1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

4479 Commits

Author SHA1 Message Date
Oliver Nocon
924ff6552f
fix(abapAddonAssemblyKitCheckPV): report generation (#3949) 2022-08-09 18:02:57 +02:00
Anil Keshav
cc1bc02501
addig correct ws api call (#3948)
Co-authored-by: anilkeshav27 <you@example.com>
2022-08-09 17:29:23 +02:00
sumeet patil
bb85aa1d7a
fix(fortify): minor fixes (#3946)
* fix(fortify): minor fixes
2022-08-09 15:26:07 +02:00
Sven Merk
b3f37650a2
SBOM creation for Mend (#3934)
* Fix docs and format

* Assessment format added

* Added sample file

* Added parsing

* Added packageurl implementation

* Slight refinement

* Refactored assessment options

* Adapted sample file

* First attempt of ws sbom gen

* Reworked SBOM generation

* Fix test code

* Add assessment handling

* Update dependencies

* Added golden test

* Small fix

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests (#3943)
* chore: cleanup reporting & some incorrect file usage in tests

* cleanup interface

* chore: remove comment

* preserve error handling

* Rename FileUtils.go to fileUtils.go

* clean up formatting

* chore: address static check findings

* fix brittle test

* chore: cleanup formatting
2022-08-09 10:57:02 +02:00
Alexey Matvievsky
9f8064d733
url log permission hotfix (#3945) 2022-08-08 12:10:35 +04:00
Oliver Nocon
43bbea477c
fix(protecodeExecuteScan): correct regex pattern for replacing spaces (#3941) 2022-08-05 16:16:36 +02:00
Alexey Matvievsky
da8cda6dbe
feat: http report creation for build steps (#3888)
* URL logging feature for execution step provided
2022-08-05 15:08:19 +04:00
thtri
2536a9f598
feat(checkmarxExecuteScan): Support threshold for Low finding per Query name (#3938)
* feat(checkmarx): Support threshold for Low finding per Query name

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-05 00:17:07 +02:00
Mihai Herda
8061a5c0ab
Add cds generated code to Fortify scans by default. (#3940)
* Add cds generated source code to Fortify scans.

This generated source code is needed to avoid false negatives when scanning code that uses the CAP framework.

* Also change documentation.

* Forgot comma.

* Run go generate.

* Change test.

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-04 16:20:14 +02:00
Vinayak S
aa41641d41
feat(fortify): Added a check for fortify binary in $PATH (#3925)
* added check for fortifyupdate and sourceanalyzer bin

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-04 14:04:54 +02:00
Oliver Nocon
73f7d61743
fix: remove side-effects of #3875 (#3928)
with #3875 temp directory was created in current workspace.
This had negative side-effects: For example npm build packaged and published temporary files

Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2022-08-04 09:20:59 +02:00
Vyacheslav Starostin
a610e1df6a
Update dtzar/helm-kubectl image version for kuberntesDeploy (#3927) 2022-08-02 14:41:35 +06:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues (#3924)
* feat: improve vulnerability reporting via GitHub issues

* feat: update reports

* chore: add tls cert links

* only write log on error

* chore: update formatting

* chore: update handling of direct dependencies

* chore: fix linting issue

* chore: minor updates
2022-08-02 08:26:26 +02:00
sumeet patil
c8f069efb2
feat(fortifyExecuteScan): new spotcheck flags (#3923) 2022-08-01 23:06:05 +02:00
Ralf Pannemans
2f1f4b18ac
fix(cnbBuild): Create separate temp folder for each creator call (#3910)
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
2022-08-01 17:02:52 +02:00
R. Kloe
3cad6ac2cd
feat: allow uploading multiple boms (#3900)
* WIP: Adapt bom names

* + WIP: Adapt bom filenames

* Upgrade cyclonedx gradle plugin and use cyclonedxBom config parameters

* Fix unit tests - use correct name in bom creation

* Fix pythonBuild bom name

* introduce and use npmBomFilename const

* Introduce and use mvnBomFilename const

* Introduce and use gradleBomFilename const

* Use build-tool names for bom suffix

* + Adapt tests (build tool suffix)

* Use BOM schema version 1.2 in gradleExecuteBuild

* Pin version of cyclonedx-maven-plugin to 2.7.1

* Adapt generated files

* Fix integration tests

* Fix integration tests

* Fix gradle build integration tests

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-01 13:38:49 +02:00
Srinikitha Kondreddy
1103a99519
Add dist folder into build result (#3914) 2022-07-29 09:57:39 +02:00
Vyacheslav Starostin
79b07e625b
Add linting capability to step ``golangBuild`` (#3903)
* add golangci-lint functionality

* fix log typos

* fix golangci-lint install dir

* log golangci-lint output report

* specify golangci-lint version, as recommended

* log spelling consistency

* clean code

* refactor golangci-lint runner

* fail build if linter found issues

* fix bug where exit status can't be derived from nil error

* refactor runGolangciLint

* refactor retrieveGolangciLint

* uncomment golang tests

* Use FileWrite method from utils

* Add tests

* Fix test

* fix typo

* alter runLinter param name, improve docs

* undo commenting RunTests...

