feat(detectExecuteScan) enabling possibility to scan MTA projects (#4300)

* feat(detectExecuteScan) enabling possibility to scan MTA projects
2025-01-18 05:18:24 +02:00 · 2023-03-27 10:42:39 +02:00 · 2023-03-27 10:42:39 +02:00 · e55c2f857c
commit e55c2f857c
parent d76246d781
4 changed files with 71 additions and 9 deletions
--- a/cmd/detectExecuteScan.go
+++ b/cmd/detectExecuteScan.go
@ -301,6 +301,15 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
 	// instead of all properties being part of a single string
 	config.ScanProperties = piperutils.SplitAndTrim(config.ScanProperties, " ")

+	if config.BuildTool == "mta" {
+		args = append(args, "--detect.detector.search.depth=100")
+		args = append(args, "--detect.detector.search.continue=true")
+	}
+
+	if len(config.ExcludedDirectories) != 0 {
+		args = append(args, fmt.Sprintf("--detect.excluded.directories=%s", strings.Join(config.ExcludedDirectories, ",")))
+	}
+
 	if config.ScanOnChanges {
 		args = append(args, "--report")
 		config.Unmap = false
--- a/cmd/detectExecuteScan_generated.go
+++ b/cmd/detectExecuteScan_generated.go
@ -55,6 +55,8 @@ type detectExecuteScanOptions struct {
 	Assignees                   []string `json:"assignees,omitempty"`
 	CustomTLSCertificateLinks   []string `json:"customTlsCertificateLinks,omitempty"`
 	FailOnSevereVulnerabilities bool     `json:"failOnSevereVulnerabilities,omitempty"`
+	BuildTool                   string   `json:"buildTool,omitempty"`
+	ExcludedDirectories         []string `json:"excludedDirectories,omitempty"`
 }

 type detectExecuteScanInflux struct {
@ -285,6 +287,8 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
 	cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.")
 	cmd.Flags().StringSliceVar(&stepConfig.CustomTLSCertificateLinks, "customTlsCertificateLinks", []string{}, "List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with repositories (like nexus) when publish flag is set to true.")
 	cmd.Flags().BoolVar(&stepConfig.FailOnSevereVulnerabilities, "failOnSevereVulnerabilities", true, "Whether to fail the step on severe vulnerabilties or not")
+	cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", os.Getenv("PIPER_buildTool"), "Defines the tool which is used for building the artifact.")
+	cmd.Flags().StringSliceVar(&stepConfig.ExcludedDirectories, "excludedDirectories", []string{}, "List of directories which should be excluded from the scan.")

 	cmd.MarkFlagRequired("token")
 	cmd.MarkFlagRequired("projectName")
@ -649,6 +653,29 @@ func detectExecuteScanMetadata() config.StepData {
 						Aliases:     []config.Alias{},
 						Default:     true,
 					},
+					{
+						Name: "buildTool",
+						ResourceRef: []config.ResourceReference{
+							{
+								Name:  "commonPipelineEnvironment",
+								Param: "buildTool",
+							},
+						},
+						Scope:     []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
+						Type:      "string",
+						Mandatory: false,
+						Aliases:   []config.Alias{},
+						Default:   os.Getenv("PIPER_buildTool"),
+					},
+					{
+						Name:        "excludedDirectories",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
+						Type:        "[]string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{{Name: "detect/excludedDirectories"}},
+						Default:     []string{},
+					},
 				},
 			},
 			Containers: []config.Container{
--- a/cmd/detectExecuteScan_test.go
+++ b/cmd/detectExecuteScan_test.go
@ -355,18 +355,23 @@ func TestAddDetectArgs(t *testing.T) {
 		{
 			args: []string{"--testProp1=1"},
 			options: detectExecuteScanOptions{
-				ScanProperties:  []string{"--scan1=1", "--scan2=2"},
-				ServerURL:       "https://server.url",
-				Token:           "apiToken",
-				ProjectName:     "testName",
-				Version:         "1.0",
-				VersioningModel: "major-minor",
-				CodeLocation:    "",
-				Scanners:        []string{"signature"},
-				ScanPaths:       []string{"path1", "path2"},
+				BuildTool:           "mta",
+				ExcludedDirectories: []string{"dir1", "dir2"},
+				ScanProperties:      []string{"--scan1=1", "--scan2=2"},
+				ServerURL:           "https://server.url",
+				Token:               "apiToken",
+				ProjectName:         "testName",
+				Version:             "1.0",
+				VersioningModel:     "major-minor",
+				CodeLocation:        "",
+				Scanners:            []string{"signature"},
+				ScanPaths:           []string{"path1", "path2"},
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.detector.search.depth=100",
+				"--detect.detector.search.continue=true",
+				"--detect.excluded.directories=dir1,dir2",
 				"--scan1=1",
 				"--scan2=2",
 				"--blackduck.url=https://server.url",
--- a/resources/metadata/detectExecuteScan.yaml
+++ b/resources/metadata/detectExecuteScan.yaml
@ -406,6 +406,27 @@ spec:
        scope:
          - PARAMETERS
        default: true
+      - name: buildTool
+        type: string
+        description: "Defines the tool which is used for building the artifact."
+        scope:
+          - GENERAL
+          - PARAMETERS
+          - STAGES
+          - STEPS
+        resourceRef:
+          - name: commonPipelineEnvironment
+            param: buildTool
+      - name: excludedDirectories
+        description:
+          "List of directories which should be excluded from the scan."
+        aliases:
+          - name: detect/excludedDirectories
+        type: "[]string"
+        scope:
+          - PARAMETERS
+          - STAGES
+          - STEPS
  outputs:
    resources:
      - name: influx