1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

53 Commits

Author SHA1 Message Date
Akramdzhon Azamov
f9617f5315
feat(blackduck): Npm extra parameters (#4327)
* added two new parameters for npm

---------

Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-04-13 12:10:26 +02:00
larsbrueckner
489adaaf99
Blackduck toolrecord file: add Blackduck projectVersion name and href (#4303)
* Blackduck toolrecord file: add Blackduck projectVersion name and href

* fix codestyle

* fix build error
2023-04-04 14:17:13 +02:00
Andrei Kireev
ba761f0fc4
fix(detectExecuteScan): Fixed issue with duplication of parameters when specifying them in scanProperties (#4304)
* Fixed issue with duplication of parameters search.depth/search.continue/excluded.directories
2023-03-28 09:10:54 +02:00
Andrei Kireev
e55c2f857c
feat(detectExecuteScan) enabling possibility to scan MTA projects (#4300)
* feat(detectExecuteScan) enabling possibility to scan MTA projects
2023-03-27 10:42:39 +02:00
Andrei Kireev
22f61be2c4
Removed downloading of detect script version 6 (#4261)
Co-authored-by: ffeldmann <f.feldmann@sap.com>
2023-03-07 14:43:14 +01:00
Akramdzhon Azamov
f4fbf0f1ed
feat(detectExecuteScan) execution of rapid scans (#4211)
Co-authored-by: akram8008 <900658008.akram@email.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
Co-authored-by: ffeldmann <f.feldmann@sap.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-03-02 11:04:21 +01:00
Andrei Kireev
121d527c0b
fix(detectExecuteScan): Fix issues with the sarif file (#4100)
* fix(detectExecuteScan): Fix issues with the sarif file

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-12-01 14:17:53 +05:30
Sven Merk
e8ba1b043d
Fix(detectExecuteScan): rework struct methods to meet interface requirements (#4048)
* Fixed struct methods to meet interface requirements

* Fix test and ruleID

* Small adjustments

* Readability of code

* Added testcases

* Code rework

* Fix fmt

* Mod

* Fix taxonomy

* Fix ruleIndex

* Fix taxonomies

* Fix format

* Remove name

* Fix Fortify and Checkmarx SARIF

* Fix fmt, address comments

* Addressing comments

* Fix fmt
2022-10-10 10:06:20 +02:00
Giridhar Shenoy
d31c0584ff
detectExecuteScan : Add minScanInterval parameter through Piper (#4006)
* add minscaninterval parameter

* update detectExec

* removed a single trailing space which caused a lint failure

* Add test case

* Ensure unmap is false

* fix test case

* update format of param value
2022-09-26 14:08:12 +02:00
Sven Merk
c81e741224
Refinement of SARIF generation for BD and WS (#3942)
* Fix docs and format

* Assessment format added

* Added sample file

* Added parsing

* Added packageurl implementation

* Slight refinement

* Refactored assessment options

* Adapted sample file

* First attempt of ws sbom gen

* Reworked SBOM generation

* Fix test code

* Add assessment handling

* Update dependencies

* Added golden test

* Small fix

* feat(fortify): Added a check for fortify binary in $PATH (#3925)

* added check for fortifyupdate and sourceanalyzer bin

Co-authored-by: sumeet patil <sumeet.patil@sap.com>

* Modify SARIF

* Enhanced SARID contents

* Small refinement for hub detect

* Small adjustments

* Extend SARIF contents

* Consistency to Mend part

* Fix tests

* Fix merge

* Fix test

* Add debug log, enhance output

* Enhance meta info

* Fix libType for node

* Fix log entry

* Fix pointers and test

* Fix test

* Fix library types

* Fix test

* Extend libType mappings

Co-authored-by: Vinayak S <vinayaks439@gmail.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-11 13:12:14 +02:00
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests (#3943)
* chore: cleanup reporting & some incorrect file usage in tests

* cleanup interface

* chore: remove comment

* preserve error handling

* Rename FileUtils.go to fileUtils.go

* clean up formatting

* chore: address static check findings

* fix brittle test

* chore: cleanup formatting
2022-08-09 10:57:02 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues (#3924)
* feat: improve vulnerability reporting via GitHub issues

* feat: update reports

* chore: add tls cert links

* only write log on error

* chore: update formatting

* chore: update handling of direct dependencies

* chore: fix linting issue

* chore: minor updates
2022-08-02 08:26:26 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues (#3878)
* chore: fix linting issues

* add more fixes

* correct formatting

* Delete depl.yaml
2022-07-21 09:04:21 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities (#3889)
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.

