jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Code Issues Releases Activity
4,623 Commits 353 Branches 458 Tags 1.5 GiB
0f04b5f6e1
Commit Graph

34 Commits

Author SHA1 Message Date
Andrei Kireev
69347fe2af
feat(whitesourceExecuteStep) Unified audit format of vulnerabilities in SARIF file for whitesource (#4465) 
* Unified audit state for whitesource step

* reverted unrelated to pr changes

* go fmt

* Fixed tests and formating

* fixed format issue in whitesource/reporting.go

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2023-08-15 08:26:57 +02:00
Leonard Heilos
c15448b4e0
feat(whitesourceExecuteScan): allow to specify InstallCommand (#4376) 
* feat(whitesourceExecuteScan) allow to specify InstallCommand

* reorder imports

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
 2023-05-30 16:00:02 +02:00
Jk1484
ffc931aad1
feat(golangBuild): use 'unit' build tag to include tests during test execution (#4345) 
* Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files.

* Added unit build tag to all unit test files.

* added to new unit test unit build tag

* Update verify-go.yml

* small fix

---------

Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
 2023-05-03 21:02:11 +05:00
Andrei Kireev
27a3e687a5
Fix issue with not generating sarif file when projectName was specified (#4199) 
* Fixed bug in generating sarif file in whitesource step

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2023-02-07 16:10:21 +01:00
Vyacheslav Starostin
8071337a44
fix(whitesourceExecuteScan): respect versioning model and custom scan version (#4187) 
* Test

* Test

* Test

* Respect customScanVersion if filled

* Add test case

* Clean up

* Respect versioningModel

* Add test case

* Clean up

* Clean up
 2023-01-16 23:14:33 +06:00
Oliver Nocon
a2815c4567
fix(whitesourceExecuteScan): properly handle policy violations (#4089) 
* fix(whitesourceExecuteScan): properly handle policy violations

* update files

* update formatting

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2022-11-07 11:16:07 +01:00
Sven Merk
ea04a63412
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) 
* Fix potential nil reference

* Fix handling of assessed vulns

* Fix test code

* Add error detail

* Fix parsing

* Adding debug output

* Fix nil reference

* fix

* Add debug

* Update cmd/whitesourceExecuteScan.go

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>

* Update cmd/whitesourceExecuteScan.go

* Update cmd/whitesourceExecuteScan.go

* Fix fmt

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2022-10-13 10:34:02 +00:00
Sven Merk
c81e741224
Refinement of SARIF generation for BD and WS (#3942) 
* Fix docs and format

* Assessment format added

* Added sample file

* Added parsing

* Added packageurl implementation

* Slight refinement

* Refactored assessment options

* Adapted sample file

* First attempt of ws sbom gen

* Reworked SBOM generation

* Fix test code

* Add assessment handling

* Update dependencies

* Added golden test

* Small fix

* feat(fortify): Added a check for fortify binary in $PATH (#3925)

* added check for fortifyupdate and sourceanalyzer bin

Co-authored-by: sumeet patil <sumeet.patil@sap.com>

* Modify SARIF

* Enhanced SARID contents

* Small refinement for hub detect

* Small adjustments

* Extend SARIF contents

* Consistency to Mend part

* Fix tests

* Fix merge

* Fix test

* Add debug log, enhance output

* Enhance meta info

* Fix libType for node

* Fix log entry

* Fix pointers and test

* Fix test

* Fix library types

* Fix test

* Extend libType mappings

Co-authored-by: Vinayak S <vinayaks439@gmail.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2022-08-11 13:12:14 +02:00
Sven Merk
b3f37650a2
SBOM creation for Mend (#3934) 
* Fix docs and format

* Assessment format added

* Added sample file

* Added parsing

* Added packageurl implementation

* Slight refinement

* Refactored assessment options

* Adapted sample file

* First attempt of ws sbom gen

* Reworked SBOM generation

* Fix test code

* Add assessment handling

* Update dependencies

* Added golden test

* Small fix

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2022-08-09 13:56:01 +02:00
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests (#3943) 
* chore: cleanup reporting & some incorrect file usage in tests

