* adding arguments
* splitting strings into args and checking position
* addtional check on adding arguments
* unit testing
* refactoring code
* unit test clean up
* add unit test for multiple params in multiple scripts
* unit test name
Co-authored-by: anilkeshav27 <you@example.com>
* feat(fortifyExecuteScan): add a max number of retries for API calls in SARIF conversion
* feat(checkmarxExecuteScan): implement max number of retries on API call for descriptions in SARIF processing
* feat(checkmarx/fortify): extra logging line when failing an API request in SARIF conversion
* fix(fortifyExecuteScan): panic if undefined projectversion in sarif
* fix(fortifyExecuteScan): logging improvement
* fix(fortifyExecuteScan): wrong if condition caused crash
* fix(fortifyExecuteScan): do not log if retries hit -1, adjust logging
* fix(SARIF): commenting API calls for Checkmarx until a solution can be found for the API issues
* feat(SARIF): add omitempty to extensions
* Improvements were made
* fixed tests
* fixed issues
* fix versioning
* fix Inclusive Language warnings
* gradle support to fortifyExecuteScan. Classpath resolving
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add ans implementation
* Remove todo comment
* Rename test function
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
* Better wording
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
* Add reading of response body function
* Use http pkg ReadResponseBody
* Check read error
* Better test case description
* Fix formatting
* Create own package for read response body
* Omit empty nested resource struct
* Separate Resource struct from Event struct
* Merge and unmarshall instead of only unmarshalling
* Improve status code error message
* Remove unchangeable event fields
* Separate event parts
* Change log level setter function
* Restructure ans send test
* Revert exporting readResponseBody function
Instead the code is duplicated in the xsuaa and ans package
* Add check correct ans setup request
* Add set options function for mocking
* Review fixes
* Correct function name
* Use strict unmarshalling
* Validate event
* Move functions
* Add documentation comments
* improve test
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
Co-authored-by: Roland Stengel <r.stengel@sap.com>
* feat(fortfiyExecuteScan): proper XML unescaping, added rulepacks to SARIF, added kingdom/type/subtype to tags
* feat(fortifyExecuteScan): proper handling of severity, kinds, levels in SARIF
* fix(fortifyExecuteScan): edge case when handling properties taht could lead to a crash
* fix(fortifyExecuteScan): ensure SARIF processing is done after latest FPR is processed by SSC
* enhance build step
* Update abapEnvironmentBuild.go
* build with addonDescriptor
* use addondescriptor
* Use Addondescriptor
* add error
* improve logging
* rename intervall to interval
* update yaml
* Update abapEnvironmentBuild.go
* Update abapEnvironmentBuild.yaml
* insert generation phase
* we do not know what we have done
* Add createServiceKey to test
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
Co-authored-by: Daniel Mieg <daniel.mieg@sap.com>
* feat(checkmarxExecuteScan): respect SARIF standard more closely
* fix(checkmarxExecuteScan): edge case where message would be empty in SARIF
* fix(checkmarxExecuteScan): better message handling to ensure field is populated
* feat(checkmarxExecuteScan): SARIF file readability
* feat(checkmarxExecuteScan): include the helpURL as part of the Help object
* fix(sarif): remove wrong structure addition
* feat(checkmarxExecuteScan): safer handling of version in SARIF file
* feat(checkmarxExecuteScan): add CWE number to tags
* fix(helmExecute): respect version from Chart
using version from CPE can create failure situations in case format is not semver.
This is the case for maven artifacts, for example.
* chore: simplify condition
* chore: cleanup
* chore: cleanup
* explicitly adding tar extension to project name when constructing the targetFilePath for whitesource docker image download
* comments
* correcting comment for better readability
* replace spaces in the project name with underscroe
* better comments
* passing legacy format download
* appending format to value
* keeping the download format for protecode as legacy
* improving docu
* keeping legacy format the default
* keeping tar file name same as project name to avoid duplicate names
* keeping legacy format download hard coded
Co-authored-by: anilkeshav27 <you@example.com>
* feat(fpr_to_sarif & GHAS): adjustments to fit some rules
* feat(fortifyExecuteScan): fit GH ingestion rules better
* feat(fortifyExecuteScan): readability in SARIF report
* feat(fortifyExecuteScan): restore escaped chars in XML text
* feat(fortifyExecuteScan): properly replace threadflowlocations in each threadflow
* fix(fortifyExecuteScan): fixed missing threadflow in SARIF generation
* feat(fortifyExecuteScan): properly handle threadflows when a node has another node as Reason (node-in-node edge case)
* feat(fortifyExecuteScan): better sarif ruleID field
Co-authored-by: thtri <trinhthanhhai@gmail.com>
* including a artifact cpe type
* removing type kind related to PR 3717
* clean up
* eliminating local path
* go formatting fix
Co-authored-by: anilkeshav27 <you@example.com>
* deprecate transportRequestCreate and transportRequestRelease
* add addBadge and createSummary method to Test classes
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
Co-authored-by: Roland Stengel <r.stengel@sap.com>