sap-jenkins-library/documentation/docs/steps/protecodeExecuteScan.md

# ${docGenStepName}

## ${docGenDescription}

## Prerequisites

1. Create a Username / Password credential with the Protecode user in your Jenkins credential store
1. Look up your Group ID using REST API via `curl -u <username> "https://<protecode host>/api/groups/"`.

If the image is on a protected registry you can provide a Docker `config.json` file containing the credential information for the registry.
You can either use `docker login` (see the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/) for details) or you can create the file manually using the following script.

```shell
#!/bin/bash
auth=$(echo -n "$USER:$PASSWORD" | base64 -w0)
cat <<EOF > config.json
{
    "auths": {
        "$REGISTRY": {
            "auth": "$auth"
        }
    }
}
EOF
```

`REGISTRY` is the URL of the protected registry (Example: `https://index.docker.io/v1`).

Attention: If you reference the file in --dockerConfigJSON or upload the file to the Jenkins credential store, the file has to be named `config.json`.

## ${docGenParameters}

### Details

* The Protecode scan step is able to send a file addressed via parameter `filePath` to the backend for scanning it for known vulnerabilities.
* Alternatively an HTTP URL can be specified via `fetchUrl`. Protecode will then download the artifact from there and scan it.
* To support docker image scanning please provide `scanImage` with a docker like URL poiting to the image tag within the docker registry being used.
* To receive the result it polls until the job completes.
* Once the job has completed a PDF report is pulled from the backend and archived in the build
* Finally the scan result is being analysed for critical findings with a CVSS v3 score >= 7.0 and if such findings are detected the build is failed based on the configuration setting `failOnSevereVulnerabilities`.
* During the analysis all CVEs which are triaged are ignored and will not provoke the build to fail.

## ${docGenConfiguration}
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 16:16:34 +01:00			`# ${docGenStepName}`

			`## ${docGenDescription}`

			`## Prerequisites`
docs: remove outdates prerequisites from Protecode step (#1905) * remove outdates prerequisites * fix code climate issue 2020-08-11 11:31:40 +02:00
			`1. Create a Username / Password credential with the Protecode user in your Jenkins credential store`
SAP CP to SAP BTP Rebranding (#2703) * Update configuration.md * Update build.md * Update cloneRepositories.md * Update integrationTest.md * Update post.md * Update prepareSystem.md * Update publish.md * Update configuration.md * Update configuration.md * Update introduction.md * Update build.md * Update CAP_Scenario.md * Update CAP_Scenario.md * Update abapEnvironmentAddons.md * Update abapEnvironmentAddons.md * Update abapEnvironmentTest.md * Update changeManagement.md * Update Readme.md * Update Readme.md * Update introduction.md * Update abapEnvironmentAssembleConfirm.md * Update abapEnvironmentAssemblePackages.md * Update abapEnvironmentCheckoutBranch.md * Update abapEnvironmentCloneGitRepo.md * Update abapEnvironmentCreateSystem.md * Update abapEnvironmentPullGitRepo.md * Update abapEnvironmentRunATCCheck.md * Update cloudFoundryCreateService.md * Update cloudFoundryCreateSpace.md * Update cloudFoundryDeleteSpace.md * Update mtaBuild.md * Update neoDeploy.md * Update protecodeExecuteScan.md * Update uiVeri5ExecuteTests.md * Update guidedtour.md * Update index.md * Update configuration.md * Update guidedtour.md * Update configuration.md * Update build.md * Update CAP_Scenario.md * Update TMS_Extension.md * Update TMS_Extension.md * Update abapEnvironmentAddons.md * Update abapEnvironmentTest.md * Update Readme.md * Update Readme.md * Update cloudFoundryDeploy.md * Update influxWriteData.md * Update neoDeploy.md * Update CAP_Scenario.md * Update TMS_Extension.md * Update Readme.md * Update Readme.md * Update guidedtour.md * Update guidedtour.md * Update guidedtour.md * Update configuration.md Co-authored-by: Thorsten Duda <thorsten.duda@sap.com> 2021-03-19 10:51:24 +01:00			1. Look up your Group ID using REST API via `curl -u <username> "https://<protecode host>/api/groups/"`.
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 16:16:34 +01:00
refactor(protecode): add explicit parameter for Docker config.json file (#1914) * add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources 2020-08-12 14:57:11 +02:00			If the image is on a protected registry you can provide a Docker `config.json` file containing the credential information for the registry.
Improve documentation for protecodeExecuteScan (#3076) * Improve documentation for protecodeExecuteScan protecodeExecuteScan expects that the docker config file is named 'config.json'. The dockerConfigJSON parameter is used by protecodeExecuteScan to retrieve the directory only (for environment variable DOCKER_CONFIG). * Also improve documentation that is generated * No relative references in generated documentation. * Less complex documentation * Remove irrelevant empty line * Improvements after review * Add blank line after code block * Handle registry URL example as code Markdown format checker does not like raw URLs. Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2021-09-01 10:57:21 +02:00			You can either use `docker login` (see the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/) for details) or you can create the file manually using the following script.

			```shell
			`#!/bin/bash`
			`auth=$(echo -n "$USER:$PASSWORD" \| base64 -w0)`
			`cat <<EOF > config.json`
			`{`
			`"auths": {`
			`"$REGISTRY": {`
			`"auth": "$auth"`
			`}`
			`}`
			`}`
			`EOF`
			```

			`REGISTRY` is the URL of the protected registry (Example: `https://index.docker.io/v1`).

			Attention: If you reference the file in --dockerConfigJSON or upload the file to the Jenkins credential store, the file has to be named `config.json`.
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 16:16:34 +01:00
			`## ${docGenParameters}`

docs: remove colon from headlines (#1896) 2020-08-07 22:10:43 +02:00			`### Details`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 16:16:34 +01:00
			* The Protecode scan step is able to send a file addressed via parameter `filePath` to the backend for scanning it for known vulnerabilities.
			* Alternatively an HTTP URL can be specified via `fetchUrl`. Protecode will then download the artifact from there and scan it.
refactor(protecode): add explicit parameter for Docker config.json file (#1914) * add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources 2020-08-12 14:57:11 +02:00			* To support docker image scanning please provide `scanImage` with a docker like URL poiting to the image tag within the docker registry being used.
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 16:16:34 +01:00			`* To receive the result it polls until the job completes.`
			`* Once the job has completed a PDF report is pulled from the backend and archived in the build`
refactor(protecode): add explicit parameter for Docker config.json file (#1914) * add dedicated property to handle docker config file * switch to dockerConfigJSON in groovy * use DockerConfigJSON * add secret reference * Update protecode.yaml * Update protecode.yaml * improve docs * update generated sources 2020-08-12 14:57:11 +02:00			* Finally the scan result is being analysed for critical findings with a CVSS v3 score >= 7.0 and if such findings are detected the build is failed based on the configuration setting `failOnSevereVulnerabilities`.
			`* During the analysis all CVEs which are triaged are ignored and will not provoke the build to fail.`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 16:16:34 +01:00
			`## ${docGenConfiguration}`