* forcing the urls finder to relaxed
* adding a classifier map
* passing the stepName to the kaniko command executor bundle
* pass stepName to maven utils for mavenBuild
* improve enabling of Maven access log generation
* Revert "improve enabling of Maven access log generation"
This reverts commit 80b77223cd.
* Revert "pass stepName to maven utils for mavenBuild"
This reverts commit a4f99ae160.
* use reflection to update command stepName for mavenBuild
* Revert "use reflection to update command stepName for mavenBuild"
This reverts commit ef85c78669.
---------
Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
* enhancing protecode with registry credentials
* Use protecodeUtils instead of separate package
* Add target path for docker config to be created
* Fix tests
* Fix build flags
---------
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
---------
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
---------
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
* Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files.
* Added unit build tag to all unit test files.
* added to new unit test unit build tag
* Update verify-go.yml
* small fix
---------
Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* adding a timeout for helm test
* extending test cases
* Upadate the helmTestWaitSeconds parameter
* Add timeout parameter for helm test command
* Update tests
---------
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
* add ascAppUpload step
add step that uploads an app binary to Application Support Center (ASC)
* re-run go generate
* fix typo in CODEOWNERS
* Update CODEOWNERS
* it test
* transfer credentials
* Change parameter type of nodeExtDescriptorMapping
* Extend test
* Fix unit test
* Remove usage of the depricated ioutil package
* Fix cmd failure if neither git/commitId nor customDescription are
provided
* Extend test
* Add TMS test to the job matrix
* Map env. variable
* Remove usage of the env. TMS_UPLOAD_IT_KEY
* remove os
* update test
* use os.Gerenv
* test fix
* Update integration-tests.yml
* env mapping in it pr workflow
* print tmsServiceKey
* read env with upper case
* Update integration-tests.yml
* Update integration-tests.yml
* Update integration-tests-pr.yml
* Delete cover.out
* Remove TMS service key from environment in integration test workflow job
* Extend integration tests
* Revert change parameter type of nodeExtDescriptorMapping
* Extend tests
* Extend tests
* Remove unused method
* Change default TR description
* Add check for custom description
* Remove personal data from MTARs
* Register client secret to log as secret
* Move RegisterSecret to earlier point in runtime
* RegisterSecret for encodedUsernameColonPassword
* Update integration/integration_tms_upload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Use one test data directory
* Add a negative test
* fix config file name
---------
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Adding new query configuration parameter for gCTS Piper steps
* Add skipSSLVerification parameter to gCTSExecuteQualityChecks
* Add skipSSLVerification to gCTSDeploy
* Add SkipSSLVerification for pull by commit
* Add SkipSSLVerification to rollback
* Add SkipSSLVerification parameter to rollback
* Handling maximum number of charachter for the queryParameter
* Remove extra new lines in yaml files
* Add new line yaml files
* Increase docker image version
* Add --wait
* Test
* Adapt to new cf cli
* Parse both for cf cli v8 and v7
* Remove input
* Adapt to feedback
* Check for nil error
* fix(Fortify):simplify plain text .sarif and gzip the complete result
* fix(Fortify):no longer add snippet text to .sarif to reduce file size (still keep end/start lines)
* fix: formatting
* fixes change in protecode for cvss from float to string
* Fixes protecode json files with new string format for cvss
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
* Fix logic for engineConfigurationID
Use the project-level value if no value is defined in the piper config.
Remove the default value of 1 for engineConfigurationID.
* Add the OS agnostic way of installing golangci-lint
* Fix
* Clean up
* Modify unit tests
* Rename downloaded archive
* Refactor
* Expose golangci-lint url as a parameter
* Clean up
* Rename parameter
* Update mock
* Fix golangci-lint version
* Improved Error Handling
* correct error
* error format derective
* missing +
* correct format
* correct format 2
* format 3
* format
* combining - if err
* format
* format
* format
* format
* format
* format
* corr. lint
* format
* format
Co-authored-by: Daniel Bernd <93763187+danManSAP@users.noreply.github.com>
* refactor: rebranding
rebranding from SAP Cloud Platform to SAP BTP
* refactor: rebranding from SCP to BTP
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* improved failOnSeverity Handling & Messaging
* variable correct
* Unit Test adapt
* more Unit Tests
* remove space
* function rename
* Unit Test
* stack trace like Error Output using errors.Errorf
* remove space
* remove fmt import as not used
* remove error-wrapping directive %w
* formatting directives %v for errors.Errorf
Co-authored-by: Daniel Bernd <93763187+danManSAP@users.noreply.github.com>
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* correct type cast for tomarkdown and title
* commenting kaniko create multi bom test case
* removing mocked file
Co-authored-by: anilkeshav27 <you@example.com>
* escape value in json
* delete old code
* replace complete parsing by json.Marshal
* delete old code and add header
Co-authored-by: rosemarieB <45030247+rosemarieB@users.noreply.github.com>
* Add new default
* Revert "Add new default"
This reverts commit c9c3ae2e80.
* Change config to have default
* Revert "Change config to have default"
This reverts commit e65517457f.
* Add method
* Add space to match
* Add cf native test
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* protecodeExecuteScan -> Added authentication with user API key
* protecodeExecuteScan -> updating .yml file
* protecodeExecuteScan -> go generate fixed
* protecodeExecuteScan -> naming convention applied for UserAPIKey parameter
* protecodeExecuteScan -> extending groovy code for mapping jenkins credentials
Co-authored-by: D072410 <giridhar.shenoy@sap.com>
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* add minscaninterval parameter
* update detectExec
* removed a single trailing space which caused a lint failure
* Add test case
* Ensure unmap is false
* fix test case
* update format of param value
