jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Code Issues Releases Activity
4,064 Commits 353 Branches 458 Tags 1.5 GiB
7ec512cb9f
Commit Graph

18 Commits

Author SHA1 Message Date
xgoffin
dfd2278639
feat(fortifyExecuteScan): full FPR to SARIF implementation (#3604) 
* feat(FPRtoSARIF): boilerplate & comments

* Feat(Ingest): Build done, Vulnerabilities partway

* feat(Vulnerabilities): now entirely parsed

* feat(FprToSarif): integration in Piper step, full xml structure

* feat(fpr_to_sarif): base program. Need to replace names in messages

* feat(fpr_to_sarif): message substitution and custom definition integration

* fix(fpr_to_sarif): missing replacement in tools object

* fix(fpr_to_sarif): failing unit test

* Fix fortify folder creation for generating sarif

* deletion of unzip folder

* feat(fpr_to_sarif): better unit test

* fix(fpr_to_sarif): pr tests failing

* feat(fortifyExecuteScan): complete SARIF file generation

* fix(fpr_to_sarif): add extra check and test to prevent panics

* rebase onto master, fix ALL conflicts, adapt code and format

* fix missing added properties

* fix(SARIF): structure

* fix(whitesource): wrong sarif structures

* Update pkg/fortify/fpr_to_sarif.go

* Update pkg/format/sarif.go

* Update pkg/format/sarif.go

Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2022-03-14 11:26:05 +01:00
Sven Merk
a1988f6808
feat(whitesourceExecuteScan): GitHub issue creation + SARIF (#3535) 
* Add GH issue creation + SARIF

* Code cleanup

* Fix fmt, add debug

* Code enhancements

* Fix

* Added debug info

* Rework UA log scan

* Fix code

* read UA version

* Fix nil reference

* Extraction

* Credentials

* Issue creation

* Error handling

* Fix issue creation

* query escape

* Query escape 2

* Revert

* Test avoid update

* HTTP client

* Add support for custom TLS certs

* Fix code

* Fix code 2

* Fix code 3

* Disable cert check

* Fix auth

* Remove implicit trust

* Skip verification

* Fix

* Fix client

* Fix HTTP auth

* Fix trusted certs

* Trim version

* Code

* Add token

* Added token handling to client

* Fix token

* Cleanup

* Fix token

* Token rework

* Fix code

* Kick out oauth client

* Kick out oauth client

* Transport wrapping

* Token

* Simplification

* Refactor

* Variation

* Check

* Fix

* Debug

* Switch client

* Variation

* Debug

* Switch to cert check

* Add debug

* Parse self

* Cleanup

* Update resources/metadata/whitesourceExecuteScan.yaml

* Add debug

* Expose subjects

* Patch

* Debug

* Debug2

* Debug3

* Fix logging response body

* Cleanup

* Cleanup

* Fix request body logging

* Cleanup import

* Fix import cycle

* Cleanup

* Fix fmt

* Fix NopCloser reference

* Regenerate

* Reintroduce

* Fix test

* Fix tests

* Correction

* Fix error

* Code fix

* Fix tests

* Add tests

* Fix code climate issues

* Code climate

* Code climate again

* Code climate again

* Fix fmt

* Fix fmt 2

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2022-02-23 09:30:19 +01:00
Oliver Nocon
a4a0873081
feat(checkmarx): create GitHub issue with findings (#3543) 
* feat(checkmarx): create GitHub issue with findings

* add github issue reporting
 2022-02-17 15:16:55 +01:00
xgoffin
2cebf370c9
feat(fortifyExecuteScan): added conversion to SARIF for FPR files (#3485) 
* feat(FPRtoSARIF): boilerplate & comments

* Feat(Ingest): Build done, Vulnerabilities partway

* feat(Vulnerabilities): now entirely parsed

* feat(Ingestion): handle Description object

* feat(FprToSarif): integration in Piper step, full xml structure

* feat(fpr_to_sarif): base program. Need to replace names in messages

* feat(fpr_to_sarif): message substitution and custom definition integration

* fix(fpr_to_sarif): missing replacement in tools object

* fix(fortifyExecuteScan): unit tests

* fix(fpr_to_sarif): failing unit test

* Fix fortify folder creation for generating sarif

* deletion of unzip folder

* fix(fortifyExecuteScan): change logging to info

* feat(fpr_to_sarif): better unit test

* fix(fpr_to_sarif): pr tests failing

* feat(fpr_to_sarif): add specific properties to sarif

* feat(fpr_to_sarif): severity integration

* fix(fpr_to_sarif): unit test fixed

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
 2022-02-08 14:10:40 +01:00
Sven Merk
6520115950
Upload Fortify scan results to GitHub issue (#3300) 
* fix(fortifyExecuteScan): Propagate translation errors

Force translation related errors to stop the execution of the step.

