
2020-08-31 16:10:28 +02:00
name : whitesourceExecuteScan
description : BETA
longDescription : |-
BETA
With this step [WhiteSource](https://www.whitesourcesoftware.com) security and license compliance scans can be executed and assessed.
WhiteSource is a Software as a Service offering based on a so called unified agent that locally determines the dependency
tree of a node.js, Java, Python, Ruby, or Scala based solution and sends it to the WhiteSource server for a policy based license compliance
check and additional Free and Open Source Software Publicly Known Vulnerabilities detection.
!!! note "Docker Images"
The underlying Docker images are public and specific to the solution's programming language(s) and therefore may have to be exchanged
to fit to and support the relevant scenario. The default Python environment used is i.e. Python 3 based.
!!! warn "Restrictions"
Currently the step does contain hardened scan configurations for `scanType` `'pip'` and `'go'`. Other environments are still being elaborated,
so please thoroughly check your results and do not take them for granted by default.
Also not all environments have been thoroughly tested already therefore you might need to tweak around with the default containers used or
create your own ones to adequately support your scenario. To do so please modify `dockerImage` and `dockerWorkspace` parameters.
The step expects an environment containing the programming language related compiler/interpreter as well as the related build tool. For a list
of the supported build tools per environment please refer to the [WhiteSource Unified Agent Documentation](https://whitesource.atlassian.net/wiki/spaces/WD/pages/33718339/Unified+Agent).
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
spec :
inputs :
2020-09-23 13:22:51 +02:00
secrets :
- name : userTokenCredentialsId
2020-11-02 09:51:58 +02:00
aliases :
- name : whitesourceUserTokenCredentialsId
2020-09-23 13:22:51 +02:00
description : Jenkins 'Secret text' credentials ID containing Whitesource user token.
type : jenkins
- name : orgAdminUserTokenCredentialsId
2020-11-02 09:51:58 +02:00
aliases :
- name : whitesourceOrgAdminUserTokenCredentialsId
2020-09-23 13:22:51 +02:00
description : Jenkins 'Secret text' credentials ID containing Whitesource org admin token.
type : jenkins
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
params :
2020-09-18 11:54:45 +02:00
- name : buildTool
2020-08-31 16:10:28 +02:00
type : string
2020-09-18 11:54:45 +02:00
description : "Defines the tool which is used for building the artifact."
mandatory : true
2020-08-31 16:10:28 +02:00
scope :
2020-09-18 11:54:45 +02:00
- GENERAL
2020-08-31 16:10:28 +02:00
- PARAMETERS
- STAGES
- STEPS
2020-09-18 11:54:45 +02:00
resourceRef :
- name : commonPipelineEnvironment
param : buildTool
2020-08-31 16:10:28 +02:00
- name : buildDescriptorFile
type : string
2020-09-18 11:54:45 +02:00
description : "Explicit path to the build descriptor file."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-09-18 11:54:45 +02:00
- name : versioningModel
2020-08-31 16:10:28 +02:00
type : string
2020-09-18 11:54:45 +02:00
description : "The default project versioning model used in case `projectVersion` parameter is
empty for creating the version based on the build descriptor version to report results in
Whitesource, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`"
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-09-18 11:54:45 +02:00
- GENERAL
2020-08-31 16:10:28 +02:00
default : "major"
2020-09-18 11:54:45 +02:00
aliases :
- name : defaultVersioningModel
2020-08-31 16:10:28 +02:00
- name : createProductFromPipeline
type : bool
2020-09-18 11:54:45 +02:00
description : "Whether to create the related WhiteSource product on the fly based on the supplied pipeline
configuration."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : true
- name : securityVulnerabilities
type : bool
2020-09-18 11:54:45 +02:00
description : "Whether security compliance is considered and reported as part of the assessment."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : true
- name : timeout
2020-10-29 10:21:01 +02:00
type : int
description : "Timeout in seconds until an HTTP call is forcefully terminated."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-10-29 10:21:01 +02:00
default : 900
2020-08-31 16:10:28 +02:00
- name : agentDownloadUrl
type : string
2020-09-18 11:54:45 +02:00
description : "URL used to download the latest version of the WhiteSource Unified Agent."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
- name : configFilePath
type : string
2020-09-18 11:54:45 +02:00
description : "Explicit path to the WhiteSource Unified Agent configuration file."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : ./wss-generated-file.config
- name : reportDirectoryName
type : string
2020-09-18 11:54:45 +02:00
description : "Name of the directory to save vulnerability/risk reports to"
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : "whitesource-reports"
- name : aggregateVersionWideReport
type : bool
2020-09-18 11:54:45 +02:00
description : "This does not run a scan, instead just generated a report for all projects with
projectVersion = config.ProductVersion"
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : false
- name : vulnerabilityReportFormat
type : string
2020-09-18 11:54:45 +02:00
description : "Format of the file the vulnerability report is written to."