* cleanup interface

* chore: remove comment

* preserve error handling

* Rename FileUtils.go to fileUtils.go

* clean up formatting

* chore: address static check findings

* fix brittle test

* chore: cleanup formatting
 2022-08-09 10:57:02 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues (#3924) 
* feat: improve vulnerability reporting via GitHub issues

* feat: update reports

* chore: add tls cert links

* only write log on error

* chore: update formatting

* chore: update handling of direct dependencies

* chore: fix linting issue

* chore: minor updates
 2022-08-02 08:26:26 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues (#3878) 
* chore: fix linting issues

* add more fixes

* correct formatting

* Delete depl.yaml
 2022-07-21 09:04:21 +02:00
Oliver Nocon
890c437c3f
fix(whitesourceExecuteScan): failOnSevereVulnerabilities (#3894) 
* fix(whitesourceExecuteScan): failOnSevereVulnerabilities

failOnSevereVulnerabilities has not been considered properly for security vulnerabilities.

* chore: remove comment

* chore: update formatting
 2022-07-18 14:36:29 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities (#3889) 
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.

This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2022-07-12 11:43:24 +02:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) 
* Added SARIF and GH issue creation
 2022-03-17 15:32:48 +01:00
Christian Volk
421168a169
fix(whitesourceExecuteScan): docker image download if dockerConfigJSON is set in vault (#3591) 
Co-authored-by: ffeldmann <f.feldmann@sap.com>
 2022-02-28 13:57:23 +01:00
Sven Merk
a1988f6808
feat(whitesourceExecuteScan): GitHub issue creation + SARIF (#3535) 
* Add GH issue creation + SARIF

* Code cleanup

* Fix fmt, add debug

* Code enhancements

* Fix

* Added debug info

* Rework UA log scan

* Fix code

* read UA version

* Fix nil reference

* Extraction

* Credentials

* Issue creation

* Error handling

* Fix issue creation

* query escape

* Query escape 2

* Revert

* Test avoid update

* HTTP client

* Add support for custom TLS certs

* Fix code

* Fix code 2

* Fix code 3

* Disable cert check

* Fix auth

* Remove implicit trust

* Skip verification

* Fix

* Fix client

* Fix HTTP auth

* Fix trusted certs

* Trim version

* Code

* Add token

* Added token handling to client

* Fix token

* Cleanup

* Fix token

* Token rework

* Fix code

* Kick out oauth client

* Kick out oauth client

* Transport wrapping

* Token

* Simplification

* Refactor

* Variation

* Check

* Fix

* Debug

* Switch client

* Variation

* Debug

* Switch to cert check

* Add debug

* Parse self

* Cleanup

* Update resources/metadata/whitesourceExecuteScan.yaml

* Add debug

* Expose subjects

* Patch

* Debug

* Debug2

* Debug3

* Fix logging response body

* Cleanup

* Cleanup

* Fix request body logging

* Cleanup import

* Fix import cycle

* Cleanup

* Fix fmt

* Fix NopCloser reference

* Regenerate

* Reintroduce

* Fix test

* Fix tests

* Correction

* Fix error

* Code fix

* Fix tests

* Add tests

* Fix code climate issues

* Code climate

* Code climate again

* Code climate again

* Fix fmt

* Fix fmt 2

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2022-02-23 09:30:19 +01:00
Oliver Nocon
f431054b6f
feat(WhiteSource): consume credentials from cpe (#3206) 
* feat: func for Docker config.json

Provide re-use function to create/update Docker conifg.json

* add comment

* update WhiteSource step

* fixes and additional tests
 2021-11-15 07:48:40 +01:00
Christian Volk
eee3c2302b
feat(whitesourceExecuteScan): evaluate dockerConfigJSON from pipeline… (#3185) 
* feat(whitesourceExecuteScan): evaluate dockerConfigJSON from pipeline environment

* Update cmd/whitesourceExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-10-25 09:07:46 +02:00
ffeldmann
3f6eb603c7
Error logging (#2947) 
* (feat) adds error logging output for downloading reports from whitesource

* Extended error logging with errors.Wrapf()

