1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-18 05:18:24 +02:00

36 Commits

Author SHA1 Message Date
xgoffin
3c55d3c99c
feat(checkmarxExecuteScan): convert Checkmarx xml report to SARIF (#3696)
* feat(checkmarxExecuteScan): sarif conversion for Checkmarx XML reports

* feat(checkmarxExecuteScan): added taxonomies and similarityID

* fix(checkmarxExecuteScan): proper handling of ruleId and ruleIndex

* fix(sarif): mistype in checkmarx properties

* fix(checkmarxExecuteScan): fixed occasional panics when handling audit comment

* chore(sarif): proper variable naming

* chore(code): fix missing and unrecognized comments

* trigger PR

* fix(format): extra space

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-04-04 16:12:35 +02:00
Christian Volk
26bf3808fe
chore(checkmarxExecuteScan): split and trim filterPattern (#3661) 2022-03-23 11:45:05 +01:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637)
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
Sven Merk
c1d2e6ad16
Add toggle for GH issue creation (#3601)
* Add toggle for GH issue creation

* Fix fmt
2022-03-02 15:46:56 +01:00
Adrien
a73951909b
checkmarxExecuteScan fixes (#3540)
* Fix FilterByTeamName and LoadExistingProject

* Fix project name loop

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-02-28 14:22:47 +01:00
thtrinh
d86cfce6e6
Checkmarx json report (#3565)
* feat(checkmarx) : Checkmarx JSON Report

* Test cases with some fix

* Information total and audited test assertions

* feat(checkmarx): align total/audited with existing calculation

* fix(checkmarx): Reporting unit test

Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-25 14:20:36 +01:00
Oliver Nocon
a4a0873081
feat(checkmarx): create GitHub issue with findings (#3543)
* feat(checkmarx): create GitHub issue with findings

* add github issue reporting
2022-02-17 15:16:55 +01:00
Sven Merk
86e8125279
feat(checkmarxExecuteScan): Improve cx report (#2991)
* Improve checkmarx report

* Fix test and fmt

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-09-15 09:45:56 +02:00
Sven Merk
2997714a02
checkmarxExecuteScan: Improve error message on compliance issues (#3083)
* Update checkmarxExecuteScan.go

* Fix test
2021-09-07 13:10:11 +02:00
Sven Merk
1ddd966249
Enforce non-incremental scans when optimized and scheduled (#3039)
* Enfore non-incremental scans when optimized

* Update resources/metadata/checkmarx.yaml

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>

* Update generated file

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-08-10 11:27:28 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization (#2976)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text
2021-07-09 10:19:42 +02:00
larsbrueckner
61fe88e199
Add "toolrecord" files to Fortify, Checkmarx, Protecode and Whitesource results (#2929)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-23 15:05:00 +02:00
Fabian Reh
44ca6db57c
Fix checkmarx execute scan (#2765)
* Remove error check on preset conversion

Signed-off-by: Fabian Reh <fabian.reh@sap.com>
2021-04-19 10:15:07 +02:00
Fabian Reh
9f55c4360d
Fix checkmarx execute scan (#2747)
* Fixes infinite recursion

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Adds test for infinite recursion

Signed-off-by: Fabian Reh <fabian.reh@sap.com>
2021-04-08 09:16:47 +02:00
Fabian Reh
bb62252600
Refactor(checkmarxExecuteScan): filterFileGlob (#2490)
* * Fixes filterFileGlob as it did not evaluate all patterns
* Adapts unit tests to cover all functionality

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* * Fixes comment

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* * Adds tests for error cases
* Adds mock utils to mock external calls for errors

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* * Adds test for os.Open

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Cleans code

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Makes test OS independent

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Makes TestFilterFileGlob run in parallel

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Marks all tests to run in parallel

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for string conversion and zip file

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for write file

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for write file

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for PathMatch

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Refactor zipFolder method to reduce complexity

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* simplify parameters

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Revert "simplify parameters"

This reverts commit 0bfc58280834c898c51218e4bb4b94fe0c7b3e86.

* Revert "Revert "simplify parameters""

This reverts commit 102633cf2d1b2c618f7330bd78ad24c2c7e741da.

* Extract getWorkspace to reduce parameters

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Adapts tests to new error handling of 0 files zip

Only logs error for 0 files zip if no other errors appeared

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Extract method to reduce complexity

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* rename method

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* remove method needing many parameters

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* remove strconv api

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* remove project variable as project is created in this method

Signed-off-by: Fabian Reh <fabian.reh@sap.com>
2021-04-08 07:05:37 +02:00
Sven Merk
8c6089cca9
checkmarxExecuteScan: Fix error message on empty ZIP (#2709)
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-04-07 09:56:19 +02:00
Sven Merk
d52a1a3619
Influx step execution reporting (#2700)
* Influx step execution reporting

* influx for newmanExecute added

Co-authored-by: lndrschlz <leander.schulz01@sap.com>
2021-03-18 10:32:03 +01:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements (#2171)
* update data type of influx measurements

