1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

37 Commits

Author SHA1 Message Date
Jordi van Liempt
0ba4c2206c
chore(deps): Replace io/ioutil package (#4494)
* update all deprecated ioutil usages

* forgotten changes

* add missing imports

* undo changing comment

* add missing 'os' import

* fix integration test

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2023-08-16 12:57:04 +02:00
Akramdzhon Azamov
b703995917
feat(detectExecuteScan): deprecating parameter scanOnChanges (#4473)
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-07-19 15:25:17 +05:30
Andrei Kireev
ae4550d0dd
fix(detectExecuteScan) Fixed problem with duplication of maven command (#4412)
* Fixed problem with duplication of maven command

* go fmt
2023-06-23 14:24:03 +02:00
Jk1484
ffc931aad1
feat(golangBuild): use 'unit' build tag to include tests during test execution (#4345)
* Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files.

* Added unit build tag to all unit test files.

* added to new unit test unit build tag

* Update verify-go.yml

* small fix

---------

Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2023-05-03 21:02:11 +05:00
Andrei Kireev
ba761f0fc4
fix(detectExecuteScan): Fixed issue with duplication of parameters when specifying them in scanProperties (#4304)
* Fixed issue with duplication of parameters search.depth/search.continue/excluded.directories
2023-03-28 09:10:54 +02:00
Andrei Kireev
e55c2f857c
feat(detectExecuteScan) enabling possibility to scan MTA projects (#4300)
* feat(detectExecuteScan) enabling possibility to scan MTA projects
2023-03-27 10:42:39 +02:00
Andrei Kireev
22f61be2c4
Removed downloading of detect script version 6 (#4261)
Co-authored-by: ffeldmann <f.feldmann@sap.com>
2023-03-07 14:43:14 +01:00
Akramdzhon Azamov
f4fbf0f1ed
feat(detectExecuteScan) execution of rapid scans (#4211)
Co-authored-by: akram8008 <900658008.akram@email.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
Co-authored-by: ffeldmann <f.feldmann@sap.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-03-02 11:04:21 +01:00
Andrei Kireev
121d527c0b
fix(detectExecuteScan): Fix issues with the sarif file (#4100)
* fix(detectExecuteScan): Fix issues with the sarif file

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-12-01 14:17:53 +05:30
Sven Merk
e8ba1b043d
Fix(detectExecuteScan): rework struct methods to meet interface requirements (#4048)
* Fixed struct methods to meet interface requirements

* Fix test and ruleID

* Small adjustments

* Readability of code

* Added testcases

* Code rework

* Fix fmt

* Mod

* Fix taxonomy

* Fix ruleIndex

* Fix taxonomies

* Fix format

* Remove name

* Fix Fortify and Checkmarx SARIF

* Fix fmt, address comments

* Addressing comments

* Fix fmt
2022-10-10 10:06:20 +02:00
Giridhar Shenoy
d31c0584ff
detectExecuteScan : Add minScanInterval parameter through Piper (#4006)
* add minscaninterval parameter

* update detectExec

* removed a single trailing space which caused a lint failure

* Add test case

* Ensure unmap is false

* fix test case

* update format of param value
2022-09-26 14:08:12 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues (#3924)
* feat: improve vulnerability reporting via GitHub issues

* feat: update reports

* chore: add tls cert links

* only write log on error

* chore: update formatting

* chore: update handling of direct dependencies

* chore: fix linting issue

* chore: minor updates
2022-08-02 08:26:26 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities (#3889)
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.

This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
Giridhar Shenoy
e6115a54b2
detectExecuteScan : Bug fix : Dont consider ignored components (#3867)
* fix project version limiting issue

* add tests for detectExecute

* fix bug with vuln count

* adjust unit tests

* update documentation for detect versions
2022-07-11 10:50:31 +02:00
Giridhar Shenoy
fe9b3a796b
detectExecuteScan: fix project version limiting api call (#3754)
* fix project version limiting issue

* add tests for detectExecute
2022-05-05 09:58:43 +02:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637)
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
Giridhar Shenoy
286ff1b6ef
detectExecuteScan : support for detect 7 (#3453)
* enable detect 7 script

* unit test uses detect7 as default

* add detect6 test case

* add check for OSEnv detect version

* add test for OSEnv detect version

* update customEnvironmentVariables docu

* fix linting

Co-authored-by: ffeldmann <f.feldmann@sap.com>
2022-02-08 11:55:01 +01:00
Giridhar Shenoy
db805f22d5
detectExecuteScan: Fail step when License policy violations are found (#3106)
* fail step for license violation

* add toolrecord creation

* toolrecord generation in all cases
2021-09-20 11:28:16 +02:00
Umidjon Urunov
e7fbd1c112
detectExecuteStep :: Adding error code mapping (#3069)
* feat(detectExecuteScan): generate ip result json

json will currently only be created in success cases.

