1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

32 Commits

Author SHA1 Message Date
xgoffin
c35d85fecc
feat(SARIF): ContextRegion is now a pointer, can be omitted. In checkmarxExecuteScan: threadflows now added, only first location saved (#3844) 2022-06-22 08:54:24 +02:00
xgoffin
0457601efd
feat(sarif): add GUID as part of properties, change ruleID (#3838) 2022-06-17 08:53:44 +02:00
xgoffin
c11110d791
feat(sarif): add a "conversion" object to SARIF files (#3837)
* feat(fortifyExecuteScan): add conversion object

* feat(checkmarxExecuteScan): add conversion object
2022-06-16 15:24:23 +02:00
xgoffin
5edb0d2566
feat(fortifyExecuteScan): implement a system to limit the number of API calls upon request failures (#3818)
* feat(fortifyExecuteScan): add a max number of retries for API calls in SARIF conversion

* feat(checkmarxExecuteScan): implement max number of retries on API call for descriptions in SARIF processing

* feat(checkmarx/fortify): extra logging line when failing an API request in SARIF conversion

* fix(fortifyExecuteScan): panic if undefined projectversion in sarif

* fix(fortifyExecuteScan): logging improvement

* fix(fortifyExecuteScan): wrong if condition caused crash

* fix(fortifyExecuteScan): do not log if retries hit -1, adjust logging

* fix(SARIF): commenting API calls for Checkmarx until a solution can be found for the API issues

* feat(SARIF): add omitempty to extensions
2022-06-09 10:32:08 +02:00
xgoffin
903f273012
feat(checkmarxExecuteScan): added API to get description, incorporated to SARIF file (#3814) 2022-06-01 15:48:56 +02:00
Philipp Stehle
17ed9468cb
replace depreacted strings.Title function (#3786) 2022-05-20 18:50:03 +02:00
xgoffin
1fde2ce677
feat(checkmarxExecuteScan): improvements to SARIF file generation (#3781)
* feat(checkmarxExecuteScan): respect SARIF standard more closely

* fix(checkmarxExecuteScan): edge case where message would be empty in SARIF

* fix(checkmarxExecuteScan): better message handling to ensure field is populated

* feat(checkmarxExecuteScan): SARIF file readability

* feat(checkmarxExecuteScan): include the helpURL as part of the Help object

* fix(sarif): remove wrong structure addition

* feat(checkmarxExecuteScan): safer handling of version in SARIF file

* feat(checkmarxExecuteScan): add CWE number to tags
2022-05-19 14:57:13 +02:00
Adrien
3d48364862
Fix project config reset when preset is set (#3782) 2022-05-18 17:10:00 +02:00
xgoffin
0696db5e0d
feat(sarif): logging improvements (#3727)
* fix(fortifyExecuteScan): check audit data length in all cases

* fix(fortifyExecuteScan): check audit data length in all cases

* feat(SARIF): logging improvements in debug mode

* fix(logging): readability

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-04-26 12:34:54 +02:00
xgoffin
3c55d3c99c
feat(checkmarxExecuteScan): convert Checkmarx xml report to SARIF (#3696)
* feat(checkmarxExecuteScan): sarif conversion for Checkmarx XML reports

* feat(checkmarxExecuteScan): added taxonomies and similarityID

* fix(checkmarxExecuteScan): proper handling of ruleId and ruleIndex

* fix(sarif): mistype in checkmarx properties

* fix(checkmarxExecuteScan): fixed occasional panics when handling audit comment

* chore(sarif): proper variable naming

* chore(code): fix missing and unrecognized comments

* trigger PR

* fix(format): extra space

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-04-04 16:12:35 +02:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637)
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
Adrien
a73951909b
checkmarxExecuteScan fixes (#3540)
* Fix FilterByTeamName and LoadExistingProject

* Fix project name loop

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-02-28 14:22:47 +01:00
thtrinh
d86cfce6e6
Checkmarx json report (#3565)
* feat(checkmarx) : Checkmarx JSON Report

* Test cases with some fix

* Information total and audited test assertions

* feat(checkmarx): align total/audited with existing calculation

* fix(checkmarx): Reporting unit test

Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-25 14:20:36 +01:00
Umidjon Urunov
53225b958f
protecodeExecuteScan -> file upload has been extended for "binary" uploads (#3156)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* protecodeExecuteScan :: fixing file upload for binaries

* protecodeExecuteScan :: fixing protecode generate file

* Fix upload test

* protecodeExecuteScan -> fixing tests

Co-authored-by: D072410 <giridhar.shenoy@sap.com>
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-10-21 10:03:42 +02:00
Sven Merk
86e8125279
feat(checkmarxExecuteScan): Improve cx report (#2991)
* Improve checkmarx report

