sap-jenkins-library/documentation/docs/steps/detectExecuteScan.md

# ${docGenStepName}

## ${docGenDescription}

## Prerequisites

You need to store the API token for the Detect service as _'Secret text'_ credential in your Jenkins system.

## ${docJenkinsPluginDependencies}

## ${docGenParameters}

## ${docGenConfiguration}

## Rapid scan

In addition to the full scan, Black Duck also offers a faster and easier scan option, called <a href="https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=downloadingandrunning%2Frapidscan.html&_LANG=enus" target="_blank">Rapid Scan</a>.
Its main advantage is speed. In most cases, the scan is completed in less than 30 seconds. It doesn't save any information on the Black Duck side.
The result can be found in the pipeline console.

- **Note**
  By default, Black Duck scans run in 'FULL' mode. Although rapid scans do appropriate security checks for early detection of issues during daily developments, they are not sufficient for production deployment and releases: Only use 'FULL' scans for production deployment and releases.

### Running rapid scans on pull requests

If you have configured your orchestrator to detect pull requests, then the `detecExecuationScan` step in the Piper pipeline can recognize this and change the Black Duck scan mode from 'FULL' to 'RAPID'. This does not affect the usual branch scans.

- **Note**
  * This functionality is not applicable to the GPP (General Purpose Pipeline)
  * This can only be used for custom pipelines based on the Jenkins piper library

#### How to run rapid scans

1. Specify all the required parameters for the detectExecution step in .pipeline/config.yml
   Optionally you can specify `githubApi` and `githubToken` in the detectExecution step to get the result in the pull request comment.
   For example:

    ```
    ...
    steps:
      ...
      detectExecuteScan:
        serverUrl: 'https://sap-staging.app.blackduck.com/'
        detectTokenCredentialsId: 'JenkinsCredentialsIdForBlackDuckToken'
        projectName: 'projectNameInBlackDuckUI'
        version: 'v1.0'
        githubApiUrl: 'https://github.wdf.sap.corp/api/v3'
        githubToken: 'JenkinsCredentialsIdForGithub'
      ...
    ...
    ```

2. Enable detecExecuationScan in the orchestrator.
  For example:

    ```
    @Library('piper-lib') _
    @Library('piper-lib-os') __

    node {
      stage('Init') {
        checkout scm
        setupPipelineEnvironment script: this
      }
      stage('detectExecuteScan') {
         detectExecuteScan script: this
      }
      ...
    }
    ```

3. To run the rapid scan, open a pull request with your changes to the main branch.

#### Result of the rapid scan

If you provide `githubApi` and `githubToken`, then the pipeline adds the scan result to the comment of the opened pull request.

![blackDuckPullRequestComment](../images/BDRapidScanPrs.png)
add step for Synopsis Detect Scans (#690) * add step for Synopsis Detect Scans tool was formerly calles Blackduck Hub Detect. Details about the tool can be found here: https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect 2019-05-08 11:36:01 +02:00			`# ${docGenStepName}`

			`## ${docGenDescription}`

docs: fix typo in headline `Prerequsites` (#1461) * fix: typo `Prerequsites` * fix code climate finding Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com> 2020-04-26 19:50:39 +02:00			`## Prerequisites`
add step for Synopsis Detect Scans (#690) * add step for Synopsis Detect Scans tool was formerly calles Blackduck Hub Detect. Details about the tool can be found here: https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect 2019-05-08 11:36:01 +02:00
			`You need to store the API token for the Detect service as _'Secret text'_ credential in your Jenkins system.`

More speaking name in doc wrt jenkins plugin deps 2019-05-24 15:44:31 +02:00			`## ${docJenkinsPluginDependencies}`
Introduce label for Jenkins plugin dependencies 2019-05-21 09:51:27 +02:00
add step for Synopsis Detect Scans (#690) * add step for Synopsis Detect Scans tool was formerly calles Blackduck Hub Detect. Details about the tool can be found here: https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect 2019-05-08 11:36:01 +02:00			`## ${docGenParameters}`

