1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

1253 Commits

Author SHA1 Message Date
Daria Kuznetsova
ccd2acfbb2
fix(codeqlExecuteScan): logging when use both Vault and Jenkins Credentials config (#4600)
* added logging if unauthorized for github

* refactored

* fixed log message & added logging github response

* deleted extra log

* refactored log message
2023-09-27 14:59:35 +03:00
Dmitrii Pavlukhin
4c9dd41cbc
detect-removed-temporary-unmap-enforcement (#4594) 2023-09-25 16:12:19 +03:00
sumeet patil
33067a5cb4
fix(codeqlExecuteScan): Fix working directory (#4597) 2023-09-25 16:52:54 +05:30
larsbrueckner
a946034f74
toolrecord/whitesource: improve URL generation (#4581)
toolrecord file:
- drop the hardcoded default url
- use the more user-friendly project ID instead of the project token
2023-09-20 20:43:41 +05:30
Googlom
3744787348
chore(refactor): Switch GitHub actions provider to use github sdk (#4563)
* refactor github package and use builder pattern for client

* switch to github package

* some renamings

* fix panic on uninitialized provider

* fix according to review comments

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2023-09-20 09:38:45 +00:00
Dmitrii Pavlukhin
1e993263e6
removed enforcement (#4576)
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-09-19 12:20:55 +03:00
Dmitrii Pavlukhin
971d5d1461
Making detect8 default script (#4568)
* made detect8 default

* amended tests to reflect detect 8

* amended

* amend

* amend

* amend tests

* 1

* 1

* tests-with-temp-changes-for-transition

* removed auto unmapping for detect7

* added-old-parameters-as-deprecated
2023-09-18 16:33:09 +03:00
Dmitrii Pavlukhin
b3dc339058
Removed quotation for several detect8 parameters to fix double quotation issue (#4565)
* removed quotation for detect8

* changed order of args

* chagned order
2023-09-14 10:07:53 +03:00
Egor Balakin
3eb4f165b2
feat(commonPipelineEnvironment): encrypt CPE (#4504)
* encrypt CPE - init

* fix

* disable encrypt on Jenkins

* get PIPER_pipelineEnv_SECRET from vault

* reuse artifactPrepareVersionOptions

* encrypt only with orchestrator.GitHubActions

* Workaround: orchestrators expect json

* add encryptedCPE flag

* remove JSON workaround

* throw error if stepConfigPassword is empty

* fix log messages

---------

Co-authored-by: Egor Balakin <egor.balakin@sap.com>
2023-09-11 12:58:57 +04:00
Marcus Holl
e80adc5ab9
helmExecute: opt out from template parsing (#4511)
Add option to opt out from helm template parsing

Co-authored-by: Linda Siebert <linda.siebert@sap.com>
Co-authored-by: Alexander Link <33052602+alxsap@users.noreply.github.com>
2023-09-08 10:30:30 +02:00
Linda Siebert
b58bb87114
Set chartPath to general for kubernetesDeploy (#4537) 2023-09-07 11:36:59 +02:00
renovate[bot]
67bcada96a
fix(deps): update module github.com/hashicorp/vault to v1.14.0 [security] (#4427)
* fix(deps): update module github.com/hashicorp/vault to v1.13.5 [security]

* fix(deps): update module github.com/Azure/azure-sdk-for-go/tree/sdk/storage/azblob to v0.4.1

* fix(deps): update module github.com/hashicorp/vault/sdk to v0.9.2
fix(deps): update module oras.land/oras-go to v1.2.3

* fix(deps): update module github.com/hashicorp/vault/sdk to v0.9.2-0.20230530190758-08ee474850e0
fix(deps): update module github.com/hashicorp/vault/sdk to v0.9.2-0.20230530190758-08ee474850e0

* replacing deprecated function

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2023-09-06 13:12:51 +05:00
michaelkubiaczyk
bc8d5efe46
Cxone release supporting applications (#4548)
* Initial in progress