No information about policy violation details available in the step yet.

* update report name

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* move blackduck api package

* detectExecuteStep :: Adding error code mapping

* detectExecuteScan :: fixing generate/format check failure

* detectExecuteScan :: fixing typo in test

* detectExecuteStep :: Fixing unit tests and formating issue

* detectExecuteStep :: fixing test case -> TestExitCodeMapping

Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
2021-09-07 17:52:55 +02:00
Giridhar Shenoy
b92e7f699c
detectExecuteScan : Policy reports in HTML, JSON and for cumulus (#3057)
* add policy status reports

* add policy status and cumulus json

* update projectver link + test

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-09-07 17:17:03 +02:00
Giridhar Shenoy
045c72cd3e
detect : Create html and json report upon scan completion (#3042)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* add basic reporting

* write html and json reports

* fix syntax errors and tests

* sort values in report by vuln

* add more unit tests

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-08-12 15:58:33 +02:00
Oliver Nocon
cf39f37d9a
feat(detectExecuteScan): generate ip result json (#2945)
* feat(detectExecuteScan): generate ip result json

json will currently only be created in success cases.

No information about policy violation details available in the step yet.

* update report name

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
2021-07-23 09:36:16 +02:00
Giridhar Shenoy
eec0ebb235
fix(detect): bug fix for codelocation not picking the right location (#2745)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

* Set default scanonchange to true

* handle multiple unmap true params

* add custom env variables

* fix codeclimate issues

* Update resources/metadata/detect.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Update resources/metadata/detect.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* update generated files from yaml

* bug fix - revert code location changes

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-04-08 11:04:49 +02:00
Giridhar Shenoy
03f46ef90c
DetectExecuteScan : Codelocations autodetermined by detect script (#2704)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-26 13:06:13 +01:00
Giridhar Shenoy
2b56e8594e
fix(detect): Scanonchanges : bug fix for escaping spaces in parameters (#2561)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code

* add the the scanOnChanges parameter to detect

* fix codeclimate issue

* updated detect.yaml

* bug fix for parameters with quoting spaces

* add additional test case

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-02-02 15:43:12 +01:00
Giridhar Shenoy
d3f31acc9f
feat(detect): Scanonchanges : Parameter to reduce scan running time and load on BlackDuck server (#2538)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code

* add the the scanOnChanges parameter to detect

* fix codeclimate issue

* updated detect.yaml

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-01-29 10:17:02 +01:00
Giridhar Shenoy
205bbc1bed
fix(detect): scan paths to better handle signature scan and dependency scan paths (#2508)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* revert to clean version

* add unmap parameter to detect

* Added Additional parameters for BlackDuck scan

* Added detect tools paramater

* fix detect.yaml to accept correct data type

* fix codeclimate issue in detect.yaml

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-01-21 14:57:00 +01:00
Fabian Reh
bf39d2aacc
Enable parallel execution with reused mocks (#2331)
* Enables parallel execution and prevent reuse of file mock

* Fixes warnings

* Makes tests proper parallelized

* Update cmd/mavenExecuteIntegration_test.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2020-11-10 08:44:52 +01:00
Daniel Kurzynski
7946265e21
Install maven artifacts before running Detect (#2292) 2020-11-03 11:08:23 +01:00
Stephan Aßmus
2f83ba56da
Make sure detect.sh is removed after use (#2238)
Should avoid issues with this file being owned by root (perhaps via running in docker container), preventing the workspace from being cleaned properly.
2020-10-27 14:29:22 +01:00
Oliver Nocon
b506235398
detect: add parameter aliases (#2099)
* align parameters for Detect

* include feedback

* update generation and formatting

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
2020-10-01 13:34:51 +02:00
Daniel Kurzynski
8ee0d358b9
Support maven params in detect scan (#1855)
Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-07-30 10:35:46 +02:00
Giridhar Shenoy
0fc131adec
detectExecuteScan : Changes to include user group and handle build fails (#1775)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-28 10:48:19 +02:00
Oliver Nocon
d8553ab53d
detectExecuteScan: update versioning (#1845)
* detectExecuteScan: update versioning

align with Fortify to also use the same versioning model by default.

* fix CodeClimate findings
2020-07-27 12:01:59 +02:00
Florian Geckeler
ef330e1eee
Move mock capabilities to pkg/mock/runner and adapt all tests 2020-02-27 12:11:22 +01:00
Marcus Holl
d04edd5e8d
unify mocking for shell and exec runner (#1120)
* same behaviour for shellRunner and execRunner wrt errors and stdout

* replace shouldFail with shouldFailOnCommand

* [formatting only] format struct

* Move to regex for execptions and stdout

* shrink code
2020-02-21 10:56:53 +01:00
Oliver Nocon
4f57738888
Detect: Add golang implementation (#1049)
Add detect golang implementation
2019-12-13 09:55:45 +00:00