* alter runLinter name in generated and tests too

* fix variable name (thanks code climate)

* Add usage of ‘go install’ instead of ‘curl’

* Fix tests

* Add usage of functionality of http pkg

* Update tests

* Update tests

* Add usage of piperhttp pkg && update tests

* Add DownloadFile method

* Update tests

Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2022-07-27 11:22:35 +06:00
Vyacheslav Starostin
1f242ea139
feat(helmExecute): update value files with dynamic values (#3861)
* Add getAndRenderImageInfo func

* Add unit tests

* Add comments

* Improve value files handling

* Rename getAndRenderImageInfo to parseAndRenderCPETemplate

* Clean up

* Update logic to parse and render templates

* Update tests

* Test: use t.TempDir for creating temporary dir

* Use ParseTemplate method from piperenv pkg

* Fix err message

* Fix test
2022-07-25 14:14:30 +06:00
Jesse Awan
274c11d28f
Add transport request to GPP (#3862)
* Add TransportRequestUploadCTS step to Release

* typo comma

* test transportRequest git ID

* Update piperPipelineStageInit.groovy

* add echo

* aggressive echo

* Update piperPipelineStageInit.groovy

* remove echo + add unitTests

* fix typos and documentation syntax

* test documentation syntax

* test documentation syntax

* Switch to shell

* Documentation changes

* Add review changes

* Remove echo

* Refactor test cases

Co-authored-by: Kondreddy <srinikitha.kondreddy@sap.com>
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Roland Stengel <r.stengel@sap.com>
2022-07-22 15:15:53 +02:00
Pavel Busko
5fb43a9ead
cnbBuild: update buildpack versions for integration tests (#3907)
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
2022-07-21 15:41:37 +02:00
Oliver Feldmann
d4c8e8d3be
Update configuration.md (#3893) 2022-07-21 15:02:50 +02:00
Christian Schneider
13744c5114
Cleanup of SBOM generation parameters (#3896)
* Cleanup of SBOM generation parameters

Adding `false` does not what is intended. If the parameters are added to the call, license texts and dev dependencies are included

* Fixed unit test
2022-07-21 14:43:09 +02:00
Pavel Busko
feb5cd0f9d
fix(cnbBuild): use a single test case to lookup buildpacks by ID (#3906)
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
2022-07-21 13:16:47 +02:00
thtri
ef3e720464
Classify Fortify & Checkmarx findings into audit group / Common properties (#3904)
* fix(fortify): suppressed issues got "Unknown" category and state

* fix (fortify-sarif): classify findings into audit group

* fix(fortify-checkmarx-sarif): common properties bag for Fortify and Checkmarx (accepting the risk of empty value)

* fix (checkmarx-sarif): classify findings into audit group

* fix (sarif): formatting
2022-07-21 11:15:55 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues (#3878)
* chore: fix linting issues

* add more fixes

* correct formatting

* Delete depl.yaml
2022-07-21 09:04:21 +02:00
sumeet patil
818be9d428
feat(codeql): new codeql db parameter (#3902) 2022-07-20 10:07:57 +02:00
thtri
604764998f
fix(fortify): suppressed issues got "Unknown" category and state (#3899) 2022-07-19 17:20:22 +02:00
Daniel Mieg
39a5ca04b1
Fix typo (#3901) 2022-07-19 16:04:15 +02:00
Oliver Nocon
890c437c3f
fix(whitesourceExecuteScan): failOnSevereVulnerabilities (#3894)
* fix(whitesourceExecuteScan): failOnSevereVulnerabilities

failOnSevereVulnerabilities has not been considered properly for security vulnerabilities.

* chore: remove comment

* chore: update formatting
2022-07-18 14:36:29 +02:00
sumeet patil
bc974ffdd2
Fix documentation for SARIF (#3895) 2022-07-18 12:19:04 +02:00
Anil Keshav
72896fab70
fix (kanikoExecute) enhance existing docker config json with additional credential params : user, password and registry Url (#3892)
* passing registry username and password

* enhance the case for creating docker config json with user credentials

* refactoring code

* unit test and maintaing user provided docker config json file

* go generate

* remove addtional file addition to unit test

Co-authored-by: anilkeshav27 <you@example.com>
2022-07-15 08:40:33 +02:00
Oliver Nocon
53f4ce96ae
feat(cpe): provide go templating functions (#3872)
* feat(cpe): provide go templating functions

* change type

* fix: type in test

* chore: add comment for exported function

* fix: ensure that custom returns string properly

* fix types and add tests

Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2022-07-14 16:20:11 +02:00
Raghunath Deshpande
5cc1b8f418
whitesourceExecuteScan: configuration change: ignoreSourceFiles to fileSystemScan (#3446)
* Update scanPolling.go

Changing maxWaitTime from 15 to 30 to overcome WhiteSource results reflection in the backend issue.