* compiling but not yet functional

* Missed file

* updated checkmarxone step

* Working up to fetching a project then breaks

* Missed file

* Breaks when retrieving projects+proxy set

* Create project & run scan working, now polling

* Fixed polling

* added back the zipfile remove command

* Fixed polling again

* Generates and downloads PDF report

* Updated and working, prep for refactor

* Added compliance steps

* Cleanup, reporting, added groovy connector

* fixed groovy file

* checkmarxone to checkmarxOne

* checkmarxone to checkmarxOne

* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix

* Fixed filenames & yaml

* missed the metadata_generated.go

* added json to sarif conversion

* fix:type in new checkmarxone package

* fix:type in new checkmarxone package

* removed test logs, added temp error log for creds

* extra debugging to fix crash

* improved auth logging, fixed query parse issue

* fixed bug with group fetch when using oauth user

* CWE can be -1 if not defined, can't be uint

* Query also had CweID

* Disabled predicates-fetch in sarif generation

* Removing leftover info log message

* Better error handling

* fixed default preset configuration

* removing .bat files - sorry

* Cleanup per initial review

* refactoring per Gist, fixed project find, add apps

* small fix - sorry for commit noise while testing

* Fixing issues with incremental scans.

* removing maxretries

* Updated per PR feedback, further changes todo toda

* JSON Report changes and reporting cleanup

* removing .bat (again?)

* adding docs, groovy unit test, linter fixes

* Started adding tests maybe 15% covered

* fix(checkmarxOne): test cases for pkg and reporting

* fix(checkmarxOne):fix formatting

* feat(checkmarxone): update interface with missing method

* feat(checkmarxone):change runStep signature to be able to inject dependency

* feat(checkmarxone): add tests for step (wip)

* Adding a bit more coverage

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix integration test PR

* adding scan-summary bug workaround, reportgen fail

* enforceThresholds fix when no results passed in

* fixed gap when preset empty in yaml & project conf

* fixed another gap in preset selection

* fix 0-result panic

* fail when no preset is set anywhere

* removed comment

* initial project-under-app support

* fixing sarif reportgen

* some cleanup of error messages

* post-merge test fixes

* revert previous upstream merge

* fix:formatting

* fix(checkmarxOne):yamllint too many blank lines

* fix(checkmarxOne):unit test

* fix(checkmarxOne):generated code

---------

Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
2023-09-05 21:49:27 +02:00
Dmitrii Pavlukhin
0f04b5f6e1
added detect8 support (#4545) 2023-09-01 15:25:37 +03:00
sumeet patil
f6e6d04408
feat(fortifyExecuteScan): Fortify proxy parameter (#4543) 2023-08-31 17:18:18 +05:30
Christopher Fenner
8507ca2c17
feat(logging): print out commit sha of code used to build the binary (#4541)
* feat(logging): print out commit sha of code used to build the binary

* Update piper.go
2023-08-30 17:28:03 +02:00
Jk1484
e54d603898
chore(deps): update golang version to 1.19 (#4533)
Co-authored-by: I557621 <jordi.van.liempt@sap.com>
2023-08-23 16:29:02 +02:00
Egor Balakin
143c5b0bc3
fix(githubPublishRelease): ListByRepo - enable pagination (#4509)
* fix githubPublishRelease

---------

Co-authored-by: Egor Balakin <egor.balakin@sap.com>
2023-08-22 09:45:54 +02:00
Marcus Holl
d6d3b6b091
helmExecute triggered by buildExecute (#4521) 2023-08-21 11:10:00 +02:00
Andrei Kireev
e87b514b00
Fix issue with failing pipelines because of ignored alerts (#4518)
* Temporary commented adition of ignored alerts to the all alerts

* Removed adding from other places
2023-08-16 13:57:46 +02:00
Jordi van Liempt
0ba4c2206c
chore(deps): Replace io/ioutil package (#4494)
* update all deprecated ioutil usages

* forgotten changes

* add missing imports

* undo changing comment

* add missing 'os' import

* fix integration test

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2023-08-16 12:57:04 +02:00
Andrei Kireev
69347fe2af
feat(whitesourceExecuteStep) Unified audit format of vulnerabilities in SARIF file for whitesource (#4465)
* Unified audit state for whitesource step

* reverted unrelated to pr changes

* go fmt

* Fixed tests and formating

* fixed format issue in whitesource/reporting.go

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-08-15 08:26:57 +02:00
Jordi van Liempt
d01c161822
fix(golangBuild): BOM creation failed with private Go modules (#4460)
* quickly try to only specify base private repo URLs with git config