* Fix test and fmt

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-09-15 09:45:56 +02:00
Sven Merk
3e7595920f
feat(protecodeExecuteScan): Add protecode report (#2981)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text

* Add protecode report

* Fix fmt

* Add error handling
2021-07-12 12:20:25 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization (#2976)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text
2021-07-09 10:19:42 +02:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements (#2171)
* update data type of influx measurements

* Update checkmarx.yaml

* pick changes from #1885 for testing

* update generated code

* update to new datatype

* adjust to type changes

* change back to string type

* Update fortifyExecuteScan.go

* add typo to be backward compatible

* change type to int for files_scanned and lines_of_code_scanned

* add typo

* add measurements to whitesource

* update generated sources

* adjust test cases

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 16:00:53 +01:00
Sven Merk
2511ec9cea
fix backslash mess (#2428) 2020-11-26 11:22:54 +01:00
Sven Merk
26af83b1fc
Add slash backslash compatibility (#2425)
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-11-26 09:18:01 +01:00
Sven Merk
5d1782aa01
checkmarxExecuteScan: adapt to 9.2 api (#2363)
* Update checkmarxExecuteScan.go

* api mods

* Switch default

* Fix decode

* mod marshalling

* Fix unmarshalling

* Code fmt and small fix

* Optimize preset handling

* Integer handling

* Fix test

* cleanup

* go fmt

* Improve test
2020-11-25 13:47:26 +01:00
Sven Merk
c204abb9cf
checkmarxExecuteScan: Relax timeout (#2265) 2020-10-29 18:03:22 +01:00
Oliver Nocon
2e3cf7d97e
checkmarxExecuteScan: hide token in debug mode (#2173) 2020-10-13 15:45:30 +02:00
Sven Merk
fae01c9cd7
Avoid nil reference access (#2138)
* Avoid nil reference access

* Fix code
2020-10-07 22:02:02 +02:00
Oliver Nocon
0fb7ee5488
fix: Checkmarx project creation (#2112)
* fix : allow creation of Checkmarx projects

* checkmarx: fix project creation

* do not swallow error

* fix preset error handling
2020-10-05 08:16:18 +02:00
Oliver Nocon
15b3957137
checkmarxExecuteScan: update error handling (#2084)
* checkmarxExecuteScan: update error handling

* Update cmd/checkmarxExecuteScan.go

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>

* include PR feedback

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-09-29 09:23:31 +02:00
Christopher Fenner
b219fb6514
fix(typo): found by misspell (#2064)
* fix typos in step yamls

* fix typos in go files

* regenerate step code

* fix typos in md files

* fix typos in groovy files

* fix further typos
2020-09-24 07:41:06 +02:00
Sven Merk
1fe94680df
checkmarxExecuteScan: Fix parameter handover (#1888)
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-08-06 11:32:29 +02:00
Sven Merk
af2a01c064
Fortify implementation in golang (#1428) 2020-05-25 19:48:59 +02:00
Stephan Aßmus
804bd8e3e0
http.go: Set fine-grained timeouts (#1257)
* Replace the default maximum request deadline with a default timeout on the transport level.
* Keep the possibility to set a maximum request deadline.
2020-03-23 15:02:22 +01:00
Sven Merk
1417f4650a
Small cleanup (#1159) 2020-02-06 14:22:58 +01:00
Sven Merk
cbe368fe36
Checkmarx as golang (#1075)
* Added base functionality for checkmarx interaction

* Extend http client with file upload capabilities

* Latest changes

* Add debug logging

* Introduce Uploader interface

* Add tests for checkmarx client

* Hook new checkmarx command

* Improve coverage

* Add tests

* Improved test coverage and fixed code

* Add influx reporting

* Add alternation capabilities

* Add groovy step

* Try fix cmd

* Enhancements

* Fix report generation

* Final performance improvements

* Fix code

* Structure code, cleanup

* Improvements

* Fix codeclimate issue

* Update groovy

* Adapt latest changes to http

* Fix test

* Fix http tests

* Fix test

* Fix test

* Fix test 2

* Fix code

* Fix code 2

* Fix code

* Code

* Fix

* Fix

* Add report and link handling

* Fix returns, add groovy test

* Review comments

* Added doc template

* Docs update

* Remove SAP internals

* Better status display

* Add name to link

* Fix test

* Fix

* Fix verbose handling

* Fix verbose handling 2

* Fix verbose handling 3

* Fix

* Tiny improvements

* Regenerate

* Fix test

* Fix test code

* Fix verbosity issue

* Fix test

* Fix test

* Fix test
2020-01-27 23:40:53 +01:00