Adrien
d763a135bb
Full scan if last incremental scan failed ( #4207 )
...
Co-authored-by: thtri <thanh.hai.trinh@sap.com>
2023-01-30 11:36:08 +01:00
raman-susla-epam
d7cf8654f9
githubCreateIssue_fix ( #4151 )
...
* extend githubCreateIssue to handle long body
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2022-12-15 18:20:01 +03:00
Adrien
84ebea25b3
fix(checkmarxExecuteScan) rename sourceEncoding parameter to engineConfigurationID ( #4142 )
2022-12-03 11:13:32 +05:30
Adrien
ecbd8b3627
Fix project name string comparison ( #4129 )
2022-11-15 17:26:50 +01:00
Adrien
1552570fd0
fix(checkmarxExecuteScan): Fail with a clear error message if no projectName ( #4124 )
...
* Fail with a clear error message if no projectName
2022-11-15 10:51:23 +05:30
charly-lemee
885a5e73e3
fix: typo in checkmarx scan ( #4072 )
...
* fix: typo with checkmarx report
2022-11-03 13:18:17 +05:30
sumeet patil
ed4467282f
fix(fortify): Fortify spotcheck logic consistent with checkmarxs low ( #3955 )
...
* Improve logging
* Fortify spotcheck logic consistent with checkmarx
2022-08-11 11:44:16 +02:00
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests ( #3943 )
...
* chore: cleanup reporting & some incorrect file usage in tests
* cleanup interface
* chore: remove comment
* preserve error handling
* Rename FileUtils.go to fileUtils.go
* clean up formatting
* chore: address static check findings
* fix brittle test
* chore: cleanup formatting
2022-08-09 10:57:02 +02:00
thtri
2536a9f598
feat(checkmarxExecuteScan): Support threshold for Low finding per Query name ( #3938 )
...
* feat(checkmarx): Support threshold for Low finding per Query name
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-05 00:17:07 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues ( #3924 )
...
* feat: improve vulnerability reporting via GitHub issues
* feat: update reports
* chore: add tls cert links
* only write log on error
* chore: update formatting
* chore: update handling of direct dependencies
* chore: fix linting issue
* chore: minor updates
2022-08-02 08:26:26 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues ( #3878 )
...
* chore: fix linting issues
* add more fixes
* correct formatting
* Delete depl.yaml
2022-07-21 09:04:21 +02:00
xgoffin
903f273012
feat(checkmarxExecuteScan): added API to get description, incorporated to SARIF file ( #3814 )
2022-06-01 15:48:56 +02:00
Adrien
3d48364862
Fix project config reset when preset is set ( #3782 )
2022-05-18 17:10:00 +02:00
Adrien
9d56cda0f9
Add Checkmarx failure message to Piper error log ( #3716 )
2022-05-03 17:34:14 +02:00
xgoffin
3c55d3c99c
feat(checkmarxExecuteScan): convert Checkmarx xml report to SARIF ( #3696 )
...
* feat(checkmarxExecuteScan): sarif conversion for Checkmarx XML reports
* feat(checkmarxExecuteScan): added taxonomies and similarityID
* fix(checkmarxExecuteScan): proper handling of ruleId and ruleIndex
* fix(sarif): mistype in checkmarx properties
* fix(checkmarxExecuteScan): fixed occasional panics when handling audit comment
* chore(sarif): proper variable naming
* chore(code): fix missing and unrecognized comments
* trigger PR
* fix(format): extra space
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-04-04 16:12:35 +02:00
Christian Volk
26bf3808fe
chore(checkmarxExecuteScan): split and trim filterPattern ( #3661 )
2022-03-23 11:45:05 +01:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation ( #3637 )
...
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
Sven Merk
c1d2e6ad16
Add toggle for GH issue creation ( #3601 )
...
* Add toggle for GH issue creation
* Fix fmt
2022-03-02 15:46:56 +01:00
Adrien
a73951909b
checkmarxExecuteScan fixes ( #3540 )
...
* Fix FilterByTeamName and LoadExistingProject
* Fix project name loop
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-02-28 14:22:47 +01:00
thtrinh
d86cfce6e6
Checkmarx json report ( #3565 )
...
* feat(checkmarx) : Checkmarx JSON Report
* Test cases with some fix
* Information total and audited test assertions
* feat(checkmarx): align total/audited with existing calculation
* fix(checkmarx): Reporting unit test
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-25 14:20:36 +01:00
Oliver Nocon
a4a0873081
feat(checkmarx): create GitHub issue with findings ( #3543 )
...
* feat(checkmarx): create GitHub issue with findings
* add github issue reporting
2022-02-17 15:16:55 +01:00
Sven Merk
86e8125279
feat(checkmarxExecuteScan): Improve cx report ( #2991 )
...
