Andrei Kireev
27a3e687a5
Fix issue with not generating sarif file when projectName was specified ( #4199 )
...
* Fixed bug in generating sarif file in whitesource step
---------
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-02-07 16:10:21 +01:00
Vyacheslav Starostin
8071337a44
fix(whitesourceExecuteScan): respect versioning model and custom scan version ( #4187 )
...
* Test
* Test
* Test
* Respect customScanVersion if filled
* Add test case
* Clean up
* Respect versioningModel
* Add test case
* Clean up
* Clean up
2023-01-16 23:14:33 +06:00
Oliver Nocon
a2815c4567
fix(whitesourceExecuteScan): properly handle policy violations ( #4089 )
...
* fix(whitesourceExecuteScan): properly handle policy violations
* update files
* update formatting
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 11:16:07 +01:00
Sven Merk
ea04a63412
fix(whitesourceExecuteScan): Fix processing of assessment ( #4059 )
...
* Fix potential nil reference
* Fix handling of assessed vulns
* Fix test code
* Add error detail
* Fix parsing
* Adding debug output
* Fix nil reference
* fix
* Add debug
* Update cmd/whitesourceExecuteScan.go
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Update cmd/whitesourceExecuteScan.go
* Update cmd/whitesourceExecuteScan.go
* Fix fmt
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 10:34:02 +00:00
Sven Merk
c81e741224
Refinement of SARIF generation for BD and WS ( #3942 )
...
* Fix docs and format
* Assessment format added
* Added sample file
* Added parsing
* Added packageurl implementation
* Slight refinement
* Refactored assessment options
* Adapted sample file
* First attempt of ws sbom gen
* Reworked SBOM generation
* Fix test code
* Add assessment handling
* Update dependencies
* Added golden test
* Small fix
* feat(fortify): Added a check for fortify binary in $PATH (#3925 )
* added check for fortifyupdate and sourceanalyzer bin
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
* Modify SARIF
* Enhanced SARID contents
* Small refinement for hub detect
* Small adjustments
* Extend SARIF contents
* Consistency to Mend part
* Fix tests
* Fix merge
* Fix test
* Add debug log, enhance output
* Enhance meta info
* Fix libType for node
* Fix log entry
* Fix pointers and test
* Fix test
* Fix library types
* Fix test
* Extend libType mappings
Co-authored-by: Vinayak S <vinayaks439@gmail.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-11 13:12:14 +02:00
Sven Merk
b3f37650a2
SBOM creation for Mend ( #3934 )
...
* Fix docs and format
* Assessment format added
* Added sample file
* Added parsing
* Added packageurl implementation
* Slight refinement
* Refactored assessment options
* Adapted sample file
* First attempt of ws sbom gen
* Reworked SBOM generation
* Fix test code
* Add assessment handling
* Update dependencies
* Added golden test
* Small fix
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests ( #3943 )
...
* chore: cleanup reporting & some incorrect file usage in tests
* cleanup interface
* chore: remove comment
* preserve error handling
* Rename FileUtils.go to fileUtils.go
* clean up formatting
* chore: address static check findings
* fix brittle test
* chore: cleanup formatting
2022-08-09 10:57:02 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues ( #3924 )
...
* feat: improve vulnerability reporting via GitHub issues
* feat: update reports
* chore: add tls cert links
* only write log on error
* chore: update formatting
* chore: update handling of direct dependencies
* chore: fix linting issue
* chore: minor updates
2022-08-02 08:26:26 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues ( #3878 )
...
* chore: fix linting issues
* add more fixes
* correct formatting
* Delete depl.yaml
2022-07-21 09:04:21 +02:00
Oliver Nocon
890c437c3f
fix(whitesourceExecuteScan): failOnSevereVulnerabilities ( #3894 )
...
* fix(whitesourceExecuteScan): failOnSevereVulnerabilities
failOnSevereVulnerabilities has not been considered properly for security vulnerabilities.
* chore: remove comment
* chore: update formatting
2022-07-18 14:36:29 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities ( #3889 )
...
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.
This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation ( #3637 )
...
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
Christian Volk
421168a169
fix(whitesourceExecuteScan): docker image download if dockerConfigJSON is set in vault ( #3591 )
...
Co-authored-by: ffeldmann <f.feldmann@sap.com>
2022-02-28 13:57:23 +01:00
Sven Merk
a1988f6808
feat(whitesourceExecuteScan): GitHub issue creation + SARIF ( #3535 )
...
* Add GH issue creation + SARIF
* Code cleanup
* Fix fmt, add debug
* Code enhancements
* Fix
* Added debug info
* Rework UA log scan
* Fix code
* read UA version
* Fix nil reference
* Extraction
* Credentials
* Issue creation
* Error handling
* Fix issue creation
* query escape
* Query escape 2
* Revert
* Test avoid update
* HTTP client
* Add support for custom TLS certs
* Fix code
* Fix code 2
* Fix code 3
* Disable cert check
* Fix auth
* Remove implicit trust
* Skip verification
* Fix
* Fix client
* Fix HTTP auth
* Fix trusted certs
* Trim version
* Code
* Add token
* Added token handling to client
* Fix token
* Cleanup
* Fix token
* Token rework
* Fix code
* Kick out oauth client
* Kick out oauth client
* Transport wrapping
* Token
* Simplification
* Refactor
* Variation
* Check
* Fix
* Debug
* Switch client
* Variation
* Debug
* Switch to cert check
* Add debug
* Parse self
* Cleanup
* Update resources/metadata/whitesourceExecuteScan.yaml
* Add debug
* Expose subjects
* Patch
* Debug
* Debug2
* Debug3
* Fix logging response body
* Cleanup
* Cleanup
* Fix request body logging
* Cleanup import
* Fix import cycle
* Cleanup
* Fix fmt
* Fix NopCloser reference
* Regenerate
* Reintroduce
* Fix test
* Fix tests
* Correction
* Fix error
* Code fix
* Fix tests
* Add tests
* Fix code climate issues
* Code climate
* Code climate again
* Code climate again
* Fix fmt
* Fix fmt 2
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-23 09:30:19 +01:00
Oliver Nocon
f431054b6f
feat(WhiteSource): consume credentials from cpe ( #3206 )
...