2020-08-31 16:10:28 +02:00
possibleValues : [ xlsx, json, xml]
scope :
- PARAMETERS
- STAGES
- STEPS
default : xlsx
- name : parallelLimit
type : string
2020-10-29 10:21:01 +02:00
description : '[NOT IMPLEMENTED] Limit of parallel jobs being run at once in case of `scanType :
2020-09-18 11:54:45 +02:00
'' mta''` based scenarios, defaults to `15`.'
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : 15
- name : reporting
type : bool
2020-09-18 11:54:45 +02:00
description : "Whether assessment is being done at all, defaults to `true`"
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : true
- name : serviceUrl
type : string
2020-09-18 11:54:45 +02:00
description : "URL to the WhiteSource server API used for communication."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
2020-10-29 10:21:01 +02:00
default : "https://saas.whitesourcesoftware.com/api"
2020-08-31 16:10:28 +02:00
- name : buildDescriptorExcludeList
type : "[]string"
2020-09-18 11:54:45 +02:00
description : "List of build descriptors and therefore modules to exclude from the scan and assessment activities."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-10-15 08:08:00 +02:00
default : [ "unit-tests/pom.xml" , "integration-tests/pom.xml" ]
2020-08-31 16:10:28 +02:00
- name : orgToken
type : string
2020-09-18 11:54:45 +02:00
description : "WhiteSource token identifying your organization."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
secret : true
mandatory : true
resourceRef :
- name : orgAdminUserTokenCredentialsId
type : secret
- name : userToken
type : string
2020-10-29 10:21:01 +02:00
description : "WhiteSource token identifying the user executing the scan."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
secret : true
mandatory : true
resourceRef :
- name : userTokenCredentialsId
type : secret
- name : licensingVulnerabilities
type : bool
2020-10-29 10:21:01 +02:00
description : "[NOT IMPLEMENTED] Whether license compliance is considered and reported as part of the assessment."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : true
- name : agentFileName
type : string
2020-09-18 11:54:45 +02:00
description : "Locally used name for the Unified Agent jar file after download."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-10-29 10:21:01 +02:00
default : "wss-unified-agent.jar"
2020-08-31 16:10:28 +02:00
- name : emailAddressesOfInitialProductAdmins
2020-09-18 11:54:45 +02:00
type : "[]string"
description : "The list of email addresses to assign as product admins for newly created WhiteSource products."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
- name : productVersion
type : string
2020-09-18 11:54:45 +02:00
description : "Version of the WhiteSource product to be created and used for results aggregation,
usually determined automatically."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name : jreDownloadUrl
type : string
2020-10-29 10:21:01 +02:00
description : "[NOT IMPLEMENTED] URL used for downloading the Java Runtime Environment (JRE) required to run the
2020-09-18 11:54:45 +02:00
WhiteSource Unified Agent."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name : productName
2020-11-02 09:51:58 +02:00
aliases :
- name : whitesourceProductName
2020-08-31 16:10:28 +02:00
type : string
2020-10-29 10:21:01 +02:00
description : "Name of the WhiteSource product used for results aggregation.
This parameter is mandatory if the parameter `createProductFromPipeline` is set to `true`
and the WhiteSource product does not yet exist.
It is also mandatory if the parameter `productToken` is not provided."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name : projectName
aliases :
- name : whitesourceProjectName
type : string
2020-10-29 10:21:01 +02:00
description : "The project name used for reporting results in WhiteSource.
When provided, all source modules will be scanned into one aggregated WhiteSource project.
For scan types `maven`, `mta`, `npm`, the default is to generate one WhiteSource project per module,
whereas the project name is derived from the module's build descriptor.
For NPM modules, project aggregation is not supported, the last scanned NPM module will override all
previously aggregated scan results!"
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
- name : projectToken
type : string
2020-10-29 10:21:01 +02:00
description : "Project token to execute scan on. Ignored for scan types `maven`, `mta` and `npm`.
Used for project aggregation when scanning with the Unified Agent and can be provided as an
alternative to `projectName`."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name : vulnerabilityReportTitle
type : string
2020-09-18 11:54:45 +02:00
description : "Title of vulnerability report written during the assessment phase."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-10-29 10:21:01 +02:00
default : "WhiteSource Security Vulnerability Report"
2020-08-31 16:10:28 +02:00
- name : installCommand
type : string
2020-10-29 10:21:01 +02:00
description : "[NOT IMPLEMENTED] Install command that can be used to populate the default docker image for some scenarios."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
- name : scanType
type : string
2020-10-29 10:21:01 +02:00
description : "Type of development stack used to implement the solution.
For scan types other than `mta`, `maven`, and `npm`,
the WhiteSource Unified Agent is downloaded and used to perform the scan.