* Improve checkmarx report
* Fix test and fmt
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-09-15 09:45:56 +02:00
Sven Merk
2997714a02
checkmarxExecuteScan: Improve error message on compliance issues ( #3083 )
...
* Update checkmarxExecuteScan.go
* Fix test
2021-09-07 13:10:11 +02:00
Sven Merk
1ddd966249
Enforce non-incremental scans when optimized and scheduled ( #3039 )
...
* Enfore non-incremental scans when optimized
* Update resources/metadata/checkmarx.yaml
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Update generated file
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-08-10 11:27:28 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization ( #2976 )
...
* Fix exclude and enhance docs
* Fix test
* Fix test
* Add reporting to checkmarx step
* Improve text
2021-07-09 10:19:42 +02:00
larsbrueckner
61fe88e199
Add "toolrecord" files to Fortify, Checkmarx, Protecode and Whitesource results ( #2929 )
...
* Toolrecord framework -
provide a common entry point for post processing code scan results
Changes to be committed:
new file: pkg/toolrecord/REAMDE_toolrecord.md
new file: pkg/toolrecord/toolrecord_main.go
new file: pkg/toolrecord/toolrecord_test.go
* Add toolrecord file to Checkmarx results
modified: cmd/checkmarxExecuteScan.go
* Add toolrecord file to Fortify results
modified: cmd/fortifyExecuteScan.go
* Add toolrecord file to Whitesource results
modified: cmd/whitesourceExecuteScan.go
* unset umask (#2927 )
* (feat) adds error logging output for downloading reports from whitesource (#2928 )
* Add toolrecord file to Protecode results
* address code climate findings (1/2)
* address codeclimate findings (2/2)
* add comments to all methods
Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-23 15:05:00 +02:00
Fabian Reh
44ca6db57c
Fix checkmarx execute scan ( #2765 )
...
* Remove error check on preset conversion
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
2021-04-19 10:15:07 +02:00
Fabian Reh
9f55c4360d
Fix checkmarx execute scan ( #2747 )
...
* Fixes infinite recursion
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Adds test for infinite recursion
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
2021-04-08 09:16:47 +02:00
Fabian Reh
bb62252600
Refactor(checkmarxExecuteScan): filterFileGlob ( #2490 )
...
* * Fixes filterFileGlob as it did not evaluate all patterns
* Adapts unit tests to cover all functionality
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* * Fixes comment
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* * Adds tests for error cases
* Adds mock utils to mock external calls for errors
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* * Adds test for os.Open
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Cleans code
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Makes test OS independent
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Makes TestFilterFileGlob run in parallel
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Marks all tests to run in parallel
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Add tests and error handling for string conversion and zip file
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Add tests and error handling for write file
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Add tests and error handling for write file
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Add tests and error handling for PathMatch
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Refactor zipFolder method to reduce complexity
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* simplify parameters
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Revert "simplify parameters"
This reverts commit 0bfc58280834c898c51218e4bb4b94fe0c7b3e86.
* Revert "Revert "simplify parameters""
This reverts commit 102633cf2d1b2c618f7330bd78ad24c2c7e741da.
* Extract getWorkspace to reduce parameters
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Adapts tests to new error handling of 0 files zip
Only logs error for 0 files zip if no other errors appeared
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* Extract method to reduce complexity
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* rename method
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* remove method needing many parameters
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* remove strconv api
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
* remove project variable as project is created in this method
Signed-off-by: Fabian Reh <fabian.reh@sap.com>
2021-04-08 07:05:37 +02:00
Sven Merk
8c6089cca9
checkmarxExecuteScan: Fix error message on empty ZIP ( #2709 )
...
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-04-07 09:56:19 +02:00
Sven Merk
d52a1a3619
Influx step execution reporting ( #2700 )
...
* Influx step execution reporting
* influx for newmanExecute added
Co-authored-by: lndrschlz <leander.schulz01@sap.com>
2021-03-18 10:32:03 +01:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements ( #2171 )
...
* update data type of influx measurements
* Update checkmarx.yaml
* pick changes from #1885 for testing
* update generated code
* update to new datatype
* adjust to type changes
* change back to string type
* Update fortifyExecuteScan.go
* add typo to be backward compatible
* change type to int for files_scanned and lines_of_code_scanned
* add typo
* add measurements to whitesource
* update generated sources
* adjust test cases
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 16:00:53 +01:00
Sven Merk
5d1782aa01
checkmarxExecuteScan: adapt to 9.2 api ( #2363 )
...
