feat(detectExecuteScan): generate ip result json (#2945)

* feat(detectExecuteScan): generate ip result json json will currently only be created in success cases. No information about policy violation details available in the step yet. * update report name * Update cmd/detectExecuteScan.go Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com> * Update cmd/detectExecuteScan.go Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com> * Update cmd/detectExecuteScan_test.go Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com> * Update cmd/detectExecuteScan_test.go Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com> Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
2025-10-30 23:57:50 +02:00 · 2021-07-23 09:36:16 +02:00
parent dbbbe1f0b3
commit cf39f37d9a
2 changed files with 49 additions and 1 deletions
--- a/cmd/detectExecuteScan.go
+++ b/cmd/detectExecuteScan.go
@@ -1,10 +1,12 @@
 package cmd

 import (
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strings"

 	piperhttp "github.com/SAP/jenkins-library/pkg/http"
@@ -124,7 +126,33 @@ func runDetect(config detectExecuteScanOptions, utils detectUtils) error {
 	utils.SetDir(".")
 	utils.SetEnv(envs)

-	return utils.RunShell("/bin/bash", script)
+	err = utils.RunShell("/bin/bash", script)
+	if err == nil && piperutils.ContainsString(config.FailOn, "BLOCKER") {
+		violations := struct {
+			PolicyViolations int      `json:"policyViolations"`
+			Reports          []string `json:"reports"`
+		}{
+			PolicyViolations: 0,
+			Reports:          []string{},
+		}
+
+		if files, err := utils.Glob("**/*BlackDuck_RiskReport.pdf"); err == nil && len(files) > 0 {
+			// there should only be one RiskReport thus only taking the first one
+			_, reportFile := filepath.Split(files[0])
+			violations.Reports = append(violations.Reports, reportFile)
+		}
+
+		violationContent, err := json.Marshal(violations)
+		if err != nil {
+			return fmt.Errorf("failed to marshal policy violation data: %w", err)
+		}
+
+		err = utils.FileWrite("blackduck-ip.json", violationContent, 0666)
+		if err != nil {
+			return fmt.Errorf("failed to write policy violation report: %w", err)
+		}
+	}
+	return err
 }

 func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error {
--- a/cmd/detectExecuteScan_test.go
+++ b/cmd/detectExecuteScan_test.go
@@ -66,6 +66,26 @@ func TestRunDetect(t *testing.T) {
 		assert.Equal(t, expectedScript, utilsMock.Calls[0])
 	})

+	t.Run("success case - with report", func(t *testing.T) {
+		t.Parallel()
+		utilsMock := newDetectTestUtilsBundle()
+		utilsMock.AddFile("detect.sh", []byte(""))
+		utilsMock.AddFile("my_BlackDuck_RiskReport.pdf", []byte(""))
+		err := runDetect(detectExecuteScanOptions{FailOn: []string{"BLOCKER"}}, utilsMock)
+
+		assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect.sh"], "detect.sh")
+		assert.True(t, utilsMock.HasRemovedFile("detect.sh"))
+		assert.NoError(t, err)
+		assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
+		assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
+		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" --detect.policy.check.fail.on.severities=BLOCKER \"--detect.code.location.name=''\" --detect.source.path='.'"
+		assert.Equal(t, expectedScript, utilsMock.Calls[0])
+
+		content, err := utilsMock.FileRead("blackduck-ip.json")
+		assert.NoError(t, err)
+		assert.Contains(t, string(content), `"policyViolations":0`)
+	})
+
 	t.Run("failure case", func(t *testing.T) {
 		t.Parallel()
 		utilsMock := newDetectTestUtilsBundle()