jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
Code Issues Releases Activity
4,771 Commits 354 Branches 457 Tags 1.5 GiB
38fa25795a
Commit Graph

15 Commits

Author SHA1 Message Date
Andrei Kireev
49f4c81344
Add new unified fields to Mend and Blackduck SARIF (#4611) 
* Add new unified fields to Mend and Blackduck SARIF

* fmt project

---------

Co-authored-by: Dmitrii Pavlukhin <dmitrii.pavlukhin@sap.com>
 2023-10-17 11:48:52 +02:00
Jordi van Liempt
0ba4c2206c
chore(deps): Replace io/ioutil package (#4494) 
* update all deprecated ioutil usages

* forgotten changes

* add missing imports

* undo changing comment

* add missing 'os' import

* fix integration test

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
 2023-08-16 12:57:04 +02:00
Dmitrii Pavlukhin
ef98a4351f
Unification of audit status in blackduck sarif (#4450) 
* added unified status value

* added-unified-status

* added-unified-status

* added-unified-status
 2023-07-12 14:22:19 +02:00
Jk1484
ffc931aad1
feat(golangBuild): use 'unit' build tag to include tests during test execution (#4345) 
* Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files.

* Added unit build tag to all unit test files.

* added to new unit test unit build tag

* Update verify-go.yml

* small fix

---------

Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
 2023-05-03 21:02:11 +05:00
Andrei Kireev
4098e70742
Added audit information in Sarif file in detectExecuteStep (#4198) 
* Added audit information in sarif file in blackduck step
---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2023-02-07 17:02:28 +01:00
Andrei Kireev
121d527c0b
fix(detectExecuteScan): Fix issues with the sarif file (#4100) 
* fix(detectExecuteScan): Fix issues with the sarif file

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2022-12-01 14:17:53 +05:30
Sven Merk
e8ba1b043d
Fix(detectExecuteScan): rework struct methods to meet interface requirements (#4048) 
* Fixed struct methods to meet interface requirements

* Fix test and ruleID

* Small adjustments

* Readability of code

* Added testcases

* Code rework

* Fix fmt

* Mod

* Fix taxonomy

* Fix ruleIndex

* Fix taxonomies

* Fix format

* Remove name

* Fix Fortify and Checkmarx SARIF

* Fix fmt, address comments

* Addressing comments

* Fix fmt
 2022-10-10 10:06:20 +02:00
Sven Merk
c81e741224
Refinement of SARIF generation for BD and WS (#3942) 
* Fix docs and format

* Assessment format added

* Added sample file

* Added parsing

* Added packageurl implementation

* Slight refinement

* Refactored assessment options

* Adapted sample file

* First attempt of ws sbom gen

* Reworked SBOM generation

* Fix test code

* Add assessment handling

* Update dependencies

* Added golden test

* Small fix

* feat(fortify): Added a check for fortify binary in $PATH (#3925)

* added check for fortifyupdate and sourceanalyzer bin

Co-authored-by: sumeet patil <sumeet.patil@sap.com>

* Modify SARIF

* Enhanced SARID contents

* Small refinement for hub detect

* Small adjustments

* Extend SARIF contents

* Consistency to Mend part

* Fix tests

* Fix merge

* Fix test

* Add debug log, enhance output

* Enhance meta info

* Fix libType for node

* Fix log entry

* Fix pointers and test

* Fix test

* Fix library types

* Fix test

* Extend libType mappings

Co-authored-by: Vinayak S <vinayaks439@gmail.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2022-08-11 13:12:14 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues (#3924) 
* feat: improve vulnerability reporting via GitHub issues

* feat: update reports

* chore: add tls cert links

* only write log on error

* chore: update formatting

* chore: update handling of direct dependencies

* chore: fix linting issue

* chore: minor updates
 2022-08-02 08:26:26 +02:00
Giridhar Shenoy
e6115a54b2
detectExecuteScan : Bug fix : Dont consider ignored components (#3867) 
* fix project version limiting issue

* add tests for detectExecute

* fix bug with vuln count

* adjust unit tests

* update documentation for detect versions
 2022-07-11 10:50:31 +02:00
Giridhar Shenoy
fe9b3a796b
detectExecuteScan: fix project version limiting api call (#3754) 
* fix project version limiting issue

* add tests for detectExecute
 2022-05-05 09:58:43 +02:00
Sven Merk
f06890a9b2
SARIF format and GHIssue format improvements (#3646) 
* Improve reporting

* Fix location

* Align casing

* Fix severity mapping

* Fix format

* Improve title

* Title format

* Fix severity

* Align title

* Fix schema reference

* Fix schema reference

* Fix fmt

* Fix fmt2

* Fix tests

* fix(sarif): proper handling of omitempty in SnippetSarif

* fix(fortifyExecuteScan): sarif format version

* Addressing comments

* Fix SARIF

* fix(sarif): omitempty handling

* fix(fortifyExecuteScan): pointer indirection

* Added TODOs for audit data

Co-authored-by: Xavier Goffin <x.goffin@sap.com>
Co-authored-by: xgoffin <86716549+xgoffin@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2022-03-22 14:47:19 +01:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) 
* Added SARIF and GH issue creation
 2022-03-17 15:32:48 +01:00
Giridhar Shenoy
b92e7f699c
detectExecuteScan : Policy reports in HTML, JSON and for cumulus (#3057) 
* add policy status reports

* add policy status and cumulus json

* update projectver link + test

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2021-09-07 17:17:03 +02:00
Giridhar Shenoy
4aa59dbdcb
Move BlackDuck API helper to OS version (#3008) 
* feat(detectExecuteScan): generate ip result json

json will currently only be created in success cases.

No information about policy violation details available in the step yet.

* update report name

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* move blackduck api package

* fix broken unit test

* added tests for new api calls

Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-08-02 11:18:58 +02:00