* Toolrecord framework -
provide a common entry point for post processing code scan results
Changes to be committed:
new file: pkg/toolrecord/REAMDE_toolrecord.md
new file: pkg/toolrecord/toolrecord_main.go
new file: pkg/toolrecord/toolrecord_test.go
* Add toolrecord file to Checkmarx results
modified: cmd/checkmarxExecuteScan.go
* Add toolrecord file to Fortify results
modified: cmd/fortifyExecuteScan.go
* Add toolrecord file to Whitesource results
modified: cmd/whitesourceExecuteScan.go
* unset umask (#2927)
* (feat) adds error logging output for downloading reports from whitesource (#2928)
* Add toolrecord file to Protecode results
* address code climate findings (1/2)
* address codeclimate findings (2/2)
* add comments to all methods
* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames
* add protecode group's URL to toolrecord data
* fix syntax error from previous commit in cmd/protecodeExecuteScan.go
* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go
* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL
* update description
* add toolrecord file to detectExecuteScan
* toolrecord/whitesource: add project names as context
Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* feat(protecodeExecuteScan): allow scanning a binary
so far the step only accepts a Docker image or a FetchURL
This adds functionality to also pass a FilePath
* Update protecodeExecuteScan.go
* Update protecodeExecuteScan.go
* Update protecodeExecuteScan.go
* Update protecodeExecuteScan.go
* Update protecodeExecuteScan.go
* Update protecodeExecuteScan.go
* Fix fmt
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sven Merk <s.merk@sap.com>
* add versioningModel parameter
* extract versioning model to own package
* move log message
* use versioning method
* add customScanVersion parameter
* use customScanVersion
* adjust docs on other steps
* update test case
* update data type of influx measurements
* Update checkmarx.yaml
* pick changes from #1885 for testing
* update generated code
* update to new datatype
* adjust to type changes
* change back to string type
* Update fortifyExecuteScan.go
* add typo to be backward compatible
* change type to int for files_scanned and lines_of_code_scanned
* add typo
* add measurements to whitesource
* update generated sources
* adjust test cases
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* fix redundant type issues
* cleanup
* extract report function for protecode package
* use speaking status constant for API results
* remove unconsidered return value
* correct switch statement
* handle severe vulnerabilities
* Apply suggestions from code review
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* correct test name
* return errors from WriteReport function
* expose ReportData struct
* set Error Category
* refactor constant visibility
* change type name
* describe type
* change type name
* fail after report generation
* do not fail on report write errors
* add error as return value
* fix typo
* use require statements
* assert major vulnerabilities
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* log more information about docker credentials
* remove println
* fix format issues
* Update protecodeExecuteScan.go
* correct weird space characters
* add test case for correctDockerConfigEnvVar
* use sonar go in groovy
* use SONAR_TOKEN
* only use owner/repo if both are set
* trim version to major version digit
* fix code climate issues
* remove Sonar defaults
* use sonar go step
* use SONAR_TOKEN
* use certs from parameters
* use docker workspace & options
* add instance parameter
* implement branchName
* implement branchName
* remove duplicate default
* update docs
* fix TODOs
* remove merge mess
* fix code climate issue
* address comments
* respect custom defaults and custom config file name
* fix typo
* remove obsolete test cases
* disable CommonStepChecks
* check step config instead of context config
* remove TODOs
* respect jenkins PR envvars
* use value from stepConfig
* Update vars/sonarExecuteScan.groovy
* rename options to config
* correct type for options
* add test cases
* log sonar.options in debug message
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Protecode as go implementation
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
