1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

27 Commits

Author SHA1 Message Date
ffeldmann
e9d8175c9b
Adds retry mechanism for whitesource in case the download of the unified agent or JRE fails (#2961) 2021-07-13 20:36:36 +02:00
ffeldmann
6671afb909
(feat) adds error logging output for downloading reports from whitesource (#2928) 2021-06-21 13:36:08 +02:00
ravikumarsinghshankarsingh
cac7f2e904
"ignoreSourceFiles" parameter removed from general section and added … (#2814)
* "ignoreSourceFiles" parameter removed from general section and added to specific build tool section

* Update configHelper_test.go

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-05-19 14:57:49 +02:00
Oliver Nocon
5899746767
chore: update error categories (#2827) 2021-05-10 17:44:28 +02:00
pkrasnousov
e9464b2594
feat(whitesourcescan): add param workDir to whitesourcescan (#2791)
* Add dir to whitesource scan

* Add default for "dir" option

* Change param name to workDir

* Change param name WorkDir to ScanPath

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-05-03 10:53:16 +02:00
Oliver Nocon
b9cd425091
fix(whitesource) proper error message when tokens are not found (#2786) 2021-04-23 11:33:10 +02:00
Sven Merk
2af512e12e
Update configHelper.go (#2768) 2021-04-19 12:01:24 +02:00
Oliver Nocon
d04a7c2eb3
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743)
* feat(pipelineCreateScanSummary) Create groovy wrapper

* add command to binary

* stash step reports

* update stash

* fix typo

* unstash reports first

* update reporting

* update json reporting

* update tests & enhance logging

* update md report

* update md reporting

* fix rendering

* update tests
2021-04-15 07:45:06 +02:00
Oliver Nocon
0696f64ecd
feat(whitesourceExecuteScan) allow custom maven arguments (#2735)
* feat(whitesourceExecuteScan) allow custom maven arguments

* remove comment

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-04-01 14:17:15 +02:00
Sven Merk
dfe9cb6149
Add capability for yarn scanning (#2716)
* Add capability for yarn scanning

* Update whitesource.yaml

* Update configHelper.go

* Add newly generated impl
2021-03-24 16:33:32 +01:00
ravikumarsinghshankarsingh
500556488d
Update configHelper.go (#2687)
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-19 16:17:46 +01:00
Oliver Nocon
c077cdd733
fix(whitesourceExecuteScan) get full list of projects (#2672)
* fix(whitesourceExecuteScan) get full list of projects

* update doc
2021-03-08 17:01:18 +01:00
Oliver Nocon
4f9eff2303
fix(whitesourceExecuteScan) npm modules only (#2670)
do not fail step in case mta contains only node modules.
No pom.xml required then.

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-03-04 10:38:57 +01:00
Oliver Nocon
1581f941b1
fix(whitesource): remove parameters from scan call (#2651)
* fix(whitesource): remove parameters from scan call

parameters are forced into the config thus they don't need to be passed again.

* add proper project to config
2021-02-25 13:16:48 +01:00
Oliver Nocon
2df2771734
fix(whitesourceExecuteScan) correctly handle structured projects (#2597)
* fix(whitesourceExecuteScan) correctly handle structured projects

report file names of projects which had a structure in the name
like `@test/myProject ` were incorrectly handled

This now prevents that reports are targeted to a sub directory.
Structure is now part of the filename.

* fix CodeClimate finding
2021-02-11 19:39:59 +01:00
Oliver Nocon
d47a17c8fc
feat(whitesource): consolidated reporting and versioning alignment (#2571)
* update reporting and add todo comments

* enhance reporting, allow directory creation for reports

* properly pass reports

* update templating and increase verbosity of errors

* add todo

* add detail table

* update sorting

* add test and improve error message

* fix error message in test

* extend tests

* enhance tests

* enhance versioning behavior accoring to #1846

* create markdown overview report

* small fix

* fix small issue

* make sure that report directory exists

* align reporting directory with default directory from UA

* add missing comments

* add policy check incl. tests

* enhance logging and tests

* update versioning to allow custom version usage properly

* fix report paths and golang image

* update styling of md

* update test
2021-02-10 16:18:00 +01:00
Stephan Aßmus
d41d7bfbac
Force WS Project update for mvn plugin (#2575)
In case of policy violations, the scan is failed and default behavior is to not update the project in the WS system.
See docs at https://whitesource.atlassian.net/wiki/spaces/WD/pages/33914890/Maven+Plugin.
Since this is inconvenient and we also changed the behavior already for NPM, we force the update.
2021-02-04 09:17:48 +01:00
Oliver Nocon
a104b2a06d
feat(whitesourceExecuteScan): UA for all build tools, e.g. maven & npm (#2501)
* feat(whitesource): add config helper

