* feat(FPRtoSARIF): boilerplate & comments
* Feat(Ingest): Build done, Vulnerabilities partway
* feat(Vulnerabilities): now entirely parsed
* feat(Ingestion): handle Description object
* feat(FprToSarif): integration in Piper step, full xml structure
* feat(fpr_to_sarif): base program. Need to replace names in messages
* feat(fpr_to_sarif): message substitution and custom definition integration
* fix(fpr_to_sarif): missing replacement in tools object
* fix(fortifyExecuteScan): unit tests
* fix(fpr_to_sarif): failing unit test
* Fix fortify folder creation for generating sarif
* deletion of unzip folder
* fix(fortifyExecuteScan): change logging to info
* feat(fpr_to_sarif): better unit test
* fix(fpr_to_sarif): pr tests failing
* feat(fpr_to_sarif): add specific properties to sarif
* feat(fpr_to_sarif): severity integration
* fix(fpr_to_sarif): unit test fixed
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
* Update gctsExecuteABAPUnitTests.yaml
* Update gctsExecuteABAPUnitTests.go
* Update gctsExecuteABAPUnitTests.go
* Update gctsExecuteABAPUnitTests.yaml
* Add commit parameter
* Update gctsExecuteABAPUnitTests.yaml
* Update gctsExecuteABAPUnitTests.go
* Update gctsExecuteABAPUnitTests.go
* Update gctsExecuteABAPUnitTests.yaml
* Update gctsExecuteABAPUnitTests.go
* Change the commit parameter in Yaml file
* Adding scope paramter to gCTSExecuteABAPUnitTest
* Adding logs
* Adapting checkstyle for success case
* write ATC file
* add log
* time duration
* add log
* Improve log
* Improve unit test
* severity error
* Fix the xml file for Unit Tests
* Editing UnitTest Results for better parsing
* Change file name
* Add folder
* Add path to file
* Add src
* Add src and object type
* Add filename
* Add path
* Handling success cases
* complete refactoring
* fix for file path
* filname lower case
* Add log entry
* Delete ATC Results
* Change ATC name
* Functiongroups
* When ATC errors Pipeline fails
* Reading a file into chuncks
* escape string
* Fix for a bug
* Unesscape URL
* Change from fatal error to error
* When unit test fails pipeline fails too
* Severity errors
* Severity for Unit Test
* Fix for successful unit test
* Code review
* Telemetry was missing
* yaml file
* generate yaml file
* add logs
* fix location
* do not close body
* checkstyle severity
* checkstyle
* checkstyle2
* atc method
* line calculation
* global file
* method
* line
* fix
* add logs
* add log
* add logg
* unit test error
* Code checked and finalized
* change commit paramter to optional
* Add logs for current local and remote commit
* Add logs for object type and name
* parse ATC checks error
* add log of http response
* add log
* remove end of function findline
* log cleaning
* log extra cleaning
* cleaning log for unit test
* more cleaning
* double cleanser for your code
* more cleaning
* docu checks
* file name fix for function group
* handle programs-reports
* fix a bug
* fix regex
* fix regex for test class
* fix regexos
* fix dots
* fix a error message in unit tests
* calculate dynamically file extension
* add log for path
* add method name
* add method name-
* fix repo scope
* include table type
* Change paramter commitId to commit only
* change log output
* give more detailed examples
* Table Name in get file name
* change logs
* improve log entries
* improve log entries again
* final improvements
* Delete UnitTestResults
* Review
* Change text and comments
* fix a type in commit paramter
* change repository method name
* Fix typos in yaml file
* Remove empty lines in yaml file
* Remove blank lines in the end
* Add new line
* go generate
* Remove tabs
Co-authored-by: Martin Bredy <58846699+martin-bredy@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Implemented validation for the option possibleValues
* Has been added the option mandatoryIf to config with validation
* Fixed issues found during code review
* improved golang template
* Fixed tests. Added validation for mandatoryIf option
* Fix typo
* Fixed tests
* Validation was refactored. Added options
* Added default value for parameters with possibleValues option
* Validation was moved after the configuration resolution
* Canceled some default values
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* chore: release binaries for darwin and win
* fix(windows build): fix golang.org/x/sys
This is necessary doe to a dependency of github.com/hashicorp/vault to docker@v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible\pkg\system\filesys_windows.go
This creates a build error.
Further information can be found here:
https://github.com/golang/go/issues/34610
* Update .github/workflows/upload-go-master.yml
* update go.sum
Provide cloudFoundryDeploy step in GO layer.
Groovy part untouched. Groovy-Stub needs to be provided later (with a feature toggle in order to be able to switch back)
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Added Vault package
* added support for logical path lookups instead of api paths
* added integration tests
* add integration tests and mock tests
* Replace mock with mockery generated one
* update tests to use mockery
* create mocks sub package
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add error category parsing to cmd execution
It is now possible to define `ErrorCategoryMapping` as a `map[string][]string` on a `Command`.
The format contains the category as key which has a list of error patterns assigned.
Example:
```
cmd := Command{
ErrorCategoryMapping: map[string][]string
"build": {"build failed"},
"compliance": {"vulnerabilities found", "outdated components found"},
"test": {"some tests failed"},
},
}
```
Setting this map triggers console log parsing when executing a command.
If a match is found the error category is stored and
it will automatically be added to the `errorDetails.json`.
* clean up go.mod
* fix test
* fix test
* Update DEVELOPMENT.md
* fix tests
* address long console content without line breaks
* scan condition update
* fix test
* add missing comment for exported function
* Update pkg/command/command.go
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Add possibility to add category to failures
It is now possible to set the error category within the flow.
When exiting the program the error category can be used.
There is a convenience function available for exiting with a previously set category,
for example
```
log.SetErrorCategory(log.ErrorCompliance)
...
log.FatalError(err, "configuration error")
```
* extend test
* go mod tidy
* add missing comment
* update information about error categories
* Update DEVELOPMENT.md