This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
Giridhar Shenoy
e6115a54b2
detectExecuteScan : Bug fix : Dont consider ignored components (#3867)
* fix project version limiting issue

* add tests for detectExecute

* fix bug with vuln count

* adjust unit tests

* update documentation for detect versions
2022-07-11 10:50:31 +02:00
Christian Volk
22f6aa156f
feat(docker): use crane for pulling docker images (#3652) 2022-03-23 10:02:00 +01:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637)
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
Giridhar Shenoy
286ff1b6ef
detectExecuteScan : support for detect 7 (#3453)
* enable detect 7 script

* unit test uses detect7 as default

* add detect6 test case

* add check for OSEnv detect version

* add test for OSEnv detect version

* update customEnvironmentVariables docu

* fix linting

Co-authored-by: ffeldmann <f.feldmann@sap.com>
2022-02-08 11:55:01 +01:00
ffeldmann
831c5b0061
Ignore violations if failOn is NONE (#3513) 2022-02-07 15:29:32 +01:00
Giridhar Shenoy
3cce9d9dd6
Bug Fix : Detect doesnt map the error category in case of License violations (#3118)
* fail step for license violation

* add toolrecord creation

* toolrecord generation in all cases

* handle exitcode 0 error mapping

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-09-21 22:36:12 +02:00
Giridhar Shenoy
db805f22d5
detectExecuteScan: Fail step when License policy violations are found (#3106)
* fail step for license violation

* add toolrecord creation

* toolrecord generation in all cases
2021-09-20 11:28:16 +02:00
larsbrueckner
45cb97c8d9
pkg/toolrecord: log json marshalling errors; fix issues in whitesource and blackduck (#3049)
* pkg/toolrecord: log json marshalling errors

* toolrecord package: add internal check to ensure that generated files
are not empty

* cmd/whitesourceExecuteScan.go : rework createToolRecordWhitesource to
include all scanned projects

* pkg/toolrecord: new helper function to override default display values

* cmd/whitesourceExecuteScan: improve toolrecord file

* cmd/detectExecuteScan.go fix toolrecord file creation #3

* pkg/toolrecord: log json marshalling errors

* toolrecord package: add internal check to ensure that generated files
are not empty

* cmd/whitesourceExecuteScan.go : rework createToolRecordWhitesource to
include all scanned projects

* pkg/toolrecord: new helper function to override default display values

* cmd/whitesourceExecuteScan: improve toolrecord file

* fix merge conflict
2021-09-09 10:50:33 +02:00
Umidjon Urunov
e7fbd1c112
detectExecuteStep :: Adding error code mapping (#3069)
* feat(detectExecuteScan): generate ip result json

json will currently only be created in success cases.

No information about policy violation details available in the step yet.

* update report name

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* move blackduck api package

* detectExecuteStep :: Adding error code mapping

* detectExecuteScan :: fixing generate/format check failure

* detectExecuteScan :: fixing typo in test

* detectExecuteStep :: Fixing unit tests and formating issue

* detectExecuteStep :: fixing test case -> TestExitCodeMapping

Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
2021-09-07 17:52:55 +02:00
Giridhar Shenoy
b92e7f699c
detectExecuteScan : Policy reports in HTML, JSON and for cumulus (#3057)
* add policy status reports

* add policy status and cumulus json

* update projectver link + test

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-09-07 17:17:03 +02:00
Giridhar Shenoy
045c72cd3e
detect : Create html and json report upon scan completion (#3042)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* add basic reporting

* write html and json reports

* fix syntax errors and tests

* sort values in report by vuln

* add more unit tests

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-08-12 15:58:33 +02:00
Oliver Nocon
cf39f37d9a
feat(detectExecuteScan): generate ip result json (#2945)
* feat(detectExecuteScan): generate ip result json

json will currently only be created in success cases.

No information about policy violation details available in the step yet.

* update report name

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
2021-07-23 09:36:16 +02:00
larsbrueckner
dbbbe1f0b3
Updates to toolrecord framework (#2986)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames

* add protecode group's URL to toolrecord data

* fix syntax error from previous commit in cmd/protecodeExecuteScan.go

* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go

* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL

* update description

* add toolrecord file to detectExecuteScan

* toolrecord/whitesource: add project names as context

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-07-23 08:48:48 +02:00
Christopher Fenner
3a14a91ae5
refactor(versioning): simplify versioning model method (#2825)
* rename artifactVersion to version

* simplify versioningModel
2021-05-14 09:35:31 +02:00
Christopher Fenner
804e66d4cd
feat(detect): add customScanVersion to detect scan (#2790)
* add versioningModel parameter

* extract versioning model to own package

* move log message

* use versioning method

* add customScanVersion parameter

* use customScanVersion

* adjust docs on other steps

* add customScanVersion parameter

* use customScanVersion

* adjust docs on other steps

* change log message

* update test case

* fix typo

* correct variable name
2021-05-05 10:24:05 +02:00
Giridhar Shenoy
eec0ebb235
fix(detect): bug fix for codelocation not picking the right location (#2745)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

* Set default scanonchange to true

* handle multiple unmap true params

* add custom env variables

* fix codeclimate issues

* Update resources/metadata/detect.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Update resources/metadata/detect.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* update generated files from yaml

* bug fix - revert code location changes

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-04-08 11:04:49 +02:00
Giridhar Shenoy
97b3a23336
HotFix detectExecuteScan: Use environment variables to get supported version of detect (#2738)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

* Set default scanonchange to true

* handle multiple unmap true params

* add custom env variables

* fix codeclimate issues

* Update resources/metadata/detect.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Update resources/metadata/detect.yaml

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* update generated files from yaml

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-04-01 11:24:25 +02:00
Giridhar Shenoy
6805654cdb
detectExecuteScan : Default to scanOnChanges to true, reduce load on the server (#2733)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

* Set default scanonchange to true

* handle multiple unmap true params

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-31 10:53:49 +02:00
Giridhar Shenoy
03f46ef90c
DetectExecuteScan : Codelocations autodetermined by detect script (#2704)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-26 13:06:13 +01:00
Oliver Nocon
d47a17c8fc
feat(whitesource): consolidated reporting and versioning alignment (#2571)
* update reporting and add todo comments

* enhance reporting, allow directory creation for reports

* properly pass reports

* update templating and increase verbosity of errors

* add todo

* add detail table

* update sorting

* add test and improve error message

* fix error message in test

* extend tests

* enhance tests

* enhance versioning behavior accoring to #1846

* create markdown overview report

* small fix

* fix small issue

* make sure that report directory exists

* align reporting directory with default directory from UA

* add missing comments

* add policy check incl. tests

* enhance logging and tests

* update versioning to allow custom version usage properly

* fix report paths and golang image

* update styling of md

* update test
2021-02-10 16:18:00 +01:00
Giridhar Shenoy
2b56e8594e
fix(detect): Scanonchanges : bug fix for escaping spaces in parameters (#2561)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code

* add the the scanOnChanges parameter to detect

* fix codeclimate issue

* updated detect.yaml

* bug fix for parameters with quoting spaces

* add additional test case

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-02-02 15:43:12 +01:00
Giridhar Shenoy
d3f31acc9f
feat(detect): Scanonchanges : Parameter to reduce scan running time and load on BlackDuck server (#2538)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code

* add the the scanOnChanges parameter to detect

* fix codeclimate issue

* updated detect.yaml

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-01-29 10:17:02 +01:00
Giridhar Shenoy
205bbc1bed
fix(detect): scan paths to better handle signature scan and dependency scan paths (#2508)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* revert to clean version

* add unmap parameter to detect

* Added Additional parameters for BlackDuck scan

* Added detect tools paramater

* fix detect.yaml to accept correct data type

* fix codeclimate issue in detect.yaml

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-01-21 14:57:00 +01:00
Daniel Kurzynski
9a18489cc4
Refactor maven utils and add tests for install artifacts (#2318)
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-11-10 17:14:55 +01:00
Daniel Kurzynski
7946265e21
Install maven artifacts before running Detect (#2292) 2020-11-03 11:08:23 +01:00
Stephan Aßmus
2f83ba56da
Make sure detect.sh is removed after use (#2238)
Should avoid issues with this file being owned by root (perhaps via running in docker container), preventing the workspace from being cleaned properly.
2020-10-27 14:29:22 +01:00
Christopher Fenner
f07f7a34b8
chore(detect): add error category for config issues (#2130) 2020-10-06 14:22:35 +02:00
Christopher Fenner
6aa3e514e1
chore(detect): add error category for policy violations (#2125)
* chore(detect): add error category for policy violations

* Update detectExecuteScan.go

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-10-06 11:55:05 +02:00
Oliver Nocon
b506235398
detect: add parameter aliases (#2099)
* align parameters for Detect

* include feedback

* update generation and formatting

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
2020-10-01 13:34:51 +02:00
Daniel Kurzynski
8ee0d358b9
Support maven params in detect scan (#1855)
Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-07-30 10:35:46 +02:00
Giridhar Shenoy
0fc131adec
detectExecuteScan : Changes to include user group and handle build fails (#1775)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-07-28 10:48:19 +02:00
Oliver Nocon
d8553ab53d
detectExecuteScan: update versioning (#1845)
* detectExecuteScan: update versioning

align with Fortify to also use the same versioning model by default.

* fix CodeClimate findings
2020-07-27 12:01:59 +02:00
Marcus Holl
4f2ba73314
[refactoring] move the shell/command related interfaces into pkg/command (#1737)
* [refactoring] move the shell/command related interfaces into pkg/command

otherwise we are not able to use the corresponding mocks for the items contained in pkg since
these interfaces are not visible from the pkg folder

Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
2020-07-01 11:28:16 +02:00
Oliver Nocon
f92771003c
detectExecuteScan - switch off phone home (#1582) 2020-05-25 09:44:42 +02:00
Stephan Aßmus
082b249cc0
Fix logrus buffer issue (#1511) 2020-05-06 13:35:40 +02:00
Daniel Kurzynski
974327d16e
Use mavenExecute from go (#1388)
Also establish mavenExecute() via new JenkinsMavenExecuteRule in Groovy Unit Tests.

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2020-04-24 10:41:49 +02:00