jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
Code Issues Releases Activity

Making detect8 default script (#4568)

Browse Source 
* made detect8 default

* amended tests to reflect detect 8

* amended

* amend

* amend

* amend tests

* 1

* 1

* tests-with-temp-changes-for-transition

* removed auto unmapping for detect7

* added-old-parameters-as-deprecated
This commit is contained in:
Dmitrii Pavlukhin 2023-09-18 16:33:09 +03:00 committed by GitHub
parent caee8db407
commit 971d5d1461
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 312 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
cmd/detectExecuteScan.go
View File

@ -294,11 +294,11 @@ func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error {
log.Entry().Infof("Downloading Detect Script")
if config.UseDetect8 {
return utils.DownloadFile("https://detect.synopsys.com/detect8.sh", "detect.sh", nil, nil)
if config.UseDetect7 {
return utils.DownloadFile("https://detect.synopsys.com/detect7.sh", "detect.sh", nil, nil)
}
return utils.DownloadFile("https://detect.synopsys.com/detect7.sh", "detect.sh", nil, nil)
return utils.DownloadFile("https://detect.synopsys.com/detect8.sh", "detect.sh", nil, nil)
}
func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectUtils, sys *blackduckSystem) ([]string, error) {
@ -337,6 +337,12 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
} else {
// When unmap is set to false, any occurances of unmap=true from scanProperties must be removed
config.ScanProperties, _ = piperutils.RemoveAll(config.ScanProperties, "--detect.project.codelocation.unmap=true")
// TEMPORARY OPTION DURING THE MIGRATION TO DETECT8
if !config.UseDetect7 {
args = append(args, "--detect.project.codelocation.unmap=true")
}
// REMOVE AFTER 25.09.2023
}
args = append(args, config.ScanProperties...)
@ -346,7 +352,7 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
// ProjectNames, VersionName, GroupName etc can contain spaces and need to be escaped using double quotes in CLI
// Hence the string need to be surrounded by \"
// Maven Parameters
// Moved parameters
mavenArgs, err := maven.DownloadAndGetMavenParameters(config.GlobalSettingsFile, config.ProjectSettingsFile, utils)
if err != nil {
return nil, err
@ -366,8 +372,26 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
}
// Since detect8 adds quotes by default, to avoid double quotation they should be removed for several arguments
if config.UseDetect8 {
if config.UseDetect7 {
args = append(args, fmt.Sprintf("\"--detect.project.name='%v'\"", config.ProjectName))
args = append(args, fmt.Sprintf("\"--detect.project.version.name='%v'\"", detectVersionName))
// Groups parameter is added only when there is atleast one non-empty groupname provided
if len(config.Groups) > 0 && len(config.Groups[0]) > 0 {
args = append(args, fmt.Sprintf("\"--detect.project.user.groups='%v'\"", strings.Join(config.Groups, ",")))
}
// Atleast 1, non-empty category to fail on must be provided
if len(config.FailOn) > 0 && len(config.FailOn[0]) > 0 {
args = append(args, fmt.Sprintf("--detect.policy.check.fail.on.severities=%v", strings.Join(config.FailOn, ",")))
}
args = append(args, fmt.Sprintf("\"--detect.code.location.name='%v'\"", codelocation))
if len(mavenArgs) > 0 && !checkIfArgumentIsInScanProperties(config, "detect.maven.build.command") {
args = append(args, fmt.Sprintf("\"--detect.maven.build.command='%v'\"", strings.Join(mavenArgs, " ")))
}
} else {
args = append(args, fmt.Sprintf("\"--detect.project.name=%v\"", config.ProjectName))
args = append(args, fmt.Sprintf("\"--detect.project.version.name=%v\"", detectVersionName))
@ -387,30 +411,7 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
args = append(args, fmt.Sprintf("\"--detect.maven.build.command=%v\"", strings.Join(mavenArgs, " ")))
}
} else {
args = append(args, fmt.Sprintf("\"--detect.project.name='%v'\"", config.ProjectName))
args = append(args, fmt.Sprintf("\"--detect.project.version.name='%v'\"", detectVersionName))
// Groups parameter is added only when there is atleast one non-empty groupname provided
if len(config.Groups) > 0 && len(config.Groups[0]) > 0 {
args = append(args, fmt.Sprintf("\"--detect.project.user.groups='%v'\"", strings.Join(config.Groups, ",")))
}
// Atleast 1, non-empty category to fail on must be provided
if len(config.FailOn) > 0 && len(config.FailOn[0]) > 0 {
args = append(args, fmt.Sprintf("--detect.policy.check.fail.on.severities=%v", strings.Join(config.FailOn, ",")))
}
args = append(args, fmt.Sprintf("\"--detect.code.location.name='%v'\"", codelocation))
if len(mavenArgs) > 0 && !checkIfArgumentIsInScanProperties(config, "detect.maven.build.command") {
args = append(args, fmt.Sprintf("\"--detect.maven.build.command='%v'\"", strings.Join(mavenArgs, " ")))
}
}
if config.SuccessOnSkip {
args = append(args, fmt.Sprintf("\"--detect.force.success.on.skip=%v\"", config.SuccessOnSkip))
args = append(args, fmt.Sprintf("\"--detect.force.success.on.skip=true\""))
}
if len(config.ScanPaths) > 0 && len(config.ScanPaths[0]) > 0 {