* Adjusted whitesource tests
 2021-06-30 11:11:41 +02:00
Johannes Schneider
c22e0a1f0e
[WhitesourceExecuteScan] Fix Inconsistencies in Aggregated Report (#2872) 
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
 2021-06-09 15:56:56 +02:00
Oliver Nocon
d04a7c2eb3
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) 
* feat(pipelineCreateScanSummary) Create groovy wrapper

* add command to binary

* stash step reports

* update stash

* fix typo

* unstash reports first

* update reporting

* update json reporting

* update tests & enhance logging

* update md report

* update md reporting

* fix rendering

* update tests
 2021-04-15 07:45:06 +02:00
Oliver Nocon
9b6a8cb3b6
feat(whitesource): create json report (#2699) 
* feat(withesource): create json report

* proper constant value

* update generation
 2021-03-19 11:10:08 +01:00
Oliver Nocon
2048c00d2c
whitesource: use only Unified Agent for scanning (#2707) 
don't use native build-tool specific plugins any longer.
They have been deprecated by WhiteSource mid 2019 already.

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
 2021-03-19 09:58:24 +01:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements (#2171) 
* update data type of influx measurements

* Update checkmarx.yaml

* pick changes from #1885 for testing

* update generated code

* update to new datatype

* adjust to type changes

* change back to string type

* Update fortifyExecuteScan.go

* add typo to be backward compatible

* change type to int for files_scanned and lines_of_code_scanned

* add typo

* add measurements to whitesource

* update generated sources

* adjust test cases

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-03-10 16:00:53 +01:00
Oliver Nocon
d47a17c8fc
feat(whitesource): consolidated reporting and versioning alignment (#2571) 
* update reporting and add todo comments

* enhance reporting, allow directory creation for reports

* properly pass reports

* update templating and increase verbosity of errors

* add todo

* add detail table

* update sorting

* add test and improve error message

* fix error message in test

* extend tests

* enhance tests

* enhance versioning behavior accoring to #1846

* create markdown overview report

* small fix

* fix small issue

* make sure that report directory exists

* align reporting directory with default directory from UA

* add missing comments

* add policy check incl. tests

* enhance logging and tests

* update versioning to allow custom version usage properly

* fix report paths and golang image

* update styling of md

* update test
 2021-02-10 16:18:00 +01:00
Stephan Aßmus
eff38f6c9d
whitesourcExecuteScan-go: Additional fixes (#2315) 
* Make sure the UA scan is known to the scan object. Fixes downloading reports later on.
* Move polling into pkg/whitesource, add test for e2e scan
* Remove conditions from stash config resource
* Don't use version stored in CPE. This will prevent the versioningModel from being applied.
 2020-11-10 09:09:51 +01:00
Oliver Nocon
26cfbf7357
fix(whitesourceExecuteScan) properly handle output resources (#2266) 
* fix(whitesourceExecuteScan) properly handle output resources

* fix merge issues

* add required aliases

* update generation

* fix reading custom and container environment parameters from cpe

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
 2020-11-02 08:51:58 +01:00
Stephan Aßmus
86f335811c
whitesourceExecuteScan-go: Implement parameters "timeout", "createProductFromPipeline" (#2246) 2020-10-29 09:21:01 +01:00
Stephan Aßmus
260ca2c5a5
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00
Kevin Hudemann
6c2f8365c1
WhiteSource: Remove performance-tests from default maven excludes (#2176) 
This change fixes an issue with the default maven excludes where the step would fail when performance tests are present in the project, but are not a module in the root pom. In addition, it provides a small fix of a method where a wrong path was passed to an error.
 2020-10-15 08:08:00 +02:00
Stephan Aßmus
ed97142f6d
Pass correct module path to npm.InstallAllDependencies() (#2144) 
We are already in the module's directory.
 2020-10-09 08:33:36 +02:00
Stephan Aßmus
54ea3ed51a
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) 
Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
 2020-09-29 12:44:31 +02:00
Stephan Aßmus
33e6e13787
Refactor whitesourceExecuteScan, fix polling, error handling (#2036) 2020-09-18 11:54:45 +02:00