* fix the test

* refactoring of private modules

* test

* fix test

* fix url

* typo

* Adding gitConfiguration

* typo

* unit test

* unit test

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: aibaend1 <106729492+aibaend1@users.noreply.github.com>
Co-authored-by: asadu <aibyn_sadu@epam.com>
2023-08-14 10:03:43 +02:00
Egor Balakin
9189ab37b5
remove STAGES scope from kanikoExecute.multipleImages param (#4508)
Co-authored-by: Egor Balakin <egor.balakin@sap.com>
2023-08-11 13:31:53 +04:00
Googlom
8c863e457f
sapCumulusUpload step deactivation if its the only active step in stage (#4476)
* implement deactivation logic

* add step condition field

* add unit test and fix evaluateConditions

* add unit test for v1 and fix evaluateConditionsV1

* rollback old evaluator

* rollback v1 evaluator

* move into notActiveCondition and fix unit tests

* add a comment about sapCumulusUpload step

* optimize evaluateConditionsV1 parameters and map memory allocation

* refactor unit tests and add more test cases

* evaluateConditionsV1 refactored

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2023-08-10 16:11:33 +05:00
Ralf Pannemans
97edad076a
feat(cnbbuild): add build summary (#4506)
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
2023-08-09 09:18:48 +02:00
Ralf Pannemans
086232d201
chore(cnbbuild): Bump PLATFORM_API to 0.11 (#4507)
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
2023-08-08 14:52:51 +02:00
Egor Balakin
e2bf31872b
kanikoExecute: add multiple build (#4461)
* kanikoExecute: add MultipleImages option

---------

Co-authored-by: Egor Balakin <egor.balakin@sap.com>
2023-08-07 16:58:59 +04:00
Johannes Dillmann
b474eb2de7
Refactor buildpacks telemetry (#4467) 2023-08-04 13:31:33 +02:00
Jordi van Liempt
8bc827d494
feat(kaniko): Add optional verbose logging for kaniko command (#4499)
* add optional verbose logging for kaniko command

* change order of conditional arg appending

* change kaniko verbosity from trace to debug

* change kaniko verbosity from trace to debug

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
2023-08-04 08:53:24 +02:00
aibaend1
a247dc2694
adding verbose log of cyclonedx (#4492)
* adding log of cyclonedx

* fix test

* fix integration test

* fix assertion of test

---------

Co-authored-by: asadu <aibyn_sadu@epam.com>
2023-08-02 13:47:06 +06:00
sumeet patil
08d22a62e2
fix(checkmarxOne): added missing report (#4482)
* fix(checkmarxOne): added missing report

* added missing files after go generate
2023-07-27 09:35:54 +02:00
Daria Kuznetsova
84dead704b
added querySuite to codeql audit report (#4485) 2023-07-25 15:50:26 +03:00
thtri
c339f32d97
fix(checkmarxOne): changed json report (#4478)
* fix(checkmarxOne): changed json report
2023-07-21 10:16:25 +05:30
tiloKo
f9f1b59894
Abap environment build tag support (#4479)
* Hand over Tag to bf

---------

Co-authored-by: rosemarieB <45030247+rosemarieB@users.noreply.github.com>
2023-07-20 15:57:57 +02:00
Daria Kuznetsova
e117067a66
fix(codeqlExecuteScan): changed audit report format (#4474)
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-07-19 19:16:05 +05:30
Akramdzhon Azamov
b703995917
feat(detectExecuteScan): deprecating parameter scanOnChanges (#4473)
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-07-19 15:25:17 +05:30
Daniel Mieg
994e87479d
ABAP: Add details for EOF errors (#4442)
* Add details for EOF errors

* Add testcase

* remove test

* Add unit test
2023-07-18 09:05:53 +02:00
Vyacheslav Starostin
3d63ce235c
Add the possibility to push data to Splunk Prod (#4459)
* Add Splunk Prod

* Update test data

* Update naming

* Unit-test: update naming

* Fix

* Fix typo

* Fix test

* go generate
2023-07-14 19:19:57 +06:00
Ashly Mathew
9a0b84a953
Pin version of golang BOM to 1.4.0 (#4462) 2023-07-12 17:49:11 +02:00
Daria Kuznetsova
96f5508c8a
fix(codeqlExecuteScan): moved flag checkIfCompliance (#4443)
* moved checkForCompliance flag, updated description of sarif check params

* added generated codeqlExecuteScan

* moved appending reports before checking for compliance

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-07-11 22:02:54 +05:30
Pavel Busko
610e212306
feat(cnbBuild) Add support for pre and post-buildpacks (#4448)
* Add pre and post buildpacks

Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>

* fix integration tests

Co-authored-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* simplify if clauses

Co-authored-by: Pavel Busko <pavel.busko@sap.com>

---------

Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
2023-07-06 11:34:05 +02:00
Pavel Busko
13f1e94ade
fix(cnbBuild): read dockerConfigJSON from CPE and merge it with user-provided (#4444)
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
2023-07-04 14:19:02 +02:00
Pavel Busko
1befaa80a2
fix(cnbBuild): correctly construct docker config using credentials (#4441)
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
2023-07-03 08:55:06 +00:00
Pavel Busko
d8dacda121
feat(cnbBuild): support setting registry username and password via parameters (#4426)
* feat(cnbBuild): support setting registry username and password via parameters

* fix gitops integration test assertion

Co-authored-by: Pavel Busko <pavel.busko@sap.com>

* Update integration/integration_gitops_test.go

---------

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
2023-06-30 12:02:35 +00:00
Jk1484
30d82e920d
fix(kaniko): Update documentation (#4405)
* replacing mandatory if to mandatory.

* Revert "replacing mandatory if to mandatory."

This reverts commit f98ab5f0ff.

* Update documentation

* go generate

* Update documentation

* go generate

---------

Co-authored-by: Ashly Mathew <ashly.mathew@sap.com>
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
2023-06-29 14:11:34 +06:00
Jordi van Liempt
bc2cdd18b8
fix(url-logger): Enable access log generation for mavenBuild (#4421)
Co-authored-by: I557621 <jordi.van.liempt@sap.com>
2023-06-28 09:27:08 +02:00
Anil Keshav
a9bab48557
feat (url-logger) Implement logic for a selection classifier (#4411)
* forcing the urls finder to relaxed

* adding a classifier map

* passing the stepName to the kaniko command executor bundle

* pass stepName to maven utils for mavenBuild

* improve enabling of Maven access log generation

* Revert "improve enabling of Maven access log generation"

This reverts commit 80b77223cd.

* Revert "pass stepName to maven utils for mavenBuild"

This reverts commit a4f99ae160.

* use reflection to update command stepName for mavenBuild

* Revert "use reflection to update command stepName for mavenBuild"

This reverts commit ef85c78669.

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2023-06-26 08:47:11 +02:00
Andrei Kireev
ae4550d0dd
fix(detectExecuteScan) Fixed problem with duplication of maven command (#4412)
* Fixed problem with duplication of maven command

* go fmt
2023-06-23 14:24:03 +02:00
Dmitrii Pavlukhin
f81b473723
fix(detectExecuteScan): Fix license incorrect fail with FailOn parameter (#4415)
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-06-21 11:48:00 +05:30
Daria Kuznetsova
6eb4c2e72d
fix(codeqlExecuteScan): added waiting for the SARIF file upload (#4409)
* added waiting for the sarif file uploaded & tests

* increased polling time, added timeout for waiting response from server & tests

* fixed handling error while waiting sarif uploaded

* added params for checking sarif uploaded & refactor

* added test logs

* fixed logs and test

* added returning missed error

* changed params descriptions and server response error processing processing

* fixed retrying logic

* increased polling timeout params & refactored
2023-06-20 15:50:28 +03:00
Marcus Holl
8b36ae70e7
Adjust npmExecuteLint (output-format, print output to console) (#4407)
* Adjust npmExecuteLint (output-format, print output to console)

Co-authored-by: Srinikitha Kondreddy <srinikitha.kondreddy@sap.com>
2023-06-19 12:04:37 +02:00
Marcus Holl
799853e791
[refactor] avoid code duplication when invoking eslint (#4401) 2023-06-15 12:27:38 +02:00
sumeet patil
9b60fcf506
fix(codeqlExecuteScan): fixed logic for getting code-scanning alerts (#4393) 2023-06-14 16:59:01 +05:30
Anil Keshav
39d52a2123
feat (protecodeExecuteScan) enhancing protecode step with registry credentials (#4378)
* enhancing protecode with registry credentials