23
cmd/detectExecuteScan_generated.go
View File

@ -45,6 +45,7 @@ type detectExecuteScanOptions struct {
MavenExcludedScopes []string `json:"mavenExcludedScopes,omitempty"`
DetectTools []string `json:"detectTools,omitempty"`
ScanOnChanges bool `json:"scanOnChanges,omitempty"`
UseDetect7 bool `json:"useDetect7,omitempty"`
UseDetect8 bool `json:"useDetect8,omitempty"`
SuccessOnSkip bool `json:"successOnSkip,omitempty"`
CustomEnvironmentVariables []string `json:"customEnvironmentVariables,omitempty"`
@ -287,8 +288,9 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
cmd.Flags().StringSliceVar(&stepConfig.MavenExcludedScopes, "mavenExcludedScopes", []string{}, "The maven scopes that need to be excluded from the scan. For example, setting the value 'test' will exclude all components which are defined with a test scope in maven")
cmd.Flags().StringSliceVar(&stepConfig.DetectTools, "detectTools", []string{}, "The type of BlackDuck scanners to include while running the BlackDuck scan. By default All scanners are included. For the complete list of possible values, Please refer [Synopsys detect documentation](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=properties%2Fconfiguration%2Fpaths.html&_LANG=enus&anchor=detect-tools-included)")
cmd.Flags().BoolVar(&stepConfig.ScanOnChanges, "scanOnChanges", false, "This flag determines if the scan is submitted to the server. If set to true, then the scan request is submitted to the server only when changes are detected in the Open Source Bill of Materials If the flag is set to false, then the scan request is submitted to server regardless of any changes. For more details please refer to the [documentation](https://github.com/blackducksoftware/detect_rescan/blob/master/README.md)")
cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", false, "This flag allows to use the currently supported 8 version of Detect Script instead of v7")
cmd.Flags().BoolVar(&stepConfig.SuccessOnSkip, "successOnSkip", false, "This flag allows forces Black Duck to exit with 0 error code if any step is skipped")
cmd.Flags().BoolVar(&stepConfig.UseDetect7, "useDetect7", false, "This flag allows to use the currently supported 8 version of Detect Script instead of v7")
cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", true, "This flag allows to use the currently supported 8 version of Detect Script instead of v7")
cmd.Flags().BoolVar(&stepConfig.SuccessOnSkip, "successOnSkip", true, "This flag allows forces Black Duck to exit with 0 error code if any step is skipped")
cmd.Flags().StringSliceVar(&stepConfig.CustomEnvironmentVariables, "customEnvironmentVariables", []string{}, "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan. This includes a list of environment variables defined by Synopsys. The full list can be found [here](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=configuring%2Fenvvars.html&_LANG=enus) This list affects the detect script downloaded while running the scan. Right now only detect7.sh is available for downloading")
cmd.Flags().IntVar(&stepConfig.MinScanInterval, "minScanInterval", 0, "This parameter controls the frequency (in number of hours) at which the signature scan is re-submitted for scan. When set to a value greater than 0, the signature scans are skipped until the specified number of hours has elapsed since the last signature scan.")
cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line")
@ -551,14 +553,23 @@ func detectExecuteScanMetadata() config.StepData {
Aliases: []config.Alias{},
Default: false,
},
{
Name: "useDetect7",
ResourceRef: []config.ResourceReference{},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
Type: "bool",
Mandatory: false,
Aliases: []config.Alias{{Name: "detect/useDetect7"}},
Default: false,
},
{
Name: "useDetect8",
ResourceRef: []config.ResourceReference{},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
Type: "bool",
Mandatory: false,
Aliases: []config.Alias{{Name: "detect/useDetect8"}},
Default: false,
Aliases: []config.Alias{{Name: "detect/useDetect8", Deprecated: true}},
Default: true,
},
{
Name: "successOnSkip",
@ -566,8 +577,8 @@ func detectExecuteScanMetadata() config.StepData {
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
Type: "bool",
Mandatory: false,
Aliases: []config.Alias{{Name: "detect/successOnSkip"}},
Default: false,
Aliases: []config.Alias{{Name: "detect/successOnSkip", Deprecated: true}},
Default: true,
},
{
Name: "customEnvironmentVariables",