* feat: func for Docker config.json
Provide re-use function to create/update Docker conifg.json
* add comment
* update WhiteSource step
* fixes and additional tests
2021-11-15 07:48:40 +01:00
Christian Volk
eee3c2302b
feat(whitesourceExecuteScan): evaluate dockerConfigJSON from pipeline… ( #3185 )
...
* feat(whitesourceExecuteScan): evaluate dockerConfigJSON from pipeline environment
* Update cmd/whitesourceExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-10-25 09:07:46 +02:00
ffeldmann
3f6eb603c7
Error logging ( #2947 )
...
* (feat) adds error logging output for downloading reports from whitesource
* Extended error logging with errors.Wrapf()
* Adjusted whitesource tests
2021-06-30 11:11:41 +02:00
Johannes Schneider
c22e0a1f0e
[WhitesourceExecuteScan] Fix Inconsistencies in Aggregated Report ( #2872 )
...
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2021-06-09 15:56:56 +02:00
Oliver Nocon
d04a7c2eb3
feat(pipelineCreateScanSummary) Create groovy wrapper ( #2743 )
...
* feat(pipelineCreateScanSummary) Create groovy wrapper
* add command to binary
* stash step reports
* update stash
* fix typo
* unstash reports first
* update reporting
* update json reporting
* update tests & enhance logging
* update md report
* update md reporting
* fix rendering
* update tests
2021-04-15 07:45:06 +02:00
Oliver Nocon
9b6a8cb3b6
feat(whitesource): create json report ( #2699 )
...
* feat(withesource): create json report
* proper constant value
* update generation
2021-03-19 11:10:08 +01:00
Oliver Nocon
2048c00d2c
whitesource: use only Unified Agent for scanning ( #2707 )
...
don't use native build-tool specific plugins any longer.
They have been deprecated by WhiteSource mid 2019 already.
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-03-19 09:58:24 +01:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements ( #2171 )
...
* update data type of influx measurements
* Update checkmarx.yaml
* pick changes from #1885 for testing
* update generated code
* update to new datatype
* adjust to type changes
* change back to string type
* Update fortifyExecuteScan.go
* add typo to be backward compatible
* change type to int for files_scanned and lines_of_code_scanned
* add typo
* add measurements to whitesource
* update generated sources
* adjust test cases
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 16:00:53 +01:00
Oliver Nocon
d47a17c8fc
feat(whitesource): consolidated reporting and versioning alignment ( #2571 )
...
* update reporting and add todo comments
* enhance reporting, allow directory creation for reports
* properly pass reports
* update templating and increase verbosity of errors
* add todo
* add detail table
* update sorting
* add test and improve error message
* fix error message in test
* extend tests
* enhance tests
* enhance versioning behavior accoring to #1846
* create markdown overview report
* small fix
* fix small issue
* make sure that report directory exists
* align reporting directory with default directory from UA
* add missing comments
* add policy check incl. tests
* enhance logging and tests
* update versioning to allow custom version usage properly
* fix report paths and golang image
* update styling of md
* update test
2021-02-10 16:18:00 +01:00
Stephan Aßmus
eff38f6c9d
whitesourcExecuteScan-go: Additional fixes ( #2315 )
...
* Make sure the UA scan is known to the scan object. Fixes downloading reports later on.
* Move polling into pkg/whitesource, add test for e2e scan
* Remove conditions from stash config resource
* Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 09:09:51 +01:00
Oliver Nocon
26cfbf7357
fix(whitesourceExecuteScan) properly handle output resources ( #2266 )
...
* fix(whitesourceExecuteScan) properly handle output resources
* fix merge issues
* add required aliases
* update generation
* fix reading custom and container environment parameters from cpe
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-11-02 08:51:58 +01:00
Stephan Aßmus
86f335811c
whitesourceExecuteScan-go: Implement parameters "timeout", "createProductFromPipeline" ( #2246 )
2020-10-29 09:21:01 +01:00
Stephan Aßmus
260ca2c5a5
whitesourceExecuteScan: Re-organize code between step and whitesource package ( #2207 )
2020-10-20 09:49:26 +02:00
Kevin Hudemann
6c2f8365c1
WhiteSource: Remove performance-tests from default maven excludes ( #2176 )
...
This change fixes an issue with the default maven excludes where the step would fail when performance tests are present in the project, but are not a module in the root pom. In addition, it provides a small fix of a method where a wrong path was passed to an error.
2020-10-15 08:08:00 +02:00
Stephan Aßmus
ed97142f6d
Pass correct module path to npm.InstallAllDependencies() ( #2144 )
...
We are already in the module's directory.
2020-10-09 08:33:36 +02:00
Stephan Aßmus
54ea3ed51a
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn ( #1879 )
...
Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
Stephan Aßmus
33e6e13787
Refactor whitesourceExecuteScan, fix polling, error handling ( #2036 )
2020-09-18 11:54:45 +02:00