			`## ${docGenConfiguration}`
added info for rapid scan in detectExecution (#4194) * added info for rapid scan in detectExecution 2023-01-20 14:39:53 +05:00
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00			`## Rapid scan`
added info for rapid scan in detectExecution (#4194) * added info for rapid scan in detectExecution 2023-01-20 14:39:53 +05:00
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00			`In addition to the full scan, Black Duck also offers a faster and easier scan option, called <a href="https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=downloadingandrunning%2Frapidscan.html&_LANG=enus" target="_blank">Rapid Scan</a>.`
			`Its main advantage is speed. In most cases, the scan is completed in less than 30 seconds. It doesn't save any information on the Black Duck side.`
			`The result can be found in the pipeline console.`
added info for rapid scan in detectExecution (#4194) * added info for rapid scan in detectExecution 2023-01-20 14:39:53 +05:00
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00			`- Note`
			`By default, Black Duck scans run in 'FULL' mode. Although rapid scans do appropriate security checks for early detection of issues during daily developments, they are not sufficient for production deployment and releases: Only use 'FULL' scans for production deployment and releases.`
added info for rapid scan in detectExecution (#4194) * added info for rapid scan in detectExecution 2023-01-20 14:39:53 +05:00
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00			`### Running rapid scans on pull requests`
added info for rapid scan in detectExecution (#4194) * added info for rapid scan in detectExecution 2023-01-20 14:39:53 +05:00
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00			If you have configured your orchestrator to detect pull requests, then the `detecExecuationScan` step in the Piper pipeline can recognize this and change the Black Duck scan mode from 'FULL' to 'RAPID'. This does not affect the usual branch scans.
added info for rapid scan in detectExecution (#4194) * added info for rapid scan in detectExecution 2023-01-20 14:39:53 +05:00
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00			`- Note`
			`* This functionality is not applicable to the GPP (General Purpose Pipeline)`
			`* This can only be used for custom pipelines based on the Jenkins piper library`

			`#### How to run rapid scans`

			`1. Specify all the required parameters for the detectExecution step in .pipeline/config.yml`
			Optionally you can specify `githubApi` and `githubToken` in the detectExecution step to get the result in the pull request comment.
			`For example:`

			```
			`...`
			`steps:`
			`...`
			`detectExecuteScan:`
			`serverUrl: 'https://sap-staging.app.blackduck.com/'`
			`detectTokenCredentialsId: 'JenkinsCredentialsIdForBlackDuckToken'`
			`projectName: 'projectNameInBlackDuckUI'`
			`version: 'v1.0'`
			`githubApiUrl: 'https://github.wdf.sap.corp/api/v3'`
			`githubToken: 'JenkinsCredentialsIdForGithub'`
			`...`
			`...`
			```

			`2. Enable detecExecuationScan in the orchestrator.`
feat(detectExecuteScan) execution of rapid scans (#4211) Co-authored-by: akram8008 <900658008.akram@email.com> Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com> Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> Co-authored-by: ffeldmann <f.feldmann@sap.com> Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2023-03-02 15:04:21 +05:00			`For example:`
documentation for the upcoming rapid scan in pull requests in the detectExecuteScan step (#4249) Co-authored-by: Andrei Kireev <andrei.kireev@sap.com> 2023-02-24 17:18:15 +05:00
			```
			`@Library('piper-lib') _`
			`@Library('piper-lib-os') __`

			`node {`
			`stage('Init') {`
			`checkout scm`
			`setupPipelineEnvironment script: this`
			`}`
			`stage('detectExecuteScan') {`
			`detectExecuteScan script: this`
			`}`
			`...`
			`}`
			```

			`3. To run the rapid scan, open a pull request with your changes to the main branch.`

			`#### Result of the rapid scan`

			If you provide `githubApi` and `githubToken`, then the pipeline adds the scan result to the comment of the opened pull request.

			`![blackDuckPullRequestComment](../images/BDRapidScanPrs.png)`