* feat(FPRtoSARIF): boilerplate & comments
* Feat(Ingest): Build done, Vulnerabilities partway
* feat(Vulnerabilities): now entirely parsed
* feat(Ingestion): handle Description object
* feat(FprToSarif): integration in Piper step, full xml structure
* feat(fpr_to_sarif): base program. Need to replace names in messages
* feat(fpr_to_sarif): message substitution and custom definition integration
* fix(fpr_to_sarif): missing replacement in tools object
* fix(fortifyExecuteScan): unit tests
* fix(fpr_to_sarif): failing unit test
* Fix fortify folder creation for generating sarif
* deletion of unzip folder
* fix(fortifyExecuteScan): change logging to info
* feat(fpr_to_sarif): better unit test
* fix(fpr_to_sarif): pr tests failing
* feat(fpr_to_sarif): add specific properties to sarif
* feat(fpr_to_sarif): severity integration
* fix(fpr_to_sarif): unit test fixed
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
* [WIP] bindings support for cnbBuild step
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* add unit tests
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* switch to mapstruct for more meaningful errors
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* add integration test for bindings
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* Add documentation for cnbBuild.bindings
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* fixed unit tests
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* apply codeclimate suggestions
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* renamed field "secret" to "key"
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* Implemented validation for the option possibleValues
* Has been added the option mandatoryIf to config with validation
* Fixed issues found during code review
* improved golang template
* Fixed tests. Added validation for mandatoryIf option
* Fix typo
* Fixed tests
* Validation was refactored. Added options
* Added default value for parameters with possibleValues option
* Validation was moved after the configuration resolution
* Canceled some default values
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Implement cnbBuild step
Co-authored-by: Benjamin Haegenlaeuer <benjamin.haegenlaeuer@sap.com>
* Add cnbBuild groovy test
Co-authored-by: Benjamin Haegenlaeuer <benjamin.haegenlaeuer@sap.com>
* Add basic documentation template
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* Support specifiying name, tag and registry
Co-authored-by: Pavel Busko <pbusko@users.noreply.github.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Pavel Busko <pbusko@users.noreply.github.com>
* chore: release binaries for darwin and win
* fix(windows build): fix golang.org/x/sys
This is necessary doe to a dependency of github.com/hashicorp/vault to docker@v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible\pkg\system\filesys_windows.go
This creates a build error.
Further information can be found here:
https://github.com/golang/go/issues/34610
* Update .github/workflows/upload-go-master.yml
* update go.sum
* LogRange provide git log ref1..ref2
This we need for checking inside the commit range
for transportRequestIds and changeDocumentIDs in the
body of the commit message.
* Update go to 1.15 to reduce binary size
Go made improvements to reduce binary size, cf https://golang.org/doc/go1.15
> Go 1.15 reduces typical binary sizes by around 5% compared to Go 1.14 by eliminating certain types of GC metadata and more aggressively eliminating unused type metadata.
In my test, this equates to about 3 mb diff between Go 1.13 and Go 1.15:
-rwxr-xr-x 1 root root 36M Aug 31 14:43 piper-go-113
-rwxr-xr-x 1 root root 33M Aug 31 14:44 piper-go-115
* Go Generate
* go mod tidy
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Provide cloudFoundryDeploy step in GO layer.
Groovy part untouched. Groovy-Stub needs to be provided later (with a feature toggle in order to be able to switch back)
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Added Vault package
* added support for logical path lookups instead of api paths
* added integration tests
* add integration tests and mock tests
* Replace mock with mockery generated one
* update tests to use mockery
* create mocks sub package
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add error category parsing to cmd execution
It is now possible to define `ErrorCategoryMapping` as a `map[string][]string` on a `Command`.
The format contains the category as key which has a list of error patterns assigned.
Example:
```
cmd := Command{
ErrorCategoryMapping: map[string][]string
"build": {"build failed"},
"compliance": {"vulnerabilities found", "outdated components found"},
"test": {"some tests failed"},
},
}
```
Setting this map triggers console log parsing when executing a command.
If a match is found the error category is stored and
it will automatically be added to the `errorDetails.json`.
* clean up go.mod
* fix test
* fix test
* Update DEVELOPMENT.md
* fix tests
* address long console content without line breaks
* scan condition update
* fix test
* add missing comment for exported function
* Update pkg/command/command.go
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Add possibility to add category to failures
It is now possible to set the error category within the flow.
When exiting the program the error category can be used.
There is a convenience function available for exiting with a previously set category,
for example
```
log.SetErrorCategory(log.ErrorCompliance)
...
log.FatalError(err, "configuration error")
```
* extend test
* go mod tidy
* add missing comment
* update information about error categories
* Update DEVELOPMENT.md
