* Add cds generated source code to Fortify scans.
This generated source code is needed to avoid false negatives when scanning code that uses the CAP framework.
* Also change documentation.
* Forgot comma.
* Run go generate.
* Change test.
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
* WIP: Adapt bom names
* + WIP: Adapt bom filenames
* Upgrade cyclonedx gradle plugin and use cyclonedxBom config parameters
* Fix unit tests - use correct name in bom creation
* Fix pythonBuild bom name
* introduce and use npmBomFilename const
* Introduce and use mvnBomFilename const
* Introduce and use gradleBomFilename const
* Use build-tool names for bom suffix
* + Adapt tests (build tool suffix)
* Use BOM schema version 1.2 in gradleExecuteBuild
* Pin version of cyclonedx-maven-plugin to 2.7.1
* Adapt generated files
* Fix integration tests
* Fix integration tests
* Fix gradle build integration tests
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* passing registry username and password
* enhance the case for creating docker config json with user credentials
* refactoring code
* unit test and maintaing user provided docker config json file
* go generate
* remove addtional file addition to unit test
Co-authored-by: anilkeshav27 <you@example.com>
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.
This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Sets git reference and gitRemoteCommitId.
Jenkins has 2 strategies - 'Merging the pull request with the current target branch revision' and 'The current pull request revision'. When 'Merging the pull request with the current target branch revision' is run, Jenkins creates a local merge commit and runs a job for that particular merge commitId. This commitId is then used for codeql to upload sarif, on upload it throws an error as the merge commit does not exist in github. To resolve this we have introduces a new variable 'gitRemoteCommitId' in commonPipelineEnvironment which gives the remote merge commit id.
* enable build without values
* add sap-client as option
* use function from /net/url to add parameters
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* including comma seperated strings as arguments
* fix unit test
* adding unit test
* fix unit test no param case
Co-authored-by: anilkeshav27 <you@example.com>
* Add ans implementation
* Remove todo comment
* Rename test function
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
* Better wording
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
* Add reading of response body function
* Use http pkg ReadResponseBody
* Check read error
* Better test case description
* Fix formatting
* Create own package for read response body
* Omit empty nested resource struct
* Separate Resource struct from Event struct
* Merge and unmarshall instead of only unmarshalling
* Improve status code error message
* Remove unchangeable event fields
* Separate event parts
* Change log level setter function
* Restructure ans send test
* Revert exporting readResponseBody function
Instead the code is duplicated in the xsuaa and ans package
* Add check correct ans setup request
* Add set options function for mocking
* Review fixes
* Correct function name
* Use strict unmarshalling
* Validate event
* Move functions
* Add documentation comments
* improve test
* Validate event
* Add logrus hook for ans
* Set defaults on new hook creation
* Fix log level on error
* Don't alter entry log level
* Set severity fatal on 'fatal error' log message
* Ensure that log entries don't affect each other
* Remove unnecessary correlationID
* Use file path instead of event template string
* Improve warning messages
* Add empty log message check
* Allow configuration from file and string
* Add sourceEventId to tags
* Change resourceType to Pipeline
* Use structured config approach
* Use new log level set function
* Check correct setup and return error
* Mock http requests
* Only send log level warning or higher
* Use new function name
* One-liner ifs
* Improve test name
* Fix tests
* Prevent double firing
* Reduce Fire test size
* Add error message to test
* Reduce newANSHook test size
* Further check error
* Rename to defaultEvent in hook struct
* Reduce ifs further
* Fix set error category test
The ansHook Fire test cannot run in parallel, as it would affect the
other tests that use the error category.
* Change function name to SetServiceKey
* Validate event
* Rename to eventTemplate in hook struct
* Move copy to event.go
* Fix function mix
* Remove unnecessary cleanup
* Remove parallel test
The translation fails now and again when parallel is on.
* Remove prefix test
* Remove unused copyEvent function
* Fix ifs
* Add docu comment
* Register ans hook from pkg
* register hook and setup event template seperately
* Exclusively read eventTemplate from environment
* setupEventTemplate tests
* adjust hook levels test
* sync tests- wlill still fail
* migrate TestANSHook_registerANSHook test
* fixes
* Add ans send event step
* Fix tests
* Add groovy wrapper
* Add groovy wrapper test
* Fix function names
* Reduce ifs
* Fix docu
* We always set the timestamp
* Validate event
* Test unknown field in json
* Make test list test
* Set all event fields as separate parameters
* Generate and fix code
* Review fixes
* Format test file
* Format go code
* Fix common steps tests
* Print event to console if verbose
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
Co-authored-by: Roland Stengel <r.stengel@sap.com>
* add Step azureBlobUpload
* add azure sdk and unit tests
* add Documentation
* fix Groovy Wrapper
* adopt the requested changes from awsS3Upload
* fix lint tests
* downgrade azure sdk to go 1.17
* multiple fixes e.g. use of temporary files for tests
* fix tests
* Update cmd/azureBlobUpload.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* requested changes
* use latest version of azure sdk after update to go 1.18
* change staticcheck from 1.1.0 to 1.2.0
* try to fix lint test by pre-compiling go 1.18
* fix caching for lint test
* improve error handling by dividing runner
* improve error handling and add validation
* multiple naming fixes
* add new test for unmarshalling JSON-Structs
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* fix JSON unmarshall test
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* fix uploadFunc
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* adding arguments
* splitting strings into args and checking position
* addtional check on adding arguments
* unit testing
* refactoring code
* unit test clean up
* add unit test for multiple params in multiple scripts
* unit test name
Co-authored-by: anilkeshav27 <you@example.com>
* Improvements were made
* fixed tests
* fixed issues
* fix versioning
* fix Inclusive Language warnings
* gradle support to fortifyExecuteScan. Classpath resolving
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* fix(helmExecute): respect version from Chart
using version from CPE can create failure situations in case format is not semver.
This is the case for maven artifacts, for example.
* chore: simplify condition
* chore: cleanup
* chore: cleanup
* explicitly adding tar extension to project name when constructing the targetFilePath for whitesource docker image download
* comments
* correcting comment for better readability
* replace spaces in the project name with underscroe
* better comments
* passing legacy format download
* appending format to value
* keeping the download format for protecode as legacy
* improving docu
* keeping legacy format the default
* keeping tar file name same as project name to avoid duplicate names
* keeping legacy format download hard coded
Co-authored-by: anilkeshav27 <you@example.com>
* create virtual env
* adding bin bash source
* using sources from bin bash
* trying with bash
* appending filename to source
* using standard pip install
* not using root user
* adding path for pip
* using virtual env
* using virtual env name in path
* removing virtual env
* adding file path manually
* using root
* not using root and postpone removing venv
* trying to use the python from venv
* test to remove the venve
* seeing which python
* using symlink for python
* unit test
* python docu stub
* fix unit test and yaml extra line
* fixing unit test
* unit test success case fix
* unit test fix
* unit test fixes
* unit test and default publish flag
* fix integration test
Co-authored-by: anilkeshav27 <you@example.com>
* Add small fix
* fix unit-tests
* Add deploymentName and packageVersion as flags
* small fix
* Change getting version of helm chart
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* add parameter for uploading multiple assets
* use assetPathList parameter
* add test case
* fix typo
* fix test case
* generage ghClient mock
* add test files
* make function testable
* add test case
* regenerate mock
* regenerate mocks
* feat(gitopsUpdateDeployment) forcePush
fix(gitopsUpdateDeployment) include registry
The push operation in this step can be forced to bypass branch-protection
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
* add unit test
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
