1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-18 05:18:24 +02:00

32 Commits

Author SHA1 Message Date
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests (#3943)
* chore: cleanup reporting & some incorrect file usage in tests

* cleanup interface

* chore: remove comment

* preserve error handling

* Rename FileUtils.go to fileUtils.go

* clean up formatting

* chore: address static check findings

* fix brittle test

* chore: cleanup formatting
2022-08-09 10:57:02 +02:00
Oliver Nocon
43bbea477c
fix(protecodeExecuteScan): correct regex pattern for replacing spaces (#3941) 2022-08-05 16:16:36 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues (#3878)
* chore: fix linting issues

* add more fixes

* correct formatting

* Delete depl.yaml
2022-07-21 09:04:21 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities (#3889)
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.

This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
Anil Keshav
e6724d7f05
fix (whitesourceExecuteScan) keep tar extension for target image donwload (#3774)
* explicitly adding tar extension to project name when constructing the targetFilePath for whitesource docker image download

* comments

* correcting comment for better readability

* replace spaces in the project name with underscroe

* better comments

* passing legacy format download

* appending format to value

* keeping the download format for protecode as legacy

* improving docu

* keeping legacy format the default

* keeping tar file name same as project name to avoid duplicate names

* keeping legacy format download hard coded

Co-authored-by: anilkeshav27 <you@example.com>
2022-05-13 18:56:41 +02:00
Christian Volk
22f6aa156f
feat(docker): use crane for pulling docker images (#3652) 2022-03-23 10:02:00 +01:00
Umidjon Urunov
c2ebdfd9ec
feat(protecode): add versioning model (#3373)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* protecodeExecuteScan :: versioning model draft - 1

* protecodeExecuteScan :: version model draft-2

* protecodeExecuteScan :: changing filename and version concatenation

* protecodeExecuteScan :: update documentation

* protecodeExecuteScan :: double URL encoding has been corrected & console messaging improved

* protecodeExecuteScan :: fixed Go/generate validation fail

* protecodeExecuteScan :: fixing failed unit tests

* protecodeExecuteScan :: Version field added

* protecodeExecuteScan :: Version field add => minor changes

* protecodeExecuteScan :: Version field add => fixing tests

Co-authored-by: D072410 <giridhar.shenoy@sap.com>
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-01-19 10:30:59 +01:00
Umidjon Urunov
3d341b4b24
protecodeExecuteScan -> adding replace binary option (#2778)
* protecodeExecuteScan -> [draft-1] adding replace binary option

* protecodeExecuteScan -> replace binary option extension

* protecodeExecuteStep :: fixing generete & format checks

* protecodeExecuteStep :: fixing TestUploadScanFileSuccess & clean up debug printings

* Update protecodeExecuteScan_test.go

* protecodeExecuteScan :: removing duplicate test cases

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-09-13 11:13:48 +02:00
larsbrueckner
794f4f9742
cmd/protecodeExecuteScan.go fix webReportPath for generated URLs (#3048)
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-09-01 13:21:48 +02:00
larsbrueckner
dbbbe1f0b3
Updates to toolrecord framework (#2986)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames

* add protecode group's URL to toolrecord data

* fix syntax error from previous commit in cmd/protecodeExecuteScan.go

* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go

* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL

* update description

* add toolrecord file to detectExecuteScan

* toolrecord/whitesource: add project names as context

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-07-23 08:48:48 +02:00
Sven Merk
3e7595920f
feat(protecodeExecuteScan): Add protecode report (#2981)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text

* Add protecode report

* Fix fmt

* Add error handling
2021-07-12 12:20:25 +02:00
larsbrueckner
61fe88e199
Add "toolrecord" files to Fortify, Checkmarx, Protecode and Whitesource results (#2929)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-23 15:05:00 +02:00
Oliver Nocon
188e409a87
feat(protecodeExecuteScan): allow scanning a binary (#2889)
* feat(protecodeExecuteScan): allow scanning a binary

so far the step only accepts a Docker image or a FetchURL
This adds functionality to also pass a FilePath

* Update protecodeExecuteScan.go

* Update protecodeExecuteScan.go

* Update protecodeExecuteScan.go

* Update protecodeExecuteScan.go

* Update protecodeExecuteScan.go

* Update protecodeExecuteScan.go

* Fix fmt

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sven Merk <s.merk@sap.com>
2021-06-17 09:40:21 +02:00
Christopher Fenner
367ca6211a
refactor(protecode): simplify protecode calls (#2838)
* simplify protecode calls

* add todos

* reomve todo

* restore go.sum

* Update cmd/protecodeExecuteScan.go

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>

* Apply suggestions from code review

* remove productID

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-15 22:29:24 +02:00
Christopher Fenner
aaa1869ec0
feat(protecode): rename artifactVersion to version (#2813)
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-05-05 19:52:13 +02:00
Christopher Fenner
2426486e7b
feat(sonar): add versioningModel and customScanVersion to sonar scan (#2787)
* add versioningModel parameter