445
cmd/detectExecuteScan_test.go
View File

@ -104,157 +104,157 @@ func newBlackduckMockSystem(config detectExecuteScanOptions) blackduckSystem {
const (
authContent = `{
"bearerToken":"bearerTestToken",
"expiresInMilliseconds":7199997
}`
"bearerToken":"bearerTestToken",
"expiresInMilliseconds":7199997
}`
projectContent = `{
"totalCount": 1,
"items": [
{
"name": "SHC-PiperTest",
"_meta": {
"href": "https://my.blackduck.system/api/projects/5ca86e11-1983-4e7b-97d4-eb1a0aeffbbf",
"links": [
{
"rel": "versions",
"href": "https://my.blackduck.system/api/projects/5ca86e11-1983-4e7b-97d4-eb1a0aeffbbf/versions"
}
]
}
}
]
}`
"totalCount": 1,
"items": [
{
"name": "SHC-PiperTest",
"_meta": {
"href": "https://my.blackduck.system/api/projects/5ca86e11-1983-4e7b-97d4-eb1a0aeffbbf",
"links": [
{
"rel": "versions",
"href": "https://my.blackduck.system/api/projects/5ca86e11-1983-4e7b-97d4-eb1a0aeffbbf/versions"
}
]
}
}
]
}`
projectVersionContent = `{
"totalCount": 1,
"items": [
{
"versionName": "1.0",
"_meta": {
"href": "https://my.blackduck.system/api/projects/5ca86e11-1983-4e7b-97d4-eb1a0aeffbbf/versions/a6c94786-0ee6-414f-9054-90d549c69c36",
"links": [
{
"rel": "components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/a6c94786/components"
},
{
"rel": "vulnerable-components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/a6c94786/vunlerable-bom-components"
},
{
"rel": "policy-status",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/a6c94786/policy-status"
}
]
}
}
]
}`
"totalCount": 1,
"items": [
{
"versionName": "1.0",
"_meta": {
"href": "https://my.blackduck.system/api/projects/5ca86e11-1983-4e7b-97d4-eb1a0aeffbbf/versions/a6c94786-0ee6-414f-9054-90d549c69c36",
"links": [
{
"rel": "components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/a6c94786/components"
},
{
"rel": "vulnerable-components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/a6c94786/vunlerable-bom-components"
},
{
"rel": "policy-status",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/a6c94786/policy-status"
}
]
}
}
]
}`
componentsContent = `{
"totalCount": 3,
"items" : [
{
"componentName": "Spring Framework",
"componentVersionName": "5.3.9",
"policyStatus": "IN_VIOLATION"
}, {
"componentName": "Apache Tomcat",
"componentVersionName": "9.0.52",
"policyStatus": "IN_VIOLATION"
}, {
"componentName": "Apache Log4j",
"componentVersionName": "4.5.16",
"policyStatus": "UNKNOWN"
}
]
}`
"totalCount": 3,
"items" : [
{
"componentName": "Spring Framework",
"componentVersionName": "5.3.9",
"policyStatus": "IN_VIOLATION"
}, {
"componentName": "Apache Tomcat",
"componentVersionName": "9.0.52",
"policyStatus": "IN_VIOLATION"
}, {
"componentName": "Apache Log4j",
"componentVersionName": "4.5.16",
"policyStatus": "UNKNOWN"
}
]
}`
vulnerabilitiesContent = `{
"totalCount": 3,
"items": [
{
"componentName": "Spring Framework",
"componentVersionName": "5.3.9",
"vulnerabilityWithRemediation" : {
"vulnerabilityName" : "BDSA-2019-2021",
"baseScore" : 7.5,
"overallScore" : 7.5,
"severity" : "HIGH",
"remediationStatus" : "IGNORED",
"description" : "description"
}
}, {
"componentName": "Apache Log4j",
"componentVersionName": "4.5.16",
"vulnerabilityWithRemediation" : {
"vulnerabilityName" : "BDSA-2020-4711",
"baseScore" : 7.5,
"overallScore" : 7.5,
"severity" : "HIGH",
"remediationStatus" : "IGNORED",
"description" : "description"
}
}, {
"componentName": "Apache Log4j",
"componentVersionName": "4.5.16",
"vulnerabilityWithRemediation" : {
"vulnerabilityName" : "BDSA-2020-4712",
"baseScore" : 4.5,
"overallScore" : 4.5,
"severity" : "MEDIUM",
"remediationStatus" : "IGNORED",
"description" : "description"
}
}
]
}`
"totalCount": 3,
"items": [
{
"componentName": "Spring Framework",
