Install artifacts before Fortify scan (#2351)

Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
2025-09-16 09:26:22 +02:00 · 2020-11-16 10:29:21 +01:00
parent fb36f9545a
commit 61c190bb2b
3 changed files with 32 additions and 0 deletions
--- a/cmd/fortifyExecuteScan.go
+++ b/cmd/fortifyExecuteScan.go
@@ -104,6 +104,18 @@ func runFortifyScan(config fortifyExecuteScanOptions, sys fortify.System, utils
 	var reports []piperutils.Path
 	log.Entry().Debugf("Running Fortify scan against SSC at %v", config.ServerURL)

+	if config.BuildTool == "maven" && config.InstallArtifacts {
+		err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{
+			M2Path:              config.M2Path,
+			ProjectSettingsFile: config.ProjectSettingsFile,
+			GlobalSettingsFile:  config.GlobalSettingsFile,
+			PomPath:             config.BuildDescriptorFile,
+		}, utils)
+		if err != nil {
+			return reports, fmt.Errorf("Unable to install artifacts: %w", err)
+		}
+	}
+
 	artifact, err := determineArtifact(config, utils)
 	if err != nil {
 		log.Entry().WithError(err).Fatal()
--- a/cmd/fortifyExecuteScan_generated.go
+++ b/cmd/fortifyExecuteScan_generated.go
@@ -65,6 +65,7 @@ type fortifyExecuteScanOptions struct {
 	GlobalSettingsFile              string   `json:"globalSettingsFile,omitempty"`
 	M2Path                          string   `json:"m2Path,omitempty"`
 	VerifyOnly                      bool     `json:"verifyOnly,omitempty"`
+	InstallArtifacts                bool     `json:"installArtifacts,omitempty"`
 }

 type fortifyExecuteScanInflux struct {
@@ -237,6 +238,7 @@ func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteSc
 	cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.")
 	cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.")
 	cmd.Flags().BoolVar(&stepConfig.VerifyOnly, "verifyOnly", false, "Whether the step shall only apply verification checks or whether it does a full scan and check cycle")
+	cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running Fortify. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.")

 	cmd.MarkFlagRequired("authToken")
 	cmd.MarkFlagRequired("serverUrl")
@@ -688,6 +690,14 @@ func fortifyExecuteScanMetadata() config.StepData {
 						Mandatory:   false,
 						Aliases:     []config.Alias{},
 					},
+					{
+						Name:        "installArtifacts",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"},
+						Type:        "bool",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+					},
 				},
 			},
 		},
--- a/resources/metadata/fortify.yaml
+++ b/resources/metadata/fortify.yaml
@@ -530,6 +530,16 @@ spec:
          - STAGES
          - STEPS
        default: false
+      - name: installArtifacts
+        type: bool
+        description:
+          "If enabled, it will install all artifacts to the local maven repository to make them available before running Fortify.
+          This is required if any maven module has dependencies to other modules in the repository and they were not installed before."
+        scope:
+          - GENERAL
+          - STEPS
+          - STAGES
+          - PARAMETERS
  containers:
    - image: "<<please bring your own fortify image>>"
      workingDir: "/home/piper"