this helps to ease & enforce config settings

* fix accidential change of class

* add todos wrt java download

* use existing scanOptions, add option to download jre

* update generation

* fix generation

* allow running UA via go library

* correct image, improve logging

* add removal of downloaded JVM

* update java creation and deletion

* refactor and add log output

* remove obsolete ToDo

* increase test coverage

* increase test coverage

* adding aliases and tests

* make go modules as default

* maven: update behavior of projectNaming

* add Docker capabilities

* correct parameter name

* retrieve Docker coordinates

* docker coordinates only to provide artifact

* add ToDos

* add mta capability

* add aliases, mvn arguments for settings

* clean up groovy part

* update defaults

* add container for pip

* add defaults, add maven specifics, ...

* properly download settings

* maven: check existence of excluded files

* fix reporting

* Update CommonStepsTest.groovy

* update comment

* fix CodeClimate finding

* add tests for pip & fix minor issues

* fix order of pip build descriptors

* update pip container options

* fix pip virtualEnv parameter

* update report permissions

* fix test

* update container options

* add use fileUtils to load properties file

* update parameter description

* adding Docker scanning defaults

* clean up configHelper

* consider also npm tool cache

* add todos
2021-02-03 14:52:48 +01:00
Stephan Aßmus
2f444be997
WhiteSource: Force update of project when "checkPolicies" failed (#2401)
* Force update of WS project
* Refactor file filtering to avoid duplicated code
2020-11-26 11:45:53 +01:00
Daniel Kurzynski
9a18489cc4
Refactor maven utils and add tests for install artifacts (#2318)
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-11-10 17:14:55 +01:00
Stephan Aßmus
eff38f6c9d
whitesourcExecuteScan-go: Additional fixes (#2315)
* Make sure the UA scan is known to the scan object. Fixes downloading reports later on.
* Move polling into pkg/whitesource, add test for e2e scan
* Remove conditions from stash config resource
* Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 09:09:51 +01:00
Daniel Kurzynski
a2656a5f71
Install artifacts before whitesource scan (#2280) 2020-10-30 15:05:14 +01:00
Stephan Aßmus
86f335811c
whitesourceExecuteScan-go: Implement parameters "timeout", "createProductFromPipeline" (#2246) 2020-10-29 09:21:01 +01:00
Stephan Aßmus
260ca2c5a5
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00
Stephan Aßmus
33e6e13787
Refactor whitesourceExecuteScan, fix polling, error handling (#2036) 2020-09-18 11:54:45 +02:00
Jordan Levin
34967c502c
Whitesource scan (MVP) (#1658)
* Whitesource MVP for Gradle, Golang, and NPM/Yarn

* Refactoring

* Refactor and cleanup, better error checking

* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support

* Run gofmt and cleanup comments

* Resolve PR comments

* Update resources/metadata/whitesource.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Only determine project coordinates if they are missing

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>

* Gradle versioning artifact

* fix gradle artifact version regexp and refactor

* Fix token extraction from output buffer

* Fix some issues with pip and jsonfile versioning logic

* Remove useless spacing

* Remove unnecessary test file and fix naming style for JSONDescriptor

* Automatically download wss-unified-agent if file does not exist

* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring

* adds config.ReportDirectoryName, improves readability

* Version-wide reporting for vulnerabilities and list of libraries.

* Refactor and improve build accuracy

* fix sed command

* Add includes file pattern config option

* Adds --exclude command line flag

* run go mod tidy and regenerate step framework

* Fix unit tests

* revert changes

* poll project status before downloading reports

* merge with master

* go mod tidy, go fmt, and fix whitesource unit test

* sync go.mod

* sync go.mod again

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-01 07:54:13 +02:00
Oliver Nocon
243d196283
Add package for whitesource (#1577) 2020-05-26 17:30:45 +02:00