* Update configHelper.go

* Reset configHelper changes to fix PR 3284

 Committer: raghunathd8

* ignoreSourceFiles to fileSystemScan

* Added ignoreSourceFiles param also

* minor adjustment

* minor adjustment again

* updated unit test

* tests fixed

* fmt-ed

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: raghunathd8 <root@docker-evaluation.openstack.eu-nl-1.cloud.sap>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: ffeldmann <f.feldmann@sap.com>
2022-07-13 14:32:53 +02:00
Anil Keshav
81e7423ea6
Revert "publishing master binary once after all builds (#3885)" (#3890)
This reverts commit c3b4925f0b.
2022-07-12 16:22:18 +02:00
Eng Zer Jun
0f4e30e9db
test: use T.TempDir to create temporary test directory (#3721)
This commit replaces `ioutil.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.

Prior to this commit, temporary directory created using `ioutil.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
	defer func() {
		if err := os.RemoveAll(dir); err != nil {
			t.Fatal(err)
		}
	}
is also tedious, but `t.TempDir` handles this for us nicely.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-07-12 15:19:12 +02:00
Oliver Nocon
b7c0831b7f
feat: allow OSVM scans to succeed with vulnerabilities (#3889)
For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.

This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
sumeet patil
9c4446ae0a
feat(codeql) merge commit git reference (#3877)
Sets git reference and gitRemoteCommitId.
Jenkins has 2 strategies - 'Merging the pull request with the current target branch revision' and 'The current pull request revision'. When 'Merging the pull request with the current target branch revision' is run, Jenkins creates a local merge commit and runs a job for that particular merge commitId. This commitId is then used for codeql to upload sarif, on upload it throws an error as the merge commit does not exist in github. To resolve this we have introduces a new variable 'gitRemoteCommitId' in commonPipelineEnvironment which gives the remote merge commit id.
2022-07-12 10:25:17 +02:00
Anil Keshav
4c4f8e3e97
feat (githubPublishRelease) creating release with assestPathList (#3887)
* creating release with assestPathList

* adding condition for version should be latest

Co-authored-by: anilkeshav27 <you@example.com>
2022-07-11 12:08:31 +02:00
Anil Keshav
c3b4925f0b
publishing master binary once after all builds (#3885)
Co-authored-by: anilkeshav27 <you@example.com>
2022-07-11 11:30:38 +02:00
Giridhar Shenoy
e6115a54b2
detectExecuteScan : Bug fix : Dont consider ignored components (#3867)
* fix project version limiting issue

* add tests for detectExecute

* fix bug with vuln count

* adjust unit tests

* update documentation for detect versions
2022-07-11 10:50:31 +02:00
Daniel Bernd
c4868f566f
ATC System Configuration - new Attributes (#3880)
* Update abapEnvironmentPushATCSystemConfig.go

* Update abapEnvironmentPushATCSystemConfig.go

ATC Configuration - new fields

* Update abapEnvironmentPushATCSystemConfig_test.go

Unit Test - new attributes

* Update abapEnvironmentPushATCSystemConfig_test.go

Unit Tests 2

* Update abapEnvironmentPushATCSystemConfig_test.go

Unit Test 2

* Update abapEnvironmentPushATCSystemConfig_test.go

Unittest 3

Co-authored-by: Daniel Bernd <93763187+danManSAP@users.noreply.github.com>
2022-07-11 09:41:39 +02:00
Pavel Busko
70d8331904 docs(cnbBuild): use correct address for the buildpacks in the example
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
2022-07-08 09:14:28 +02:00
Anil Keshav
47c63d2cc1
feat (commonPipelineEnvironment) enhance the cpe map to read git head commit id (#3865)
* reading the git head commit id in cpe map

Co-authored-by: anilkeshav27 <anil.keshav@sap.com>
Co-authored-by: Ashly Mathew <ashly.mathew@sap.com>
2022-07-07 16:27:32 +02:00
Mayur Belur Mohan
5931415d9c
ApiProviderList Command (#3879)
* ApiProviderList Command

* Metadata Fix

* Metadata Fix

* CodeReview Fixes

* Documentation Fixes

* unit test fix

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
2022-07-07 15:48:59 +03:00
rosemarieB
000e3ab4a9
Add abap source client to generic build step (#3834)
* enable build without values

* add sap-client as option

* use function from /net/url to add parameters

Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
2022-07-07 08:44:51 +02:00
Oliver Nocon
dbc459d6ea
chore: cleanup linting issues in abap steps (#3876)
* chore: cleanup linting issues in abap steps

* update

* do not break on errors during testing

* Fix warning

Co-authored-by: Daniel Mieg <daniel.mieg@sap.com>
2022-07-06 14:29:04 +02:00
Anil Keshav
8187bf2ec5
fix (shellExecute) including comma seperated strings as arguments (#3846)
* including comma seperated strings as arguments

* fix unit test

* adding unit test

* fix unit test no param case

Co-authored-by: anilkeshav27 <you@example.com>
2022-07-06 08:41:44 +02:00
raman-susla-epam
6bc96faba9
Update vault.go (#3875) 2022-07-05 16:20:53 +02:00