diff --git a/cmd/codeqlExecuteScan.go b/cmd/codeqlExecuteScan.go index fd8b1833a..36d185c84 100644 --- a/cmd/codeqlExecuteScan.go +++ b/cmd/codeqlExecuteScan.go @@ -282,7 +282,14 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem //codeql has an autobuilder which tries to build the project based on specified programming language if len(config.BuildCommand) > 0 { - cmd = append(cmd, "--command="+config.BuildCommand) + buildCmd := config.BuildCommand + if len(config.ProjectSettingsFile) > 0 && config.BuildTool == "maven" { + buildCmd = fmt.Sprintf("%s --settings=%s", buildCmd, config.ProjectSettingsFile) + } + if len(config.GlobalSettingsFile) > 0 && config.BuildTool == "maven" { + buildCmd = fmt.Sprintf("%s --global-settings=%s", buildCmd, config.GlobalSettingsFile) + } + cmd = append(cmd, "--command="+buildCmd) } err = execute(utils, cmd, GeneralConfig.Verbose) diff --git a/cmd/codeqlExecuteScan_generated.go b/cmd/codeqlExecuteScan_generated.go index 58ab04af3..d842486ce 100644 --- a/cmd/codeqlExecuteScan_generated.go +++ b/cmd/codeqlExecuteScan_generated.go @@ -39,6 +39,8 @@ type codeqlExecuteScanOptions struct { CommitID string `json:"commitId,omitempty"` VulnerabilityThresholdTotal int `json:"vulnerabilityThresholdTotal,omitempty"` CheckForCompliance bool `json:"checkForCompliance,omitempty"` + ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` + GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` } type codeqlExecuteScanReports struct { @@ -204,6 +206,8 @@ func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScan cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "SHA of commit that was analyzed.") cmd.Flags().IntVar(&stepConfig.VulnerabilityThresholdTotal, "vulnerabilityThresholdTotal", 0, "Threashold for maximum number of allowed vulnerabilities.") cmd.Flags().BoolVar(&stepConfig.CheckForCompliance, "checkForCompliance", false, "If set to true, the piper step checks for compliance based on vulnerability threadholds. Example - If total vulnerabilites are 10 and vulnerabilityThresholdTotal is set as 0, then the steps throws an compliance error.") + cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.") + cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.") cmd.MarkFlagRequired("buildTool") } @@ -424,6 +428,24 @@ func codeqlExecuteScanMetadata() config.StepData { Aliases: []config.Alias{}, Default: false, }, + { + Name: "projectSettingsFile", + ResourceRef: []config.ResourceReference{}, + Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, + Type: "string", + Mandatory: false, + Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, + Default: os.Getenv("PIPER_projectSettingsFile"), + }, + { + Name: "globalSettingsFile", + ResourceRef: []config.ResourceReference{}, + Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, + Type: "string", + Mandatory: false, + Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, + Default: os.Getenv("PIPER_globalSettingsFile"), + }, }, }, Containers: []config.Container{ diff --git a/resources/metadata/codeqlExecuteScan.yaml b/resources/metadata/codeqlExecuteScan.yaml index 9cb74ce86..c6503dc26 100644 --- a/resources/metadata/codeqlExecuteScan.yaml +++ b/resources/metadata/codeqlExecuteScan.yaml @@ -188,6 +188,26 @@ spec: - PARAMETERS - STAGES - STEPS + - name: projectSettingsFile + type: string + description: Path to the mvn settings file that should be used as project settings file. + scope: + - GENERAL + - STEPS + - STAGES + - PARAMETERS + aliases: + - name: maven/projectSettingsFile + - name: globalSettingsFile + type: string + description: Path to the mvn settings file that should be used as global settings file. + scope: + - GENERAL + - STEPS + - STAGES + - PARAMETERS + aliases: + - name: maven/globalSettingsFile containers: - image: "" outputs: