* enhancing protecode with registry credentials
* Use protecodeUtils instead of separate package
* Add target path for docker config to be created
* Fix tests
* Fix build flags
---------
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
---------
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
---------
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
* Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files.
* Added unit build tag to all unit test files.
* added to new unit test unit build tag
* Update verify-go.yml
* small fix
---------
Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* adding a timeout for helm test
* extending test cases
* Upadate the helmTestWaitSeconds parameter
* Add timeout parameter for helm test command
* Update tests
---------
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
* add ascAppUpload step
add step that uploads an app binary to Application Support Center (ASC)
* re-run go generate
* fix typo in CODEOWNERS
* Update CODEOWNERS
* it test
* transfer credentials
* Change parameter type of nodeExtDescriptorMapping
* Extend test
* Fix unit test
* Remove usage of the depricated ioutil package
* Fix cmd failure if neither git/commitId nor customDescription are
provided
* Extend test
* Add TMS test to the job matrix
* Map env. variable
* Remove usage of the env. TMS_UPLOAD_IT_KEY
* remove os
* update test
* use os.Gerenv
* test fix
* Update integration-tests.yml
* env mapping in it pr workflow
* print tmsServiceKey
* read env with upper case
* Update integration-tests.yml
* Update integration-tests.yml
* Update integration-tests-pr.yml
* Delete cover.out
* Remove TMS service key from environment in integration test workflow job
* Extend integration tests
* Revert change parameter type of nodeExtDescriptorMapping
* Extend tests
* Extend tests
* Remove unused method
* Change default TR description
* Add check for custom description
* Remove personal data from MTARs
* Register client secret to log as secret
* Move RegisterSecret to earlier point in runtime
* RegisterSecret for encodedUsernameColonPassword
* Update integration/integration_tms_upload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Use one test data directory
* Add a negative test
* fix config file name
---------
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Adding new query configuration parameter for gCTS Piper steps
* Add skipSSLVerification parameter to gCTSExecuteQualityChecks
* Add skipSSLVerification to gCTSDeploy
* Add SkipSSLVerification for pull by commit
* Add SkipSSLVerification to rollback
* Add SkipSSLVerification parameter to rollback
* Handling maximum number of charachter for the queryParameter
* Remove extra new lines in yaml files
* Add new line yaml files
* Increase docker image version
* Add --wait
* Test
* Adapt to new cf cli
* Parse both for cf cli v8 and v7
* Remove input
* Adapt to feedback
* Check for nil error
* fix(Fortify):simplify plain text .sarif and gzip the complete result
* fix(Fortify):no longer add snippet text to .sarif to reduce file size (still keep end/start lines)
* fix: formatting
* fixes change in protecode for cvss from float to string
* Fixes protecode json files with new string format for cvss
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
* Fix logic for engineConfigurationID
Use the project-level value if no value is defined in the piper config.
Remove the default value of 1 for engineConfigurationID.
* Add the OS agnostic way of installing golangci-lint
* Fix
* Clean up
* Modify unit tests
* Rename downloaded archive
* Refactor
* Expose golangci-lint url as a parameter
* Clean up
* Rename parameter
* Update mock
* Fix golangci-lint version
* Improved Error Handling
* correct error
* error format derective
* missing +
* correct format
* correct format 2
* format 3
* format
* combining - if err
* format
* format
* format
* format
* format
* format
* corr. lint
* format
* format
Co-authored-by: Daniel Bernd <93763187+danManSAP@users.noreply.github.com>
* refactor: rebranding
rebranding from SAP Cloud Platform to SAP BTP
* refactor: rebranding from SCP to BTP
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* improved failOnSeverity Handling & Messaging
* variable correct
* Unit Test adapt
* more Unit Tests
* remove space
* function rename
* Unit Test
* stack trace like Error Output using errors.Errorf
* remove space
* remove fmt import as not used
* remove error-wrapping directive %w
* formatting directives %v for errors.Errorf
Co-authored-by: Daniel Bernd <93763187+danManSAP@users.noreply.github.com>
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* correct type cast for tomarkdown and title
* commenting kaniko create multi bom test case
* removing mocked file
Co-authored-by: anilkeshav27 <you@example.com>
* escape value in json
* delete old code
* replace complete parsing by json.Marshal
* delete old code and add header
Co-authored-by: rosemarieB <45030247+rosemarieB@users.noreply.github.com>
* Add new default
* Revert "Add new default"
This reverts commit c9c3ae2e80.
* Change config to have default
* Revert "Change config to have default"
This reverts commit e65517457f.