* Update checkmarxExecuteScan.go
* api mods
* Switch default
* Fix decode
* mod marshalling
* Fix unmarshalling
* Code fmt and small fix
* Optimize preset handling
* Integer handling
* Fix test
* cleanup
* go fmt
* Improve test
2020-11-25 13:47:26 +01:00
Sven Merk
3c7712f2ee
Retry capabilities for HTTP requests + enablement for Checkmarx step ( #2346 )
2020-11-11 13:35:53 +01:00
Christopher Fenner
b8d3a7d1a9
fix(influx): correct project_name field name ( #2195 )
...
* Update checkmarx.yaml
* regenerate
* adjust code
2020-10-19 13:09:17 +02:00
Oliver Nocon
0fb7ee5488
fix: Checkmarx project creation ( #2112 )
...
* fix : allow creation of Checkmarx projects
* checkmarx: fix project creation
* do not swallow error
* fix preset error handling
2020-10-05 08:16:18 +02:00
Oliver Nocon
9354697525
fix : allow creation of Checkmarx projects ( #2106 )
2020-10-01 17:08:07 +02:00
Oliver Nocon
15b3957137
checkmarxExecuteScan: update error handling ( #2084 )
...
* checkmarxExecuteScan: update error handling
* Update cmd/checkmarxExecuteScan.go
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* include PR feedback
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-09-29 09:23:31 +02:00
Christopher Fenner
6999380ee3
chore(go): simplify code using gofmt -s ( #2065 )
2020-09-24 08:58:53 +02:00
Christopher Fenner
b219fb6514
fix(typo): found by misspell ( #2064 )
...
* fix typos in step yamls
* fix typos in go files
* regenerate step code
* fix typos in md files
* fix typos in groovy files
* fix further typos
2020-09-24 07:41:06 +02:00
Oliver Nocon
c8b1ffd654
checkmarxExecuteScan: fix PR project identification ( #2055 )
2020-09-22 14:39:34 +02:00
Sven Merk
4ae46823b1
Fix PR feature ( #2048 )
...
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-09-22 12:36:22 +02:00
Sven Merk
612d3a645b
Support verify only mode for SAST tools ( #2018 )
...
* Support verify only mode for SAST
* Include feedback
* Add tests
* Fix imports
2020-09-18 08:19:34 +02:00
Sven Merk
51158d2457
checkmarxExecuteScan: Fix access to projects ( #1997 )
2020-09-10 11:14:58 +02:00
Stephan Aßmus
ec779a719b
Checkmarx: honor "preset" parameter also for existing projects ( #1893 )
2020-08-06 17:20:26 +02:00
lndrschlz
94dba13fef
fix(checkmarxExecuteScan): whitespace in filePatterns; log output; ( #1784 )
...
* removed whitespaces in filePatterns and add zip file count log
* safer string-replace for whitespaces
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2020-07-20 16:50:48 +02:00
Daniel Kurzynski
41c1653a06
Fix checkmarx ( #1655 )
2020-06-12 09:22:22 +02:00
Oliver Nocon
9c1bd04752
Streamline step generation ( #1142 )
...
* Streamline step generation
* Include PR feedback, update DEVELOPMENT.md
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2020-02-04 10:46:43 +01:00
Sven Merk
36423eb78d
Avoid potential collisions among steps ( #1141 )
...
* Avoid potential collisions amongst steps
* Improve code, move to JenkinsUtils
* Improve code
* Improve tests
* Fix test
* Add scope on golang side
2020-02-03 15:25:49 +01:00
Sven Merk
cbe368fe36
Checkmarx as golang ( #1075 )
...
* Added base functionality for checkmarx interaction
* Extend http client with file upload capabilities
* Latest changes
* Add debug logging
* Introduce Uploader interface
* Add tests for checkmarx client
* Hook new checkmarx command
* Improve coverage
* Add tests
* Improved test coverage and fixed code
* Add influx reporting
* Add alternation capabilities
* Add groovy step
* Try fix cmd
* Enhancements
* Fix report generation
* Final performance improvements
* Fix code
* Structure code, cleanup
* Improvements
* Fix codeclimate issue
* Update groovy
* Adapt latest changes to http
* Fix test
* Fix http tests
* Fix test
* Fix test
* Fix test 2
* Fix code
* Fix code 2
* Fix code
* Code
* Fix
* Fix
* Add report and link handling
* Fix returns, add groovy test
* Review comments
* Added doc template
* Docs update
* Remove SAP internals
* Better status display
* Add name to link
* Fix test
* Fix
* Fix verbose handling
* Fix verbose handling 2
* Fix verbose handling 3
* Fix
* Tiny improvements
* Regenerate
* Fix test
* Fix test code
* Fix verbosity issue
* Fix test
* Fix test
* Fix test
2020-01-27 23:40:53 +01:00