"componentVersionName": "5.3.9",
"vulnerabilityWithRemediation" : {
"vulnerabilityName" : "BDSA-2019-2021",
"baseScore" : 7.5,
"overallScore" : 7.5,
"severity" : "HIGH",
"remediationStatus" : "IGNORED",
"description" : "description"
}
}, {
"componentName": "Apache Log4j",
"componentVersionName": "4.5.16",
"vulnerabilityWithRemediation" : {
"vulnerabilityName" : "BDSA-2020-4711",
"baseScore" : 7.5,
"overallScore" : 7.5,
"severity" : "HIGH",
"remediationStatus" : "IGNORED",
"description" : "description"
}
}, {
"componentName": "Apache Log4j",
"componentVersionName": "4.5.16",
"vulnerabilityWithRemediation" : {
"vulnerabilityName" : "BDSA-2020-4712",
"baseScore" : 4.5,
"overallScore" : 4.5,
"severity" : "MEDIUM",
"remediationStatus" : "IGNORED",
"description" : "description"
}
}
]
}`
policyStatusContent = `{
"overallStatus": "IN_VIOLATION",
"componentVersionPolicyViolationDetails": {
"name": "IN_VIOLATION",
"severityLevels": [{"name":"BLOCKER", "value": 1}, {"name": "CRITICAL", "value": 1}]
}
}`
"overallStatus": "IN_VIOLATION",
"componentVersionPolicyViolationDetails": {
"name": "IN_VIOLATION",
"severityLevels": [{"name":"BLOCKER", "value": 1}, {"name": "CRITICAL", "value": 1}]
}
}`
projectContentRapidScan = `{
"totalCount": 1,
"items": [
{
"name": "Rapid_scan_on_PRs",
"_meta": {
"href": "https://my.blackduck.system/api/projects/654ggfdgf-1983-4e7b-97d4-eb1a0aeffbbf",
"links": [
{
"rel": "versions",
"href": "https://my.blackduck.system/api/projects/654ggfdgf-1983-4e7b-97d4-eb1a0aeffbbf/versions"
}
]
}
}
]
}`
"totalCount": 1,
"items": [
{
"name": "Rapid_scan_on_PRs",
"_meta": {
"href": "https://my.blackduck.system/api/projects/654ggfdgf-1983-4e7b-97d4-eb1a0aeffbbf",
"links": [
{
"rel": "versions",
"href": "https://my.blackduck.system/api/projects/654ggfdgf-1983-4e7b-97d4-eb1a0aeffbbf/versions"
}
]
}
}
]
}`
projectVersionContentRapid = `{
"totalCount": 1,
"items": [
{
"versionName": "1.0",
"_meta": {
"href": "https://my.blackduck.system/api/projects/654ggfdgf-1983-4e7b-97d4-eb1a0aeffbbf/versions/54357fds-0ee6-414f-9054-90d549c69c36",
"links": [
{
"rel": "components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/654784382/components"
},
{
"rel": "vulnerable-components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/654784382/vunlerable-bom-components"
},
{
"rel": "policy-status",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/654784382/policy-status"
}
]
}
}
]
}`
"totalCount": 1,
"items": [
{
"versionName": "1.0",
"_meta": {
"href": "https://my.blackduck.system/api/projects/654ggfdgf-1983-4e7b-97d4-eb1a0aeffbbf/versions/54357fds-0ee6-414f-9054-90d549c69c36",
"links": [
{
"rel": "components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/654784382/components"
},
{
"rel": "vulnerable-components",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/654784382/vunlerable-bom-components"
},
{
"rel": "policy-status",
"href": "https://my.blackduck.system/api/projects/5ca86e11/versions/654784382/policy-status"
}
]
}
}
]
}`
)
func (c *detectTestUtilsBundle) RunExecutable(string, ...string) error {
@ -302,12 +302,13 @@ func TestRunDetect(t *testing.T) {
utilsMock.AddFile("detect.sh", []byte(""))
err := runDetect(ctx, detectExecuteScanOptions{}, utilsMock, &detectExecuteScanInflux{})
assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect7.sh"], "detect.sh")
assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect8.sh"], "detect.sh")
assert.True(t, utilsMock.HasRemovedFile("detect.sh"))
assert.NoError(t, err)
assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'"
// TEMPRORARY CHANGED until 25.09.2023
expectedScript := "./detect.sh --detect.project.codelocation.unmap=true --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'"