* Use protecodeUtils instead of separate package

* Add target path for docker config to be created

* Fix tests

* Fix build flags

---------

Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
2023-06-14 09:11:33 +02:00
Marcus Holl
97495fd18b
fix: resolve lint files (#4392)
Fix glob pattern for resolving eslint files
Do not swallow exception when resolving lint files
2023-06-07 14:58:44 +02:00
sumeet patil
416cb1d327
fix(codeqlExecuteScan): added report file to output resources (#4388) 2023-06-02 18:31:52 +05:30
michaelkubiaczyk
072378bb83
Cxone release - Fixes for 0-result scans, better preset handling (#4387)
* Initial in progress

* compiling but not yet functional

* Missed file

* updated checkmarxone step

* Working up to fetching a project then breaks

* Missed file

* Breaks when retrieving projects+proxy set

* Create project & run scan working, now polling

* Fixed polling

* added back the zipfile remove command

* Fixed polling again

* Generates and downloads PDF report

* Updated and working, prep for refactor

* Added compliance steps

* Cleanup, reporting, added groovy connector

* fixed groovy file

* checkmarxone to checkmarxOne

* checkmarxone to checkmarxOne

* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix

* Fixed filenames & yaml

* missed the metadata_generated.go

* added json to sarif conversion

* fix:type in new checkmarxone package

* fix:type in new checkmarxone package

* removed test logs, added temp error log for creds

* extra debugging to fix crash

* improved auth logging, fixed query parse issue

* fixed bug with group fetch when using oauth user

* CWE can be -1 if not defined, can't be uint

* Query also had CweID

* Disabled predicates-fetch in sarif generation

* Removing leftover info log message

* Better error handling

* fixed default preset configuration

* removing .bat files - sorry

* Cleanup per initial review

* refactoring per Gist, fixed project find, add apps

* small fix - sorry for commit noise while testing

* Fixing issues with incremental scans.

* removing maxretries

* Updated per PR feedback, further changes todo toda

* JSON Report changes and reporting cleanup

* removing .bat (again?)

* adding docs, groovy unit test, linter fixes

* Started adding tests maybe 15% covered

* fix(checkmarxOne): test cases for pkg and reporting

* fix(checkmarxOne):fix formatting

* feat(checkmarxone): update interface with missing method

* feat(checkmarxone):change runStep signature to be able to inject dependency

* feat(checkmarxone): add tests for step (wip)

* Adding a bit more coverage

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix integration test PR

* adding scan-summary bug workaround, reportgen fail

* enforceThresholds fix when no results passed in

* fixed gap when preset empty in yaml & project conf

* fixed another gap in preset selection

* fix 0-result panic

* fail when no preset is set anywhere

* removed comment

---------

Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
2023-06-01 11:03:01 +02:00
Daria Kuznetsova
cd71282f00
fix(codeqlExecuteScan): pagination call for getting codescanning results (#4370)
pagination call for getting code scanning results

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-05-31 14:07:09 +05:30
Leonard Heilos
c15448b4e0
feat(whitesourceExecuteScan): allow to specify InstallCommand (#4376)
* feat(whitesourceExecuteScan) allow to specify InstallCommand

* reorder imports

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-05-30 16:00:02 +02:00
Jk1484
a2109c59b5
fix(gradle): Pin schema version of cyclonedx (#4367)
Co-authored-by: Ashly Mathew <ashly.mathew@sap.com>
Co-authored-by: Vyacheslav Starostin <32613074+vstarostin@users.noreply.github.com>
2023-05-30 16:21:16 +06:00
Jk1484
7f2e58b211
fix(golangBuild): pinversion of cyclonedx (#4368)
* output version pin for cyclonedx

* test fix

---------

Co-authored-by: Vyacheslav Starostin <32613074+vstarostin@users.noreply.github.com>
2023-05-30 16:06:34 +06:00
thtri
5ab432b804
fix(whitesource):add stash for checkmarxOne (#4383) 2023-05-30 11:06:14 +02:00
Vyacheslav Starostin
b305cd102d
kubernetesDeploy: Add kube-context parameter for helm test command (#4332)
* kubernetesDeploy: Add kube-context parameter for helm test command

* Resolve merge conflict
2023-05-25 17:03:33 +06:00
sumeet patil
1c018dbff7
feat(codeqlExecuteScan) : auto fill api url (#4369) 2023-05-22 19:59:43 +05:30
Ashly Mathew
b4e678333b
fix(Python) :Pin version of cyclonedx package for python builds (#4356) 2023-05-22 14:03:40 +02:00
larsbrueckner
1e4b88a6f8
detectExecuteScan: fix toolrun data (#4366) 2023-05-17 17:21:03 +05:30
Srinikitha Kondreddy
a76b20f09f
Upgrade sonar scanner cli image version to 4.8 (#4362)
* Uprade sonar scanner cli version to 4.8

