xgoffin
fb9792ad71
feat(fortifyExecuteScan): optimization of the SARIF conversion code ( #3710 )
...
* feat(fortifyExecuteScan): query SSC once for batch audit data
* fix(fortifyExecuteScan): check audit data length in all cases
* feat(fortifyExecuteScan): in fpr_to_sarif, better detection of error cases, unit tests
* fix(log): comment useless error message
* fix(fortifyExecuteScan): clarify log message
* fix(fortifyExecuteScan): adapt unit tests
2022-04-07 13:11:52 +02:00
xgoffin
3c55d3c99c
feat(checkmarxExecuteScan): convert Checkmarx xml report to SARIF ( #3696 )
...
* feat(checkmarxExecuteScan): sarif conversion for Checkmarx XML reports
* feat(checkmarxExecuteScan): added taxonomies and similarityID
* fix(checkmarxExecuteScan): proper handling of ruleId and ruleIndex
* fix(sarif): mistype in checkmarx properties
* fix(checkmarxExecuteScan): fixed occasional panics when handling audit comment
* chore(sarif): proper variable naming
* chore(code): fix missing and unrecognized comments
* trigger PR
* fix(format): extra space
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-04-04 16:12:35 +02:00
xgoffin
dc91332e29
fix(fortifyExecuteScan): occasional panics when snippets are undefined or contain XML comments ( #3686 )
2022-03-31 12:13:17 +02:00
Sven Merk
f06890a9b2
SARIF format and GHIssue format improvements ( #3646 )
...
* Improve reporting
* Fix location
* Align casing
* Fix severity mapping
* Fix format
* Improve title
* Title format
* Fix severity
* Align title
* Fix schema reference
* Fix schema reference
* Fix fmt
* Fix fmt2
* Fix tests
* fix(sarif): proper handling of omitempty in SnippetSarif
* fix(fortifyExecuteScan): sarif format version
* Addressing comments
* Fix SARIF
* fix(sarif): omitempty handling
* fix(fortifyExecuteScan): pointer indirection
* Added TODOs for audit data
Co-authored-by: Xavier Goffin <x.goffin@sap.com>
Co-authored-by: xgoffin <86716549+xgoffin@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-03-22 14:47:19 +01:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation ( #3637 )
...
* Added SARIF and GH issue creation
2022-03-17 15:32:48 +01:00
xgoffin
3f6e4b9e3b
feat(fortifyExecuteScan): added parameter to generated sarif file ( #3644 )
...
* fix(sarif): change format to fit omitempty cases better
* feat(fortifyExecuteScan): include category in sarif file
* fix(fortifyExecuteScan): access to undefined pointer in some cases
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-03-17 13:09:15 +01:00
xgoffin
dfd2278639
feat(fortifyExecuteScan): full FPR to SARIF implementation ( #3604 )
...
* feat(FPRtoSARIF): boilerplate & comments
* Feat(Ingest): Build done, Vulnerabilities partway
* feat(Vulnerabilities): now entirely parsed
* feat(FprToSarif): integration in Piper step, full xml structure
* feat(fpr_to_sarif): base program. Need to replace names in messages
* feat(fpr_to_sarif): message substitution and custom definition integration
* fix(fpr_to_sarif): missing replacement in tools object
* fix(fpr_to_sarif): failing unit test
* Fix fortify folder creation for generating sarif
* deletion of unzip folder
* feat(fpr_to_sarif): better unit test
* fix(fpr_to_sarif): pr tests failing
* feat(fortifyExecuteScan): complete SARIF file generation
* fix(fpr_to_sarif): add extra check and test to prevent panics
* rebase onto master, fix ALL conflicts, adapt code and format
* fix missing added properties
* fix(SARIF): structure
* fix(whitesource): wrong sarif structures
* Update pkg/fortify/fpr_to_sarif.go
* Update pkg/format/sarif.go
* Update pkg/format/sarif.go
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-03-14 11:26:05 +01:00
Sven Merk
a1988f6808
feat(whitesourceExecuteScan): GitHub issue creation + SARIF ( #3535 )
...
* Add GH issue creation + SARIF
* Code cleanup
* Fix fmt, add debug
* Code enhancements
* Fix
* Added debug info
* Rework UA log scan
* Fix code
* read UA version
* Fix nil reference
* Extraction
* Credentials
* Issue creation
* Error handling
* Fix issue creation
* query escape
* Query escape 2
* Revert
* Test avoid update
* HTTP client
* Add support for custom TLS certs
* Fix code
* Fix code 2
* Fix code 3
* Disable cert check
* Fix auth
* Remove implicit trust
* Skip verification
* Fix
* Fix client
* Fix HTTP auth
* Fix trusted certs
* Trim version
* Code
* Add token
* Added token handling to client
* Fix token
* Cleanup
* Fix token
* Token rework
* Fix code
* Kick out oauth client
* Kick out oauth client
* Transport wrapping
* Token
* Simplification
* Refactor
* Variation
* Check
* Fix
* Debug
* Switch client
* Variation
* Debug
* Switch to cert check
* Add debug
* Parse self
* Cleanup
* Update resources/metadata/whitesourceExecuteScan.yaml
* Add debug
* Expose subjects
* Patch
* Debug
* Debug2
* Debug3
* Fix logging response body
* Cleanup
* Cleanup
* Fix request body logging
* Cleanup import
* Fix import cycle
* Cleanup
* Fix fmt
* Fix NopCloser reference
* Regenerate
* Reintroduce
* Fix test
* Fix tests
* Correction
* Fix error
* Code fix
* Fix tests
* Add tests
* Fix code climate issues
* Code climate
* Code climate again
* Code climate again
* Fix fmt
* Fix fmt 2
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-02-23 09:30:19 +01:00
Oliver Nocon
a4a0873081
feat(checkmarx): create GitHub issue with findings ( #3543 )
...