assert.Equal(t, expectedScript, utilsMock.Calls[0])
})
@ -315,7 +316,8 @@ func TestRunDetect(t *testing.T) {
t.Parallel()
ctx := context.Background()
utilsMock := newDetectTestUtilsBundle(false)
utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'": fmt.Errorf("")}
// TEMPRORARY CHANGED until 25.09.2023
utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --detect.project.codelocation.unmap=true --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'": fmt.Errorf("")}
utilsMock.ExitCode = 3
utilsMock.AddFile("detect.sh", []byte(""))
err := runDetect(ctx, detectExecuteScanOptions{FailOnSevereVulnerabilities: true}, utilsMock, &detectExecuteScanInflux{})
@ -341,7 +343,7 @@ func TestRunDetect(t *testing.T) {
assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
absoluteLocalPath := string(os.PathSeparator) + filepath.Join("root_folder", ".pipeline", "local_repo")
expectedParam := "\"--detect.maven.build.command='--global-settings global-settings.xml --settings project-settings.xml -Dmaven.repo.local=" + absoluteLocalPath + "'\""
expectedParam := "\"--detect.maven.build.command=--global-settings global-settings.xml --settings project-settings.xml -Dmaven.repo.local=" + absoluteLocalPath + "\""
assert.Contains(t, utilsMock.Calls[0], expectedParam)
})
}
@ -374,13 +376,17 @@ func TestAddDetectArgs(t *testing.T) {
"--detect.detector.search.depth=100",
"--detect.detector.search.continue=true",
"--detect.excluded.directories=dir1,dir2",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--scan1=1",
"--scan2=2",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.code.location.name='testName/1.0'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.code.location.name=testName/1.0\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -401,13 +407,17 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -428,13 +438,17 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -456,13 +470,17 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
},
@ -488,11 +506,12 @@ func TestAddDetectArgs(t *testing.T) {
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
},
@ -522,11 +541,12 @@ func TestAddDetectArgs(t *testing.T) {
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.included.detector.types=MAVEN,GRADLE",
@ -560,11 +580,12 @@ func TestAddDetectArgs(t *testing.T) {
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.included.detector.types=MAVEN,GRADLE",
@ -598,11 +619,12 @@ func TestAddDetectArgs(t *testing.T) {
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.included.detector.types=MAVEN,GRADLE",
@ -638,11 +660,12 @@ func TestAddDetectArgs(t *testing.T) {
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.project.user.groups=testGroup,testGroup2\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"\"--detect.code.location.name=testLocation\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.included.detector.types=MAVEN,GRADLE",
@ -662,15 +685,22 @@ func TestAddDetectArgs(t *testing.T) {
CodeLocation: "",
ScanPaths: []string{"path1", "path2"},
MinScanInterval: 4,
//Temp until 25.09.2023
//Unmap: true,
// --------------------
},
expected: []string{
"--testProp1=1",
"--detect.blackduck.signature.scanner.arguments='--min-scan-interval=4'",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.code.location.name='testName/1.0'\"",
"\"--detect.project.name=testName\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.code.location.name=testName/1.0\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -687,16 +717,23 @@ func TestAddDetectArgs(t *testing.T) {
ScanPaths: []string{"path1", "path2"},
MinScanInterval: 4,
CustomScanVersion: "1.0",
//Temp until 25.09.2023
//Unmap: true,
// --------------------
},
isPullRequest: true,
