* feat(fpr_to_sarif & GHAS): adjustments to fit some rules
* feat(fortifyExecuteScan): fit GH ingestion rules better
* feat(fortifyExecuteScan): readability in SARIF report
* feat(fortifyExecuteScan): restore escaped chars in XML text
* feat(fortifyExecuteScan): properly replace threadflowlocations in each threadflow
* fix(fortifyExecuteScan): fixed missing threadflow in SARIF generation
* feat(fortifyExecuteScan): properly handle threadflows when a node has another node as Reason (node-in-node edge case)
* feat(fortifyExecuteScan): better sarif ruleID field
Co-authored-by: thtri <trinhthanhhai@gmail.com>
* including a artifact cpe type
* removing type kind related to PR 3717
* clean up
* eliminating local path
* go formatting fix
Co-authored-by: anilkeshav27 <you@example.com>
* fix(fortifyExecuteScan): check audit data length in all cases
* fix(fortifyExecuteScan): check audit data length in all cases
* feat(SARIF): logging improvements in debug mode
* fix(logging): readability
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* Add small fix
* fix unit-tests
* Add deploymentName and packageVersion as flags
* small fix
* Change getting version of helm chart
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(gitopsUpdateDeployment) forcePush
fix(gitopsUpdateDeployment) include registry
The push operation in this step can be forced to bypass branch-protection
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
* add unit test
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(fortifyExecuteScan): query SSC once for batch audit data
* fix(fortifyExecuteScan): check audit data length in all cases
* feat(fortifyExecuteScan): in fpr_to_sarif, better detection of error cases, unit tests
* fix(log): comment useless error message
* fix(fortifyExecuteScan): clarify log message
* fix(fortifyExecuteScan): adapt unit tests
* Remove --backend-type
* Delete CTS in isChangeDevelopment and change Dockerimage of CM-Client
* fix groovy unit tests
* another fix of groovy unit tests
* try to fix import of fork for Jenkins-Testing
* add workflow to create Go Binary for Jenkins-Server
* Change RepoOwner to test in Fork
* remove previous changes
* adjust docker image for TransportRequestCreate and Release
* Remove CTS from Documentation
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* Add helm dependency command
* Change name of flag for package command
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Reorders getApiInformation, changes variables to get start time, adjusts and adds test cases
* Changes the way to get apiInformation and reduces number of requests
* Changes getting pipeline start time from correct env variable
* Refactors getApiInformation functionality
* Adds GetBuildReason() for Azure and Jenkins
* Updates JobURL for ADO
* Implemented bom creation
* Made small fixes. Added integration tests
* go generate
* minor fixes
* fix tests
* Added unit tests
* minor fixes
* use fileutils
* integration tests optimization
* change integraton tests timeout to 25m
* Fix Inclusive Language warnings
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add runHelmCommand
* Add dryRun for debug
* Add default case in helmExecute
* Fix unit-tests
* small fix
* Fix RunHelmAdd and change RunHelmPublish methods
* Fix RunHelmPublish
* Fix unit-tests
* Fix unit-test
* small fix
* small fix
* small fix
* Add LintFlag PackageFlag PublishFlag flags
* Add tests for httpClient.go
* test
* test
* smal fix
* small fix
* Add getting name and version from Chart.yaml
* Add test
* Fix
* small fix
* Fix according to comments
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Vitalii Sidorov <vitalii_sidorov@sap.com>
* fix(sarif): change format to fit omitempty cases better
* feat(fortifyExecuteScan): include category in sarif file
* fix(fortifyExecuteScan): access to undefined pointer in some cases
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* (fix) match regexes in sliceContains to support vaultSecretNames
* add test for regex matching in sliceContains
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add bearer token retrieval function
Retrieving a bearer token from the xsuaa service on BTP is always the
same. With these functions one can retrieve a bearer token and set it
to the given header as 'Authorization'.
* CodeClimate fixes
* Refactor test
* Add basic auth to token retrieve request
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* Activates debug information for environment variables
* Adds tests for environment variable reading
* Reduces batch size to send messages to Splunk to 5000
* including negative conditions
* clean up and todos
* removing debug logging
* clean up
* fix unit test name
* fixing unit tests
* negative stage test
Co-authored-by: anilkeshav27 <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