If the parameter is not provided, it is derived from the parameter `buildTool`,
which is usually configured in the general section of the pipeline config file."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
2020-09-18 11:54:45 +02:00
possibleValues : [ "golang" , "gradle" , "maven" , "mta" , "npm" , "pip" , "yarn" ]
2020-08-31 16:10:28 +02:00
- name : cvssSeverityLimit
type : string
2020-09-18 11:54:45 +02:00
description : "Limit of tolerable CVSS v3 score upon assessment and in consequence fails the build,
defaults to `-1`."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
2020-09-18 11:54:45 +02:00
default : "-1"
2020-08-31 16:10:28 +02:00
- name : includes
type : string
2020-09-18 11:54:45 +02:00
description : "Space separated list of file path patterns to include in the scan, slashes must be escaped for sed."
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
default : '**\/src\/main\/**\/*.java **\/*.py **\/*.go **\/*.js **\/*.ts'
- name : excludes
type : string
description : Space separated list of file path patterns to exclude in the scan
scope :
- PARAMETERS
- STAGES
- STEPS
default : "tests/**/*.py **/src/test/**/*.java"
- name : productToken
2020-12-21 14:16:38 +02:00
aliases :
- name : whitesourceProductToken
2020-08-31 16:10:28 +02:00
type : string
2020-09-18 11:54:45 +02:00
description : "Token of the WhiteSource product to be created and used for results aggregation,
2020-10-29 10:21:01 +02:00
usually determined automatically. Can optionally be provided as an alternative to `productName`."
2020-08-31 16:10:28 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name : agentParameters
type : string
2020-10-29 10:21:01 +02:00
description : "[NOT IMPLEMENTED] Additional parameters passed to the Unified Agent command line."
2020-09-18 11:54:45 +02:00
scope :
- PARAMETERS
- STAGES
- STEPS
# Global maven settings, should be added to all maven steps
- name : projectSettingsFile
type : string
description : "Path to the mvn settings file that should be used as project settings file."
scope :
- GENERAL
- STEPS
- STAGES
- PARAMETERS
aliases :
- name : maven/projectSettingsFile
- name : globalSettingsFile
type : string
description : "Path to the mvn settings file that should be used as global settings file."
scope :
- GENERAL
- STEPS
- STAGES
- PARAMETERS
aliases :
- name : maven/globalSettingsFile
- name : m2Path
type : string
description : "Path to the location of the local repository that should be used."
scope :
- GENERAL
- STEPS
- STAGES
- PARAMETERS
aliases :
- name : maven/m2Path
2020-10-30 16:05:14 +02:00
- name : installArtifacts
type : bool
description :
"If enabled, it will install all artifacts to the local maven repository to make them available before running whitesource.
This is required if any maven module has dependencies to other modules in the repository and they were not installed before."
scope :
- GENERAL
- STEPS
- STAGES
- PARAMETERS
2020-09-18 11:54:45 +02:00
# Global npm settings, should be added to all npm steps
- name : defaultNpmRegistry
type : string
description : "URL of the npm registry to use. Defaults to https://registry.npmjs.org/"
2020-08-31 16:10:28 +02:00
scope :
- PARAMETERS
2020-09-18 11:54:45 +02:00
- GENERAL
2020-08-31 16:10:28 +02:00
- STAGES
- STEPS
2020-09-18 11:54:45 +02:00
aliases :
- name : npm/defaultNpmRegistry
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
resources :
2020-08-31 16:10:28 +02:00
- name : buildDescriptor
type : stash
- name : opensourceConfiguration
type : stash
- name : checkmarx
type : stash
2020-11-02 09:51:58 +02:00
outputs :
resources :
- name : commonPipelineEnvironment
type : piperEnvironment
params :
- name : custom/whitesourceProjectNames
type : "[]string"
2020-08-31 16:10:28 +02:00
containers :
2020-11-26 11:45:47 +02:00
- image : devxci/mbtci:1.0.14
2020-11-27 12:39:21 +02:00
workingDir : /home/mta
2020-11-26 11:45:47 +02:00
env : [ ]
conditions :
- conditionRef : strings-equal
params :
- name : scanType
value : mta
2020-08-31 16:10:28 +02:00
- image : maven:3.5-jdk-8
workingDir : /home/java
env : [ ]
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
conditions :
2020-08-31 16:10:28 +02:00
- conditionRef : strings-equal
params :
- name : scanType
value : maven
- image : node:lts-stretch
workingDir : /home/node
env : [ ]
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
conditions :
2020-08-31 16:10:28 +02:00
- conditionRef : strings-equal
params :
- name : scanType
value : npm
- image : hseeberger/scala-sbt:8u181_2.12.8_1.2.8
workingDir : /home/scala
env : [ ]
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
conditions :
2020-08-31 16:10:28 +02:00
- conditionRef : strings-equal
params :
- name : scanType
value : sbt
- image : buildpack-deps:stretch-curl
workingDir : /home/dub
env : [ ]
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
conditions :
2020-08-31 16:10:28 +02:00
- conditionRef : strings-equal
params :
- name : scanType
value : dub