* feat(artifactPrepareVersion): Introduce build tool CAP
* feat(artifactPrepareVersion): Introduce build tool CAP
* Add CAPVersioningPreference to versioning.Options
* Include CAP to allowed build tool list
* Update go.mod
* Include CAP to allowed build tool list
* Delete CAP from additionalTargetTools
* Delete CAP from additionalTargetTools
* Fix test
* Update comment
* Update comment
* Add param description
* Add param description
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
* fix(cxone):new endpoint for project creation
---------
Co-authored-by: michael kubiaczyk <michael.kubiaczyk@checkmarx.com>
Co-authored-by: michaelkubiaczyk <48311127+michaelkubiaczyk@users.noreply.github.com>
* originHash
* analysis output
* first shot
* add cert logon to piper http client
* allow initial user/pw for certificate logon
* credentials -> parameters
* encode user cert in pem
* key as well
* fix unit tests after merge
* other aakaas steps
* 2nd conn in register packages
feat(detectExecuteScan): Also scan images that are in the cpe
Signed-off-by: Ralf Pannemans <ralf.pannemans@sap.com>
Signed-off-by: Johannes Dillmann <j.dillmann@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* remove vault interaction from unit tests
* go mod tidy
* update some dependency minor versions
* update github.com/getsentry/sentry-go
* fix vault dependency
* update google.golang.org/api and cloud.google.com/go/storage
* fix unit test
---------
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
* fix(deps): update module github.com/influxdata/influxdb-client-go/v2 to v2.13.0
* go mod tidy
* add new APIClient method to mock
* go mod tdiy
* go mod tidy again
* remove mocks
* update mockery and regenerate
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jliempt <>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Googlom <36107508+Googlom@users.noreply.github.com>
* update golang to 1.20
* update version in another places
* fix failing unit tests and lint
---------
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
* rename interface, types and methods.
some type changes and refactor
* update dependent methods and variables
* fix unit tests
* a bit more refactor and fix
* concurrent safe singleton
* return old Options struct
* refactor creating config provider and fix nil pointer derefernce
* fix unit test and linter errors
* introduce resetting config provider (for unit tests)
* fix annoying error message when config provider is not configured
---------
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>
* feat(configs): vaultCredentialEnvPrefix to support several prefixes
* minor refactoring
* docs
---------
Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>
* fix sidecar conditionals
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* Fix unit tests
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
* Consider parameter used in conditions of sidecars
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
---------
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
---------
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
* Add support for volume mounts
* Adatpt unit test to include VolumeMounts
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
* Only accept volumeMounts with the name volume
---------
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Anil Keshav <anil.keshav@sap.com>
* Allow cALM service keys
* Fix typo
Co-authored-by: Srinikitha Kondreddy <srinikitha.kondreddy@sap.com>
* fix typo
Co-authored-by: Srinikitha Kondreddy <srinikitha.kondreddy@sap.com>
* Hardcode tms endpoint in calm test case
* Add new serviceKey parameter
* Use new serviceKey parameter
With deprecation warning if old tmsServiceKey parameter is used
* Add unit tests and optimise
* Remove tms from service key log message
* Apply suggestions from code review
Co-authored-by: Artem Bannikov <62880541+artembannikov@users.noreply.github.com>
* Remove unused json fields mapping
* Apply review suggestion
* Apply further review suggestions
* Use new parameter name in groovy
* Generate again
* Fix groovy test
---------
Co-authored-by: Srinikitha Kondreddy <srinikitha.kondreddy@sap.com>
Co-authored-by: Artem Bannikov <62880541+artembannikov@users.noreply.github.com>