* Update download url
2023-05-17 09:24:27 +02:00
Srinikitha Kondreddy
1d78ef35d4
Add proxy config to sonar scan step (#4333)
* Add proxy config for sonar scan step

Update sonar.go

Import fmt

Update sonar.go

Use serverUrl from config

Update sonarExecuteScan.go

Add proxy param

Add proxy check

Update sonarExecuteScan.go

Update sonarExecuteScan.go

Update http.go

Update sonarExecuteScan.go

Update sonarExecuteScan.go

Add env variable

Fix typo

Fix string

Split host port

Typo

Remove echoes

* Code review change

* Refactor

* Update cmd/sonarExecuteScan.go

Co-authored-by: dimitrij-afonitschkin <131276293+dimitrij-afonitschkin@users.noreply.github.com>

* Add proxy config for sonar scan step

Update sonar.go

Import fmt

Update sonar.go

Use serverUrl from config

Update sonarExecuteScan.go

Add proxy param

Add proxy check

Update sonarExecuteScan.go

Update sonarExecuteScan.go

Update http.go

Update sonarExecuteScan.go

Update sonarExecuteScan.go

Add env variable

Fix typo

Fix string

Split host port

Typo

Remove echoes

* Code review change

* Refactor

* Update cmd/sonarExecuteScan.go

Co-authored-by: dimitrij-afonitschkin <131276293+dimitrij-afonitschkin@users.noreply.github.com>

* Add compatability to other usecases

---------

Co-authored-by: dimitrij-afonitschkin <131276293+dimitrij-afonitschkin@users.noreply.github.com>
2023-05-16 09:31:33 +02:00
Ralf Pannemans
019ef17fd7
feat(helmExecute): Allow custom delimiter (#4312)
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com>
2023-05-08 16:24:24 +02:00
Daria Kuznetsova
7de6f38d98
fix(codeqlExecuteScan): fixed regexp pattern to correctly parse ssh url (#4349) 2023-05-05 18:57:47 +02:00
Pavel Busko
35a55044b4
Add renderSubchartNotes property to helmExecute and kubernetesDeploy (#4238)
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
2023-05-05 14:23:11 +02:00
michaelkubiaczyk
d12f01d90f
Adding support for CheckmarxOne platform (#4317)
* Initial in progress

* compiling but not yet functional

* Missed file

* updated checkmarxone step

* Working up to fetching a project then breaks

* Missed file

* Breaks when retrieving projects+proxy set

* Create project & run scan working, now polling

* Fixed polling

* added back the zipfile remove command

* Fixed polling again

* Generates and downloads PDF report

* Updated and working, prep for refactor

* Added compliance steps

* Cleanup, reporting, added groovy connector

* fixed groovy file

* checkmarxone to checkmarxOne

* checkmarxone to checkmarxOne

* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix

* Fixed filenames & yaml

* missed the metadata_generated.go

* added json to sarif conversion

* fix:type in new checkmarxone package

* fix:type in new checkmarxone package

* removed test logs, added temp error log for creds

* extra debugging to fix crash

* improved auth logging, fixed query parse issue

* fixed bug with group fetch when using oauth user

* CWE can be -1 if not defined, can't be uint

* Query also had CweID

* Disabled predicates-fetch in sarif generation

* Removing leftover info log message

* Better error handling

* fixed default preset configuration

* removing .bat files - sorry

* Cleanup per initial review

* refactoring per Gist, fixed project find, add apps

* small fix - sorry for commit noise while testing

* Fixing issues with incremental scans.

* removing maxretries

* Updated per PR feedback, further changes todo toda

* JSON Report changes and reporting cleanup

* removing .bat (again?)