* Add method
* Add space to match
* Add cf native test
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* protecodeExecuteScan -> Added authentication with user API key
* protecodeExecuteScan -> updating .yml file
* protecodeExecuteScan -> go generate fixed
* protecodeExecuteScan -> naming convention applied for UserAPIKey parameter
* protecodeExecuteScan -> extending groovy code for mapping jenkins credentials
Co-authored-by: D072410 <giridhar.shenoy@sap.com>
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* add minscaninterval parameter
* update detectExec
* removed a single trailing space which caused a lint failure
* Add test case
* Ensure unmap is false
* fix test case
* update format of param value
* Replace '+' to '_' in appVersion
* Add test
* Fix test
* Update test name
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
Co-authored-by: Anil Keshav <anil.keshav@sap.com>
* Initially generated tmsUpload<...> files
* First provisioning of parameters supported by tmsUpload step
* Refer to Go step from tmsUpload.groovy
* Initial client implementation
* Reverting line delimiters in tmsUpoad.groovy back to Unix ones
* Temporarily remove when-condition for Release stage
* Define useGoStep parameter in tmsUpload.groovy
* Unstash buildResult if useGoStep is true
* No unstashing and empty credentials, when using go step
* Register TmsUploadCommand in piper.go
* Cleanup groovy-related changes - they will be temporarily implemented in a different repo
* Make getting OAuth token success
* Look through the code and cleanup it a bit
* Read service key from Jenkins credentials store
* Provide initial set of unit tests for methods in /pkg/tms/tms.go file
* Minor improvements on logging response on http call error
* Check, if positive HTTP status code is as expected
* Cleanup tms.yaml file, provide additional unit test for tms.go
* Provide unit test for the case, when request body contains spaces
* Specify nodeExtDescriptorMapping parameter as of type map in tms.yaml
* Implement client method for getting nodes
* Write tests for GetNodes method
* Add GetMtaExtDescriptor client method and cover it with unit tests
* Provide first implementation for Update- and UploadMtaExtDescriptor
client methods
* Provide first implementation for Update- and UploadMtaExtDescriptor
client methods
* Provide UploadFile and UploadFileToNode client methods
* Provide tests for Update- and UploadMtaExtDescriptor client methods
* Write tests for FileUpload and FileUploadToNode client methods
* Minor corrections
* Remove some TODO comments
* Rename some of response structures
* Revert change for line delimiters in cmd/piper.go
* Add uploadType string parameter to UploadFile and UploadRequest methods
of uploader mock to reflect the changed Uploader implementation
* Start to implement execution logic in tmsUpload.go
* Changes in tms.yaml file
- remove resources from inputs in tms.yaml and implement mtaPath
parameter settings in the yaml file the same way, as it is done in
cloudFoundryDeploy.yaml
- rename tms.yaml to tmsUpload.yaml, since some generation policy
changed meanwhile
* Rename tms.yaml to tmsUpload.yaml and do go generate
* Use provided proxy on communication with UAA and TMS
* Set proxy even before getting OAuth token
* Further implementation of tmsUpload.go
* Continuation on implementing the tmsUpload.go executor
* Get mtarFilePath and git commitId from commonPipelineEnvironment, if
they are missing in configuration file + minor changes
* Implement a happy path test for tmsUpload logic
* Cover with unit tests main happy and error paths of tmsUpload.go logic
* Extend set of unit tests for tmsUpload.go
* Eliminate some TODOs, extend unit tests for tmsUpload.go
* Delete some TODOs
* Remove a couple of more TODOs from tms_test.go file
* Provide additional unit test for error due unexpected positive http
status code on upload
* Revert back line delimiters in cmd/piper.go
* Comment out file uploading calls in tmsUpload.go
* Run go generate to update generated files
* Convert line delimiters in tmsUpload.yaml to Unix ones, as well as
provide new line character in the end of the file, plus minor fix for
logging in tmsUpload.go file (pipeline complained)
* Correct description of a parameter in tmsUpload.yaml, extend unit tests
to check for trimming a slash in the end of TMS url for client methods
that do upload
* [minor] Add a comment in the test code
* Add stashContent parameter to do unstashing in tmsUpload.groovy, remove
some of the clarified TODOs
* Uncomment uploading file calls in tmsUpload.go, declare buildResult
stash in tmsUpload.yaml
* Remove clarified TODOs from the tmsUpload.go file
* Run go fmt for jenkins-library/pkg/tms
* Do not get explicitly values from common pipeline environment - all
configurations are provided in yaml file
* Remove unused struct from tmsUpload_test.go
* Run go fmt jenkins-library\pkg\tms
* Revise descriptions of parameters provided in tmsUpload.yaml file
* Specify STAGES scope for tmsUpload parameters
* Provide STAGES scope for the tmsUpload parameters, provide default value
for stashContent parameter
* Remove trailing space from tmsUpload.yaml
* Provide unit tests for proxy-related changes in http.go file
* Improve proxy implementation in tmsUpload.go file
* Make tmsServiceKey again a mandatory parameter
* Run go generate command to make the generated files correspond the yaml
state
* Change line delimiters back to Unix ones (were switched while resolving
the conflicts)
* Remove trailing spaces from tmsUpload.yaml
* Minor change in a comment to trigger pipelines with commit
* Improve checks for zero-structs and for empty maps, as well as use
different package to read files in the tests
* Revert line endings in http.go
* Revert comments formatting changes in files that do not belong to the tmsUpload step
* only remove mtar when its an file extension not other
* keep .mtar if added as a part of mta id
* not adding an addional mtar
* keeping the mtaId intact if the condition
* respecting mta artifact name
* removing condition
* trim only when suffix
* chaging the suffix
* handle case when mtar is natively suffixed
Co-authored-by: anilkeshav27 <you@example.com>
Co-authored-by: Ashly Mathew <ashly.mathew@sap.com>
