thtri
5ab432b804
fix(whitesource):add stash for checkmarxOne ( #4383 )
2023-05-30 11:06:14 +02:00
Vyacheslav Starostin
c467f002b1
Update whitesource risk-report pattern ( #4166 )
...
* Update whitesource pattern
* Update filePattern
* go generate
2023-01-05 18:37:03 +06:00
Sven Merk
a055b905f9
Fix cumulus uploads for WhiteSource and BlackDuck ( #4128 )
...
* Refurbish upload to compliance store
* Fix BD IP json path
2022-11-17 11:05:27 +01:00
Raghunath Deshpande
ad36fe5a30
Whitesource to Mend name change (only for step description docu and not step name) ( #4114 )
...
* Whitesource to Mend name change
* name change from whitesource to mend
2022-11-09 12:04:10 +01:00
Anil Keshav
f270aa4a17
including sarif files when running implicit report upload from the step itself ( #4068 )
...
Co-authored-by: anilkeshav27 <you@example.com>
2022-10-18 09:48:07 +02:00
Christopher Fenner
07eeb2f33e
feat: update node image for various steps to new LTS ( #3913 )
...
* update node image for steps
* update defaults
* update generated sources
* update tests
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
2022-09-26 18:40:55 +06:00
Sven Merk
b3f37650a2
SBOM creation for Mend ( #3934 )
...
* Fix docs and format
* Assessment format added
* Added sample file
* Added parsing
* Added packageurl implementation
* Slight refinement
* Refactored assessment options
* Adapted sample file
* First attempt of ws sbom gen
* Reworked SBOM generation
* Fix test code
* Add assessment handling
* Update dependencies
* Added golden test
* Small fix
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities ( #3889 )
...
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.
This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
Oliver Nocon
20c5f0a63b
fix(optimization) use proper cpe reference ( #3683 )
2022-03-31 10:52:54 +02:00
Oliver Nocon
276844e6a2
fix(optimization): expose parameters to general section ( #3680 )
2022-03-30 12:20:51 +02:00
Christian Volk
22f6aa156f
feat(docker): use crane for pulling docker images ( #3652 )
2022-03-23 10:02:00 +01:00
Oliver Nocon
fed08c2399
fix(whitesourceExecuteScan): proper container options for golang ( #3660 )
2022-03-22 10:40:33 +01:00
Oliver Nocon
504f076613
feat: support cpe credentials for multiple repos ( #3641 )
2022-03-17 08:01:00 +01:00
Oliver Nocon
2c837927d4
chore(whitesourceExecuteScan): Gradle config changes ( #3621 )
...
* chore(whitesourceExecuteScan): Gradle config changes
supersedes #3293
closes #3293
* update config
Co-authored-by: ffeldmann <f.feldmann@sap.com>
2022-03-11 08:18:21 +01:00
Oliver Nocon
f9ad6dc048
fix(whitesourceExecuteScan): orgToken from Vault ( #3614 )
...
supersedes #3168
2022-03-08 08:59:12 +01:00
Sven Merk
a1988f6808
feat(whitesourceExecuteScan): GitHub issue creation + SARIF ( #3535 )
...
* Add GH issue creation + SARIF
* Code cleanup
* Fix fmt, add debug
* Code enhancements
* Fix
* Added debug info
* Rework UA log scan
* Fix code
* read UA version
* Fix nil reference
* Extraction
* Credentials
* Issue creation
* Error handling
* Fix issue creation
* query escape
* Query escape 2
* Revert
* Test avoid update
* HTTP client
* Add support for custom TLS certs
* Fix code
* Fix code 2
* Fix code 3
* Disable cert check
* Fix auth
* Remove implicit trust
* Skip verification
* Fix
* Fix client
* Fix HTTP auth
* Fix trusted certs
* Trim version
* Code
* Add token
* Added token handling to client
* Fix token
* Cleanup
* Fix token
* Token rework
* Fix code
* Kick out oauth client
* Kick out oauth client
* Transport wrapping
* Token
* Simplification
* Refactor
* Variation
* Check
* Fix
* Debug
* Switch client
* Variation
* Debug
* Switch to cert check
* Add debug
* Parse self
* Cleanup
* Update resources/metadata/whitesourceExecuteScan.yaml
* Add debug
* Expose subjects
* Patch
* Debug
* Debug2
* Debug3
* Fix logging response body
* Cleanup
* Cleanup
* Fix request body logging
* Cleanup import
* Fix import cycle
* Cleanup
* Fix fmt
* Fix NopCloser reference
* Regenerate
* Reintroduce
* Fix test
* Fix tests
* Correction
* Fix error
* Code fix
* Fix tests
* Add tests
* Fix code climate issues
* Code climate
* Code climate again
* Code climate again
* Fix fmt
* Fix fmt 2
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-23 09:30:19 +01:00
Siarhei Pazdniakou
a059a41c68
feat(whitesourceExecuteScan): add gcs upload to the step ( #3427 )
...
* Add gcs upload to whitesourceExecuteScan step
* go generate
* patterns were updated
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-21 09:51:52 +01:00
Sven Merk
ae9cb1e6f2
Fix alias definition for agentUrl ( #3328 )
...
* Fix alias definition for agentUrl
* Update generated file
2021-12-03 12:16:31 +01:00
Philipp Stehle
f9f0cbfd33
enforce that step metadata yaml file is called <step>.yaml ( #3226 )
...
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
2021-11-15 14:20:20 +01:00