* Update checkmarx.yaml

* pick changes from #1885 for testing

* update generated code

* update to new datatype

* adjust to type changes

* change back to string type

* Update fortifyExecuteScan.go

* add typo to be backward compatible

* change type to int for files_scanned and lines_of_code_scanned

* add typo

* add measurements to whitesource

* update generated sources

* adjust test cases

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 16:00:53 +01:00
Sven Merk
5d1782aa01
checkmarxExecuteScan: adapt to 9.2 api (#2363)
* Update checkmarxExecuteScan.go

* api mods

* Switch default

* Fix decode

* mod marshalling

* Fix unmarshalling

* Code fmt and small fix

* Optimize preset handling

* Integer handling

* Fix test

* cleanup

* go fmt

* Improve test
2020-11-25 13:47:26 +01:00
Sven Merk
3c7712f2ee
Retry capabilities for HTTP requests + enablement for Checkmarx step (#2346) 2020-11-11 13:35:53 +01:00
Christopher Fenner
b8d3a7d1a9
fix(influx): correct project_name field name (#2195)
* Update checkmarx.yaml

* regenerate

* adjust code
2020-10-19 13:09:17 +02:00
Oliver Nocon
0fb7ee5488
fix: Checkmarx project creation (#2112)
* fix : allow creation of Checkmarx projects

* checkmarx: fix project creation

* do not swallow error

* fix preset error handling
2020-10-05 08:16:18 +02:00
Oliver Nocon
9354697525
fix : allow creation of Checkmarx projects (#2106) 2020-10-01 17:08:07 +02:00
Oliver Nocon
15b3957137
checkmarxExecuteScan: update error handling (#2084)
* checkmarxExecuteScan: update error handling

* Update cmd/checkmarxExecuteScan.go

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>

* include PR feedback

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-09-29 09:23:31 +02:00
Christopher Fenner
6999380ee3
chore(go): simplify code using gofmt -s (#2065) 2020-09-24 08:58:53 +02:00
Christopher Fenner
b219fb6514
fix(typo): found by misspell (#2064)
* fix typos in step yamls

* fix typos in go files

* regenerate step code

* fix typos in md files

* fix typos in groovy files

* fix further typos
2020-09-24 07:41:06 +02:00
Oliver Nocon
c8b1ffd654
checkmarxExecuteScan: fix PR project identification (#2055) 2020-09-22 14:39:34 +02:00
Sven Merk
4ae46823b1
Fix PR feature (#2048)
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-09-22 12:36:22 +02:00
Sven Merk
612d3a645b
Support verify only mode for SAST tools (#2018)
* Support verify only mode for SAST

* Include feedback

* Add tests

* Fix imports
2020-09-18 08:19:34 +02:00
Sven Merk
51158d2457
checkmarxExecuteScan: Fix access to projects (#1997) 2020-09-10 11:14:58 +02:00
Stephan Aßmus
ec779a719b
Checkmarx: honor "preset" parameter also for existing projects (#1893) 2020-08-06 17:20:26 +02:00
lndrschlz
94dba13fef
fix(checkmarxExecuteScan): whitespace in filePatterns; log output; (#1784)
* removed whitespaces in filePatterns and add zip file count log

* safer string-replace for whitespaces

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2020-07-20 16:50:48 +02:00
Daniel Kurzynski
41c1653a06
Fix checkmarx (#1655) 2020-06-12 09:22:22 +02:00
Oliver Nocon
9c1bd04752
Streamline step generation (#1142)
* Streamline step generation
* Include PR feedback, update DEVELOPMENT.md

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2020-02-04 10:46:43 +01:00
Sven Merk
36423eb78d
Avoid potential collisions among steps (#1141)
* Avoid potential collisions amongst steps

* Improve code, move to JenkinsUtils

* Improve code

* Improve tests

* Fix test

* Add scope on golang side
2020-02-03 15:25:49 +01:00
Sven Merk
cbe368fe36
Checkmarx as golang (#1075)
* Added base functionality for checkmarx interaction

* Extend http client with file upload capabilities

* Latest changes

* Add debug logging

* Introduce Uploader interface

* Add tests for checkmarx client

* Hook new checkmarx command

* Improve coverage

* Add tests

* Improved test coverage and fixed code

* Add influx reporting

* Add alternation capabilities

* Add groovy step

* Try fix cmd

* Enhancements

* Fix report generation

* Final performance improvements

* Fix code

* Structure code, cleanup

* Improvements

* Fix codeclimate issue

* Update groovy

* Adapt latest changes to http

* Fix test

* Fix http tests

* Fix test

* Fix test

* Fix test 2

* Fix code

* Fix code 2

* Fix code

* Code

* Fix

* Fix

* Add report and link handling

* Fix returns, add groovy test

* Review comments

* Added doc template

* Docs update

* Remove SAP internals

* Better status display

* Add name to link

* Fix test

* Fix

* Fix verbose handling

* Fix verbose handling 2

* Fix verbose handling 3

* Fix

* Tiny improvements

* Regenerate

* Fix test

* Fix test code

* Fix verbosity issue

* Fix test

* Fix test

* Fix test
2020-01-27 23:40:53 +01:00