* feat(checkmarx): create GitHub issue with findings
* add github issue reporting
2022-02-17 15:16:55 +01:00
xgoffin
2cebf370c9
feat(fortifyExecuteScan): added conversion to SARIF for FPR files ( #3485 )
...
* feat(FPRtoSARIF): boilerplate & comments
* Feat(Ingest): Build done, Vulnerabilities partway
* feat(Vulnerabilities): now entirely parsed
* feat(Ingestion): handle Description object
* feat(FprToSarif): integration in Piper step, full xml structure
* feat(fpr_to_sarif): base program. Need to replace names in messages
* feat(fpr_to_sarif): message substitution and custom definition integration
* fix(fpr_to_sarif): missing replacement in tools object
* fix(fortifyExecuteScan): unit tests
* fix(fpr_to_sarif): failing unit test
* Fix fortify folder creation for generating sarif
* deletion of unzip folder
* fix(fortifyExecuteScan): change logging to info
* feat(fpr_to_sarif): better unit test
* fix(fpr_to_sarif): pr tests failing
* feat(fpr_to_sarif): add specific properties to sarif
* feat(fpr_to_sarif): severity integration
* fix(fpr_to_sarif): unit test fixed
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
2022-02-08 14:10:40 +01:00
Sven Merk
6520115950
Upload Fortify scan results to GitHub issue ( #3300 )
...
* fix(fortifyExecuteScan): Propagate translation errors
Force translation related errors to stop the execution of the step.
* Extend testcase
* Update fortifyExecuteScan.go
* Fix fmt and test
* Fix code
* feat(fortifyExecuteScan): Create GitHub issue
* Fix expectation
* Fix fmt
* Fix fmt add test
* Added tests
* Go fmt
* Add switch
* Rewrite githubCreateIssue
* Fix tests
* Added switch
* Issue only in case of violations
* Fix CPE reference
* Add debug message to issue creation/update
* Update fortifyExecuteScan.go
* Add credential for GH to groovy wrapper
* Update fortifyExecuteScan.go
2022-01-21 10:52:17 +01:00
sumeet patil
732845507d
Fortify JSON Report ( #3212 )
...
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-10-29 10:03:01 +02:00
Sven Merk
89124801c6
fortifyExecuteScan: Fix overall report status ( #3081 )
...
* fortifyExecuteScan: Fix overall report status
* Update reporting.go
2021-09-01 14:07:12 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization ( #2976 )
...
* Fix exclude and enhance docs
* Fix test
* Fix test
* Add reporting to checkmarx step
* Improve text
2021-07-09 10:19:42 +02:00
Sven Merk
a43f46465a
feat(fortifyExecuteScan): HTML report for Fortify ( #2879 )
...
* Tune test
* Fix report implementation
* Fix tests
* Fix values
* Fix code and test
* Report writing fix
* Commit generated sources
* Update cmd/fortifyExecuteScan.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Externalize report generation
* Fix fmt
* Fix fmt 2
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-06-15 14:53:42 +02:00
Sven Merk
bf428d1ef9
Fix project lookup query ( #2785 )
...
* Fix project lookup
* Added test for space
* Update pkg/fortify/fortify.go
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-04-28 13:59:59 +02:00
Sven Merk
d2eb2877e0
fortifyExecuteScan: Functional enhancements ( #2647 )
...
* Improvements
* Formatting
* Fix test
* Update resources/metadata/fortify.yaml
Enhance description
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Unify version handling with ws step
* Part 2
* go fmt
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-02-26 13:43:03 +01:00
Sven Merk
f149292374
[fix]fortifyExecuteScan: disable fulltextsearch ( #2527 )
...
* FF disable fulltextsearch
# Conflicts:
# pkg/fortify/fortify.go
# pkg/fortify/fortify_test.go
* Completely avoid interacting with fulltextsearch
* Remove also from version lookup
2021-01-21 16:20:46 +01:00
Sven Merk
205d59c1ed
Remove obsolete parameter ( #2515 )
...
* Remove obsolete parameter
* Update pkg/fortify/fortify_test.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Update fortify_test.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-01-15 13:55:13 +01:00
Oliver Nocon
a70933bbd4
fortifyExecuteScan: improve error categorization ( #2295 )
...
* fortifyExecuteScan: improve error categorization
* reset error category in success case
2020-11-11 13:04:45 +01:00
Sven Merk
9d737575aa
fortifyExecuteScan: Fix report download ( #2244 )
...
* Fix report download
* Update fortifyExecuteScan.go
* Update fortifyExecuteScan_test.go
* Update fortify.go
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-10-27 13:12:31 +01:00
Stephan Aßmus
5338ea1476
fortifyExecuteScan: Make URL parameters more robust ( #1900 )
2020-08-11 18:07:06 +02:00
Stephan Aßmus
a24a7aad23
Fortify: Using mvn to auto-resolve classpath needs additional params ( #1607 )
...
* also reduce code duplication in token fetching
* concatenate classpaths from multi-maven projects
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
2020-05-29 15:42:35 +02:00
Sven Merk
af2a01c064
Fortify implementation in golang ( #1428 )
2020-05-25 19:48:59 +02:00