* extract versioning model to own package

* move log message

* use versioning method

* add customScanVersion parameter

* use customScanVersion

* adjust docs on other steps

* update test case
2021-05-05 09:02:19 +02:00
Christopher Fenner
4603bf3c0e
refactor(protecode): rename parameter reuseExisting (#2809)
* rename parameter

* update code

* correct tests
2021-05-04 15:03:43 +02:00
Sven Merk
d52a1a3619
Influx step execution reporting (#2700)
* Influx step execution reporting

* influx for newmanExecute added

Co-authored-by: lndrschlz <leander.schulz01@sap.com>
2021-03-18 10:32:03 +01:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements (#2171)
* update data type of influx measurements

* Update checkmarx.yaml

* pick changes from #1885 for testing

* update generated code

* update to new datatype

* adjust to type changes

* change back to string type

* Update fortifyExecuteScan.go

* add typo to be backward compatible

* change type to int for files_scanned and lines_of_code_scanned

* add typo

* add measurements to whitesource

* update generated sources

* adjust test cases

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 16:00:53 +01:00
Jesse Awan
ea203a2c69
fix(protecode): handle sha256 in upload artifacts (#2532)
* add sha256 check to protecodeExecuteScan

* remove trailing spaces

* add Unit-Test for getTarName

* Apply suggestions from code review

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-01-26 09:59:10 +01:00
Oliver Nocon
e497b0050a
improve error categorization (#2118) 2020-10-05 17:46:44 +02:00
Christopher Fenner
f7d881d602
fix(protecode): correct project naming (#1975)
* fix project naming

* add test case for getTarName

* correct tar filename generation

* handle empty version
2020-09-02 15:00:55 +02:00
Christopher Fenner
b59bac7892
fix(protecode): respect failOnSevereVulnerabilities parameter (#1969)
* fix redundant type issues

* cleanup

* extract report function for protecode package

* use speaking status constant for API results

* remove unconsidered return value

* correct switch statement

* handle severe vulnerabilities

* Apply suggestions from code review

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>

* correct test name

* return errors from WriteReport function

* expose ReportData struct

* set Error Category

* refactor constant visibility

* change type name

* describe type

* change type name

* fail after report generation

* do not fail on report write errors

* add error as return value

* fix typo

* use require statements

* assert major vulnerabilities

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-09-02 10:41:12 +02:00
Christopher Fenner
173b453d84
refactor(protecode): add explicit parameter for Docker config.json file (#1914)
* add dedicated property to handle docker config file

* switch to dockerConfigJSON in groovy

* use DockerConfigJSON

* add secret reference

* Update protecode.yaml

* Update protecode.yaml

* improve docs

* update generated sources
2020-08-12 14:57:11 +02:00
Christopher Fenner
9340729646
chore(protecode): be more verbose about docker credentials (#1911)
* log more information about docker credentials

* remove println

* fix format issues

* Update protecodeExecuteScan.go

* correct weird space characters

* add test case for correctDockerConfigEnvVar
2020-08-11 14:42:08 +02:00
Christopher Fenner
0a02fe1fb8
refactor(protecode): handle reports inside go (#1891)
* publish artifacts

* publish project report link

* archive scan report

* fix typo

* remove obsolete reading iof result file

* publish sidebar link

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-08-07 13:03:38 +02:00
Christopher Fenner
e4f827118b
refactor(protecode): handle DOCKER_CONFIG in go (#1502)
* handle DOCKER_CONFIG in go

* cleanup

* always use parent dir

* take care of errors
2020-05-06 16:07:10 +02:00
Stephan Aßmus
082b249cc0
Fix logrus buffer issue (#1511) 2020-05-06 13:35:40 +02:00
Oliver Nocon
3a9bc54711
protecodeExecuteScan - align user parameter (#1426)
align parameter name for scan user with other steps
2020-04-20 16:44:01 +02:00
Christopher Fenner
c190deee44
refactor(sonar): switch to Sonar scan in GO (#1320)
* use sonar go in groovy

* use SONAR_TOKEN

* only use owner/repo if both are set

* trim version to major version digit

* fix code climate issues

* remove Sonar defaults

* use sonar go step

* use SONAR_TOKEN

* use certs from parameters

* use docker workspace & options

* add instance parameter

* implement branchName

* implement branchName

* remove duplicate default

* update docs

* fix TODOs

* remove merge mess

* fix code climate issue

* address comments

* respect custom defaults and custom config file name

* fix typo

* remove obsolete test cases

* disable CommonStepChecks

* check step config instead of context config

* remove TODOs

* respect jenkins PR envvars

* use value from stepConfig

* Update vars/sonarExecuteScan.groovy

* rename options to config

* correct type for options

* add test cases

* log sonar.options in debug message

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-04-08 12:55:46 +02:00
redehnroV
c37df0d55e
Adjust protecode influx parameter (#1161) 2020-02-07 14:12:40 +01:00
redehnroV
2ebf2010b7
Protecode as GoLang (#1119)
* Protecode as go implementation

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-02-06 16:16:34 +01:00