* added check if git branch name starts with refs/
* added check if branch name from jenkins starts with refs/
* added tests
* hardcoded refs/tags to test
* removed hardcode
---------
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
* small sarif fixes
* fixed merge
* attempt at pulling git source repo branch
* fix(cxone):new endpoint for project creation
* fix(cxOne): taxa is an array
* fix(cxOne): get Git branch from commonPipelineEnvironment
* fix(cxOne): add params to tag a scan and a project
* fix(cxOne): unit test - update project
* fix(cxOne): unit test - update project tags
* fix(cxOne): improve logs
* fix(cxOne): improve logs
* adding RequestNewPDFReport function using v2 api
* added version check
* fix(cxone): JSON report using v2 API
* update to set reportType in v2 reportgen
* fix(checkmarxOneExecuteScan): remove absolute patch for code preview
* fix(checkmarxOneExecuteScan): remove SCA confusion from driver name
* fix(checkmarxOneExecuteScan): search project name by exact match
* fix(checkmarxOneExecuteScan): escape branch name in deeplink
* fix(checkmarxOneExecuteScan): fix format
* fix(checkmarxOneExecuteScan): include Low severity; add Proposed Not Exploitable status to the report
---------
Co-authored-by: michael kubiaczyk <michael.kubiaczyk@checkmarx.com>
Co-authored-by: michaelkubiaczyk <48311127+michaelkubiaczyk@users.noreply.github.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
Co-authored-by: Adrien <99400874+hubadr@users.noreply.github.com>
* rename Trust Engine to System Trust
* Revert "rename Trust Engine to System Trust"
This reverts commit 66d4680324310790d41b70eed7421d121aac0e03.
* rename Trust Engine to System Trust in logs and docs
* Fix deployment failure with CF if password contains special char
* cf service test
* combined darwin and linux test, remove duplicate test
* escape username special characters
* fix build errors
* added missing build tags
* refactor abaputils
* update go version
* fix go vet errors
* replaces stringutils with slices std package
* added slices package
* 1.22.4 to 1.23.4
---------
Co-authored-by: Valentin <valentin.uchkunev@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
* small sarif fixes
* fixed merge
* attempt at pulling git source repo branch
* fix(cxone):new endpoint for project creation
* fix(cxOne): taxa is an array
* fix(cxOne): get Git branch from commonPipelineEnvironment
* fix(cxOne): add params to tag a scan and a project
* fix(cxOne): unit test - update project
* fix(cxOne): unit test - update project tags
* fix(cxOne): improve logs
* fix(cxOne): improve logs
* adding RequestNewPDFReport function using v2 api
* added version check
* fix(cxone): JSON report using v2 API
* update to set reportType in v2 reportgen
* fix(checkmarxOneExecuteScan): remove absolute patch for code preview
* fix(checkmarxOneExecuteScan): remove SCA confusion from driver name
* fix(checkmarxOneExecuteScan): search project name by exact match
* fix(checkmarxOneExecuteScan): escape branch name in deeplink
* fix(checkmarxOneExecuteScan): fix format
---------
Co-authored-by: michael kubiaczyk <michael.kubiaczyk@checkmarx.com>
Co-authored-by: michaelkubiaczyk <48311127+michaelkubiaczyk@users.noreply.github.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
Co-authored-by: Adrien <99400874+hubadr@users.noreply.github.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
* small sarif fixes
* fixed merge
* attempt at pulling git source repo branch
* fix(cxone):new endpoint for project creation
* fix(cxOne): taxa is an array
* fix(cxOne): get Git branch from commonPipelineEnvironment
* fix(cxOne): add params to tag a scan and a project
* fix(cxOne): unit test - update project
* fix(cxOne): unit test - update project tags
* fix(cxOne): improve logs
* fix(cxOne): improve logs
* adding RequestNewPDFReport function using v2 api
* added version check
* fix(cxone): JSON report using v2 API
* update to set reportType in v2 reportgen
---------
Co-authored-by: michael kubiaczyk <michael.kubiaczyk@checkmarx.com>
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
Co-authored-by: michaelkubiaczyk <48311127+michaelkubiaczyk@users.noreply.github.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
* not allowing batch token revoke
* chaging values to hold variable name
* error message when identifying service token
* refactor
---------
Co-authored-by: Googlom <alimovgb@gmail.com>
* move to old package
* go mod
* remove old
* refactor done
* Update pkg/vault/oidc.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* commit suggestions
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* commit suggestions
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* commit suggestions
---------
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Add -ws=false -iwr to npm config get registry
* Add -ws=false -iwr to npm config set registry
* Fix test
* Fix test
---------
Co-authored-by: Manjunath <manjunath.mandya.surendrakumar@sap.com>
* trust engine config and handelling for vault
* add function for resolving trust engine reference
* refactor
* add basic test
* adapt to new trust engine response format
* remove accidental cyclic dependency
* move trust engine hook config
* refactor by separating code from vault
* move trust engine files to own pkg
* adapt to changes of previous commit
* log full error response of trust engine API
* enable getting multiple tokens from trustengine
* remove comment
* incorporate review comments
* go generate
* update unit tests
* apply suggested changes from code review
* fix unit tests
* add unit tests for config pkg
* make changes based on review comments
* make trust engine token available in GeneralConfig and minor fixes
* fix error logic when reading trust engine hook
* make getResponse more flexible and update logging
* update resource reference format
* improve URL handling
* improve logging
* use errors.Wrap() instead of errors.Join()
* update log messages based on suggestions
* remove trustengine resource ref from Sonar step
---------
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: jliempt <>
* Added pagination logic for retrieving projects from Black Duck server
* fixed unit tests for getProject in blackduck
* fixed unit tests for getProject in blackduck
* fixed unit tests for getProject in blackduck