expected: []string{
"--testProp1=1",
"--detect.blackduck.signature.scanner.arguments='--min-scan-interval=4'",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='Rapid_scan_on_PRs'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.code.location.name='Rapid_scan_on_PRs/1.0'\"",
"\"--detect.project.name=Rapid_scan_on_PRs\"",
"\"--detect.project.version.name=1.0\"",
"\"--detect.code.location.name=Rapid_scan_on_PRs/1.0\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
"--detect.blackduck.scan.mode='RAPID'",
@ -723,20 +760,27 @@ func TestAddDetectArgs(t *testing.T) {
},
ExcludedDirectories: []string{"dir3,dir4"},
MinScanInterval: 4,
CustomScanVersion: "2.0",
//Temp until 25.09.2023
//Unmap: true,
// --------------------
CustomScanVersion: "2.0",
},
isPullRequest: true,
expected: []string{
"--testProp1=1",
"--detect.blackduck.signature.scanner.arguments='--min-scan-interval=4'",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--detect.detector.search.depth=5",
"--detect.detector.search.continue=false",
"--detect.excluded.directories=dir1,dir2",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='Rapid_scan_on_PRs'\"",
"\"--detect.project.version.name='2.0'\"",
"\"--detect.code.location.name='Rapid_scan_on_PRs/2.0'\"",
"\"--detect.project.name=Rapid_scan_on_PRs\"",
"\"--detect.project.version.name=2.0\"",
"\"--detect.code.location.name=Rapid_scan_on_PRs/2.0\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
"--detect.blackduck.scan.mode='RAPID'",
@ -760,13 +804,19 @@ func TestAddDetectArgs(t *testing.T) {
ScanProperties: []string{
"--detect.maven.build.command= --settings .pipeline/settings.xml -DskipTests install",
},
MinScanInterval: 4,
MinScanInterval: 4,
//Temp until 25.09.2023
//Unmap: true,
// --------------------
CustomScanVersion: "2.0",
},
isPullRequest: true,
expected: []string{
"--testProp1=1",
"--detect.blackduck.signature.scanner.arguments='--min-scan-interval=4'",
//Temp until 25.09.2023
"--detect.project.codelocation.unmap=true",
// --------------------
"--detect.maven.build.command=",
"--settings",
".pipeline/settings.xml",
@ -774,9 +824,10 @@ func TestAddDetectArgs(t *testing.T) {
"install",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='Rapid_scan_on_PRs'\"",
"\"--detect.project.version.name='2.0'\"",
"\"--detect.code.location.name='Rapid_scan_on_PRs/2.0'\"",
"\"--detect.project.name=Rapid_scan_on_PRs\"",
"\"--detect.project.version.name=2.0\"",
"\"--detect.code.location.name=Rapid_scan_on_PRs/2.0\"",
"\"--detect.force.success.on.skip=true\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
"--detect.blackduck.scan.mode='RAPID'",

19
resources/metadata/detectExecuteScan.yaml
View File

@ -297,28 +297,43 @@ spec:
- STAGES
- STEPS
deprecated: true
- name: useDetect7
description:
"This flag allows to use the currently supported 8 version of Detect Script instead of v7"
aliases:
- name: detect/useDetect7
type: bool
scope:
- PARAMETERS
- STAGES
- STEPS
default: false
- name: useDetect8
description:
"This flag allows to use the currently supported 8 version of Detect Script instead of v7"
aliases:
- name: detect/useDetect8
deprecated: true
type: bool
scope:
- PARAMETERS
- STAGES
- STEPS
default: false
default: true
deprecated: true
- name: successOnSkip
description:
"This flag allows forces Black Duck to exit with 0 error code if any step is skipped"
aliases:
- name: detect/successOnSkip
deprecated: true
type: bool
scope:
- PARAMETERS
- STAGES
- STEPS
default: false
default: true
deprecated: true
- name: customEnvironmentVariables
description:
"A list of environment variables which can be set to prepare the environment to run a BlackDuck scan. This includes a list of environment variables defined by