* adding docs, groovy unit test, linter fixes

* Started adding tests maybe 15% covered

* fix(checkmarxOne): test cases for pkg and reporting

* fix(checkmarxOne):fix formatting

* feat(checkmarxone): update interface with missing method

* feat(checkmarxone):change runStep signature to be able to inject dependency

* feat(checkmarxone): add tests for step (wip)

* Adding a bit more coverage

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix integration test PR

---------

Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
2023-05-05 14:05:58 +02:00
Ashly Mathew
ca74be10ad
Change maven schema version to 1.4 (#4337) 2023-05-04 10:29:32 +02:00
Christopher Fenner
56c12a6f5f
feat(karma): add verbose logging for karma (#4340)
* feat(karma): add verbose logging for karma

* Update karmaExecuteTests_test.go

* Update karmaExecuteTests.go

* Update karmaExecuteTests.go

* fmt

* correct test case
2023-05-04 09:38:23 +02:00
Jk1484
ffc931aad1
feat(golangBuild): use 'unit' build tag to include tests during test execution (#4345)
* Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files.

* Added unit build tag to all unit test files.

* added to new unit test unit build tag

* Update verify-go.yml

* small fix

---------

Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2023-05-03 21:02:11 +05:00
sumeet patil
70ed56b22d
fix(codeqlExecuteScan): checkForComplaince flag refactoring (#4344) 2023-05-03 12:29:04 +02:00
Alexander Link
70b09d6868
Improve error message for integrationArtifactGetServiceEndpoint (#4341) 2023-05-02 16:34:24 +02:00
sumeet patil
6dad124367
feat(codeqlExecuteScan): CodeQL compliance report and check (#4335)
* CodeQL compliance report and check

* fix test cases

---------

Co-authored-by: Daria Kuznetsova <d.kuznetsova@sap.com>
2023-04-28 15:47:05 +02:00
Anil Keshav
17c9f5ca65
feat (kuberenetesDeploy) allow adding a timeout to the helm test commands (#4310)
* adding a timeout for helm test

* extending test cases

* Upadate the helmTestWaitSeconds parameter

* Add timeout parameter for helm test command

* Update tests

---------

Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
2023-04-24 18:58:24 +06:00
Ashly Mathew
01cfb07d15
feat(gradle): Support for more than one task/flags (#4329)
* feat(gradle) support task list

* Change parameter name to buildFlags to align with other piper steps'
2023-04-24 09:09:31 +02:00
Pavel Busko
5d8e89b08a
feat(cnbBuild): use SHA256 hashed values for redacted telemetry properties (#4328)
* feat(cnbBuild): use SHA256 hashed values for redacted telemetry properties

* update unit tests
2023-04-18 09:10:38 +02:00
Maurice Breit
4f4e667797
add ascAppUpload step (#4286)
* add ascAppUpload step

add step that uploads an app binary to Application Support Center (ASC)

* re-run go generate

* fix typo in CODEOWNERS

* Update CODEOWNERS
2023-04-18 08:56:32 +02:00
Jordi van Liempt
e3935ca088
feat(vault): Vault secret rotation for GH Actions (#4280)
* rotate Vault secret on GH Actions

* test alternative sodium package

* try doing it without libsodium

* disable validity check for testing purposes

* basic unit test

* re-enable secret validity check

* tidy

* tidy parameters

* forgot to update param names in code

* apply review feedback

* improve error logging

* update step metadata

* apply metadata suggestion from review

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* align githubToken param

* Fix secretStore

* Add alias for githubToken

* Move logic to separate file

---------

Co-authored-by: I557621 <jordi.van.liempt@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
2023-04-17 08:35:13 +02:00
Akramdzhon Azamov
f9617f5315
feat(blackduck): Npm extra parameters (#4327)
* added two new parameters for npm

---------

Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-04-13 12:10:26 +02:00
tiloKo
126fbbcc69
reduce Log Output (Info -> Debug) (#4322)
Co-authored-by: ffeldmann <f.feldmann@sap.com>
2023-04-06 08:31:22 +02:00
tiloKo
a2c0f89222
remove obscuring log output (#4320) 2023-04-05 15:39:56 +02:00
Christopher Fenner
bee1ffe4f1
feat(golangBuild): create test report json file (#4306)
* feat(golangBuild): create test report json file

* Update golangBuild_test.go

* Update golangBuild_test.go

* Update integration_golang_test.go

* Update integration_golang_test.go

* Update golangBuild.go

* rename test files

* rename
2023-04-05 15:07:54 +02:00
Daria Kuznetsova
47c5a16cc0
fix(codeqlExecuteStep): parsing git url with dots in repo name (#4318)
* change regexp to parse repo URL with dots in repo name
* added regex to cut off username and token from URL & added test cases
2023-04-04 21:16:15 +02:00
Marco Rosa
6b18448124
Add credentialdiggerScan step (#4141)
* Add credentialdiggerScan metadata

