description:This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.
longDescription:|-
This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.
The codeql step triggers a scan locally on your orchestrator (e.g. Jenkins) within a docker container so finally you have to supply a docker image with codeql
and Java plus Maven.
spec:
inputs:
secrets:
- name:githubTokenCredentialsId
description:Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.
description:"GitHub personal access token in plain text. NEVER set this parameter in a file commited to a source code repository. This parameter is intended to be used from the command line or set securely via the environment variable listed below. In most pipeline use-cases, you should instead either store the token in Vault (where it can be automatically retrieved by the step from one of the paths listed below) or store it as a Jenkins secret and configure the secret's id via the `githubTokenCredentialsId` parameter."
If this ref is a pull request merge commit, then use refs/pulls/1234/merge or refs/pulls/1234/head (depending on whether or not this commit corresponds to the HEAD or MERGE commit of the PR).
Otherwise, this should be a branch:refs/heads/branch-name. If omitted, the CLI will attempt to automatically populate this from the current branch of the checkout path, if this exists.
description:"Threashold for maximum number of allowed vulnerabilities."
type:int
default:0
scope:
- PARAMETERS
- STAGES
- STEPS
- name:checkForCompliance
description:"If set to true, the piper step checks for compliance based on vulnerability threadholds. Example - If total vulnerabilites are 10 and vulnerabilityThresholdTotal is set as 0, then the steps throws an compliance error."