* Extend testcase

* Update fortifyExecuteScan.go

* Fix fmt and test

* Fix code

* feat(fortifyExecuteScan): Create GitHub issue

* Fix expectation

* Fix fmt

* Fix fmt add test

* Added tests

* Go fmt

* Add switch

* Rewrite githubCreateIssue

* Fix tests

* Added switch

* Issue only in case of violations

* Fix CPE reference

* Add  debug message to issue creation/update

* Update fortifyExecuteScan.go

* Add credential for GH to groovy wrapper

* Update fortifyExecuteScan.go
 2022-01-21 10:52:17 +01:00
sumeet patil
732845507d
Fortify JSON Report (#3212) 
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2021-10-29 10:03:01 +02:00
Sven Merk
89124801c6
fortifyExecuteScan: Fix overall report status (#3081) 
* fortifyExecuteScan: Fix overall report status

* Update reporting.go
 2021-09-01 14:07:12 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization (#2976) 
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text
 2021-07-09 10:19:42 +02:00
Sven Merk
a43f46465a
feat(fortifyExecuteScan): HTML report for Fortify (#2879) 
* Tune test

* Fix report implementation

* Fix tests

* Fix values

* Fix code and test

* Report writing fix

* Commit generated sources

* Update cmd/fortifyExecuteScan.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Externalize report generation

* Fix fmt

* Fix fmt 2

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
 2021-06-15 14:53:42 +02:00
Sven Merk
bf428d1ef9
Fix project lookup query (#2785) 
* Fix project lookup

* Added test for space

* Update pkg/fortify/fortify.go

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-04-28 13:59:59 +02:00
Sven Merk
d2eb2877e0
fortifyExecuteScan: Functional enhancements (#2647) 
* Improvements

* Formatting

* Fix test

* Update resources/metadata/fortify.yaml

Enhance description

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>

* Unify version handling with ws step

* Part 2

* go fmt

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-02-26 13:43:03 +01:00
Sven Merk
f149292374
[fix]fortifyExecuteScan: disable fulltextsearch (#2527) 
* FF disable fulltextsearch

# Conflicts:
#	pkg/fortify/fortify.go
#	pkg/fortify/fortify_test.go

* Completely avoid interacting with fulltextsearch

* Remove also from version lookup
 2021-01-21 16:20:46 +01:00
Sven Merk
205d59c1ed
Remove obsolete parameter (#2515) 
* Remove obsolete parameter

* Update pkg/fortify/fortify_test.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Update fortify_test.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
 2021-01-15 13:55:13 +01:00
Oliver Nocon
a70933bbd4
fortifyExecuteScan: improve error categorization (#2295) 
* fortifyExecuteScan: improve error categorization

* reset error category in success case
 2020-11-11 13:04:45 +01:00
Sven Merk
9d737575aa
fortifyExecuteScan: Fix report download (#2244) 
* Fix report download

* Update fortifyExecuteScan.go

* Update fortifyExecuteScan_test.go

* Update fortify.go

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2020-10-27 13:12:31 +01:00
Stephan Aßmus
5338ea1476
fortifyExecuteScan: Make URL parameters more robust (#1900) 2020-08-11 18:07:06 +02:00
Stephan Aßmus
a24a7aad23
Fortify: Using mvn to auto-resolve classpath needs additional params (#1607) 
* also reduce code duplication in token fetching
* concatenate classpaths from multi-maven projects

Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
 2020-05-29 15:42:35 +02:00
Sven Merk
af2a01c064
Fortify implementation in golang (#1428) 2020-05-25 19:48:59 +02:00