* Integrate new step into piper process

* Add credentialdiggerScan implementation and tests

* Remove duplicated code

* Add doc file for credentialdiggerScan step

* Regenerate metadata

* Fix return type in tests

* Add credentialdiggerScan to CommonStepsTest

* Fix typo

* Improve code style

* Add support for custom rules file in stash

* Regenerate metadata for credentialdiggerScan

---------

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2023-04-04 16:57:15 +02:00
larsbrueckner
489adaaf99
Blackduck toolrecord file: add Blackduck projectVersion name and href (#4303)
* Blackduck toolrecord file: add Blackduck projectVersion name and href

* fix codestyle

* fix build error
2023-04-04 14:17:13 +02:00
Daniel Mieg
549b32c675
Adapt to backend API changes (#4309)
* Remove legacy logging

* Implement new requests

* Improve Tests

* Adapt tests

* Refactor

* Fix tests
2023-03-31 15:26:38 +02:00
Anke Ravalitera
ba58d72022
Update texts of gCTS steps and scenario for SSL and queryP (#4282)
* Update texts of gCTS steps and scenario for SSL and queryP

* delete a trailing space
2023-03-29 12:31:27 +02:00
Andrei Kireev
ba761f0fc4
fix(detectExecuteScan): Fixed issue with duplication of parameters when specifying them in scanProperties (#4304)
* Fixed issue with duplication of parameters search.depth/search.continue/excluded.directories
2023-03-28 09:10:54 +02:00
Vyacheslav Starostin
d6e72995b0
githubPublishRelease: fix the link which points to changes between the last release and the new one (#4296) 2023-03-27 21:39:46 +06:00
gerstneralex
f5c33d51bb
Tms export (#4160)
* Change parameter type of nodeExtDescriptorMapping

(cherry picked from commit ca7ce0485a)

* Remove usage of the depricated ioutil package

(cherry picked from commit 9821915b33)

* Fix cmd failure if neither git/commitId nor customDescription are
provided

(cherry picked from commit c362681e45)

* Fix unit test

(cherry picked from commit 53a90aabb5)

* Step metadata, step code generation

* change type of nodeExtDescriptorMapping for export

* Refactoring and export implementation

* integration test

* Add export step

* Integration test

* format

* discard piper.go

* Review related changes

* restore piper.go

* remove unused method

* Extend documentation

* Add parameter useGoStep to tmsUpload.groovy

* Regenerate steps

* Rename function

* refactor constants

* Add error path tests

* Move some code to tms package

* Move more code to tms

* Combine tmsUpload, tmsUtils

* Add groovy wrapper

* add parameters to groovy step

* add import

* jenkinsUtils instance

* comment namedUser logic in groovy

* namedUser param

* remove logic for namedUser param

* Remove TMS integration tests

* discard changes in tmsUpload.groovy

* Remove parameters

* Restore parameters

* Change type of NodeExtDescriptorMapping to map[string]interface{}

* tmsUpload: Change type of NodeExtDescriptorMapping to map

* Resolve ioutil deprecation

* Review related changes

* Formatting

* Review related improvements

* Add tmsUtils test

* Formatting tmsUtils_test

* Remove parameters from groovy wrapper

* Remove tmsUtils_test

* Add TMS steps to fieldRelatedWhitelist

* Add integration test

* Add test to github_actions_integration_test_list.yml

* Move test helper method

* Step documentation placeholder

* Remove parameter StashContent

* Restore cmd/integrationArtifactTransport.go

---------

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
2023-03-27 16:55:29 +02:00
Oliver Feldmann
92a782a6c3
[Integration Suite] Store response in CPE (#4277)
* Store response body in CPE

* Also store response headers in CPE
2023-03-27 14:34:59 +00:00
Andrei Kireev
e55c2f857c
feat(detectExecuteScan) enabling possibility to scan MTA projects (#4300)
* feat(detectExecuteScan) enabling possibility to scan MTA projects
2023-03-27 10:42:39 +02:00
sumeet patil
d5d486ae3f
docs(codeqlExecuteScan): Improve codeqlExecuteScan githubToken docs (#4292) 2023-03-22 18:14:04 +05:30
Ashly Mathew
60f9d55bda
Add Step scope for mavenBuild (#4291) 2023-03-21 14:17:07 +01:00