* add minscaninterval parameter
* update detectExec
* removed a single trailing space which caused a lint failure
* Add test case
* Ensure unmap is false
* fix test case
* update format of param value
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.
This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* enable detect 7 script
* unit test uses detect7 as default
* add detect6 test case
* add check for OSEnv detect version
* add test for OSEnv detect version
* update customEnvironmentVariables docu
* fix linting
Co-authored-by: ffeldmann <f.feldmann@sap.com>
* feat(detectExecuteScan): generate ip result json
json will currently only be created in success cases.
No information about policy violation details available in the step yet.
* update report name
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* move blackduck api package
* detectExecuteStep :: Adding error code mapping
* detectExecuteScan :: fixing generate/format check failure
* detectExecuteScan :: fixing typo in test
* detectExecuteStep :: Fixing unit tests and formating issue
* detectExecuteStep :: fixing test case -> TestExitCodeMapping
Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* add policy status reports
* add policy status and cumulus json
* update projectver link + test
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* add basic reporting
* write html and json reports
* fix syntax errors and tests
* sort values in report by vuln
* add more unit tests
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* feat(detectExecuteScan): generate ip result json
json will currently only be created in success cases.
No information about policy violation details available in the step yet.
* update report name
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Toolrecord framework -
provide a common entry point for post processing code scan results
Changes to be committed:
new file: pkg/toolrecord/REAMDE_toolrecord.md
new file: pkg/toolrecord/toolrecord_main.go
new file: pkg/toolrecord/toolrecord_test.go
* Add toolrecord file to Checkmarx results
modified: cmd/checkmarxExecuteScan.go
* Add toolrecord file to Fortify results
modified: cmd/fortifyExecuteScan.go
* Add toolrecord file to Whitesource results
modified: cmd/whitesourceExecuteScan.go
* unset umask (#2927)
* (feat) adds error logging output for downloading reports from whitesource (#2928)
* Add toolrecord file to Protecode results
* address code climate findings (1/2)
* address codeclimate findings (2/2)
* add comments to all methods
* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames
* add protecode group's URL to toolrecord data
* fix syntax error from previous commit in cmd/protecodeExecuteScan.go
* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go
* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL
* update description
* add toolrecord file to detectExecuteScan
* toolrecord/whitesource: add project names as context
Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* add versioningModel parameter
* extract versioning model to own package
* move log message
* use versioning method
* add customScanVersion parameter
* use customScanVersion
* adjust docs on other steps
* add customScanVersion parameter
* use customScanVersion
* adjust docs on other steps
* change log message
* update test case
* fix typo
* correct variable name
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* clean detect code version
* Changes for detect codelocation
* remove unmap from scanProperties
* fix/add unit tests for remove unmap
* handle spaces in scanProperties
* update default scanproperties to remove deprecations
* Set default scanonchange to true
* handle multiple unmap true params
* add custom env variables
* fix codeclimate issues
* Update resources/metadata/detect.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Update resources/metadata/detect.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* update generated files from yaml
* bug fix - revert code location changes
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* clean detect code version
* Changes for detect codelocation
* remove unmap from scanProperties
* fix/add unit tests for remove unmap
* handle spaces in scanProperties
* update default scanproperties to remove deprecations
* Set default scanonchange to true
* handle multiple unmap true params
* add custom env variables
* fix codeclimate issues
* Update resources/metadata/detect.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Update resources/metadata/detect.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* update generated files from yaml
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* clean detect code version
* Changes for detect codelocation
* remove unmap from scanProperties
* fix/add unit tests for remove unmap
* handle spaces in scanProperties
* update default scanproperties to remove deprecations
* Set default scanonchange to true
* handle multiple unmap true params
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* clean detect code version
* Changes for detect codelocation
* remove unmap from scanProperties
* fix/add unit tests for remove unmap
* handle spaces in scanProperties
* update default scanproperties to remove deprecations
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* clean detect code
* add the the scanOnChanges parameter to detect
* fix codeclimate issue
* updated detect.yaml
* bug fix for parameters with quoting spaces
* add additional test case
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* clean detect code
* add the the scanOnChanges parameter to detect
* fix codeclimate issue
* updated detect.yaml
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* revert to clean version
* add unmap parameter to detect
* Added Additional parameters for BlackDuck scan
* Added detect tools paramater
* fix detect.yaml to accept correct data type
* fix codeclimate issue in detect.yaml
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Should avoid issues with this file being owned by root (perhaps via running in docker container), preventing the workspace from being cleaned properly.
* align parameters for Detect
* include feedback
* update generation and formatting
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* [refactoring] move the shell/command related interfaces into pkg/command
otherwise we are not able to use the corresponding mocks for the items contained in pkg since
these interfaces are not visible from the pkg folder
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
