jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Code Issues Releases Activity
4,457 Commits 353 Branches 458 Tags 1.5 GiB
eecddf689c
Commit Graph

50 Commits

Author SHA1 Message Date
Adrien
d763a135bb
Full scan if last incremental scan failed (#4207) 
Co-authored-by: thtri <thanh.hai.trinh@sap.com>
 2023-01-30 11:36:08 +01:00
raman-susla-epam
d7cf8654f9
githubCreateIssue_fix (#4151) 
* extend githubCreateIssue to handle long body

Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
 2022-12-15 18:20:01 +03:00
Adrien
84ebea25b3
fix(checkmarxExecuteScan) rename sourceEncoding parameter to engineConfigurationID (#4142) 2022-12-03 11:13:32 +05:30
Adrien
ecbd8b3627
Fix project name string comparison (#4129) 2022-11-15 17:26:50 +01:00
Adrien
1552570fd0
fix(checkmarxExecuteScan): Fail with a clear error message if no projectName (#4124) 
* Fail with a clear error message if no projectName
 2022-11-15 10:51:23 +05:30
charly-lemee
885a5e73e3
fix: typo in checkmarx scan (#4072) 
* fix: typo with checkmarx report
 2022-11-03 13:18:17 +05:30
sumeet patil
ed4467282f
fix(fortify): Fortify spotcheck logic consistent with checkmarxs low (#3955) 
* Improve logging

* Fortify spotcheck logic consistent with checkmarx
 2022-08-11 11:44:16 +02:00
Oliver Nocon
a46f796bcd
chore: cleanup reporting & some incorrect file usage in tests (#3943) 
* chore: cleanup reporting & some incorrect file usage in tests

* cleanup interface

* chore: remove comment

* preserve error handling

* Rename FileUtils.go to fileUtils.go

* clean up formatting

* chore: address static check findings

* fix brittle test

* chore: cleanup formatting
 2022-08-09 10:57:02 +02:00
thtri
2536a9f598
feat(checkmarxExecuteScan): Support threshold for Low finding per Query name (#3938) 
* feat(checkmarx): Support threshold for Low finding per Query name

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
 2022-08-05 00:17:07 +02:00
Oliver Nocon
d640d72dc6
feat: improve vulnerability reporting via GitHub issues (#3924) 
* feat: improve vulnerability reporting via GitHub issues

* feat: update reports

* chore: add tls cert links

* only write log on error

* chore: update formatting

* chore: update handling of direct dependencies

* chore: fix linting issue

* chore: minor updates
 2022-08-02 08:26:26 +02:00
Oliver Nocon
f6a6448631
chore: fix linting issues (#3878) 
* chore: fix linting issues

* add more fixes

* correct formatting

* Delete depl.yaml
 2022-07-21 09:04:21 +02:00
xgoffin
903f273012
feat(checkmarxExecuteScan): added API to get description, incorporated to SARIF file (#3814) 2022-06-01 15:48:56 +02:00
Adrien
3d48364862
Fix project config reset when preset is set (#3782) 2022-05-18 17:10:00 +02:00
Adrien
9d56cda0f9
Add Checkmarx failure message to Piper error log (#3716) 2022-05-03 17:34:14 +02:00
xgoffin
3c55d3c99c
feat(checkmarxExecuteScan): convert Checkmarx xml report to SARIF (#3696) 
* feat(checkmarxExecuteScan): sarif conversion for Checkmarx XML reports

* feat(checkmarxExecuteScan): added taxonomies and similarityID

* fix(checkmarxExecuteScan): proper handling of ruleId and ruleIndex

* fix(sarif): mistype in checkmarx properties

* fix(checkmarxExecuteScan): fixed occasional panics when handling audit comment

* chore(sarif): proper variable naming

* chore(code): fix missing and unrecognized comments

* trigger PR

* fix(format): extra space

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2022-04-04 16:12:35 +02:00
Christian Volk
26bf3808fe
chore(checkmarxExecuteScan): split and trim filterPattern (#3661) 2022-03-23 11:45:05 +01:00
Sven Merk
c30e93bc6a
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) 
* Added SARIF and GH issue creation
 2022-03-17 15:32:48 +01:00
Sven Merk
c1d2e6ad16
Add toggle for GH issue creation (#3601) 
* Add toggle for GH issue creation

* Fix fmt
 2022-03-02 15:46:56 +01:00
Adrien
a73951909b
checkmarxExecuteScan fixes (#3540) 
* Fix FilterByTeamName and LoadExistingProject

* Fix project name loop

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2022-02-28 14:22:47 +01:00
thtrinh
d86cfce6e6
Checkmarx json report (#3565) 
* feat(checkmarx) : Checkmarx JSON Report

* Test cases with some fix

* Information total and audited test assertions

* feat(checkmarx): align total/audited with existing calculation

* fix(checkmarx): Reporting unit test

Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2022-02-25 14:20:36 +01:00
Oliver Nocon
a4a0873081
feat(checkmarx): create GitHub issue with findings (#3543) 
* feat(checkmarx): create GitHub issue with findings

* add github issue reporting
 2022-02-17 15:16:55 +01:00
Sven Merk
86e8125279
feat(checkmarxExecuteScan): Improve cx report (#2991) 
* Improve checkmarx report

* Fix test and fmt

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-09-15 09:45:56 +02:00
Sven Merk
2997714a02
checkmarxExecuteScan: Improve error message on compliance issues (#3083) 
* Update checkmarxExecuteScan.go

* Fix test
 2021-09-07 13:10:11 +02:00
Sven Merk
1ddd966249
Enforce non-incremental scans when optimized and scheduled (#3039) 
* Enfore non-incremental scans when optimized

* Update resources/metadata/checkmarx.yaml

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>

* Update generated file

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-08-10 11:27:28 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization (#2976) 
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text
 2021-07-09 10:19:42 +02:00
larsbrueckner
61fe88e199
Add "toolrecord" files to Fortify, Checkmarx, Protecode and Whitesource results (#2929) 
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2021-06-23 15:05:00 +02:00
Fabian Reh
44ca6db57c
Fix checkmarx execute scan (#2765) 
* Remove error check on preset conversion

Signed-off-by: Fabian Reh <fabian.reh@sap.com>
 2021-04-19 10:15:07 +02:00
Fabian Reh
9f55c4360d
Fix checkmarx execute scan (#2747) 
* Fixes infinite recursion

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Adds test for infinite recursion

Signed-off-by: Fabian Reh <fabian.reh@sap.com>
 2021-04-08 09:16:47 +02:00
Fabian Reh
bb62252600
Refactor(checkmarxExecuteScan): filterFileGlob (#2490) 
* * Fixes filterFileGlob as it did not evaluate all patterns
* Adapts unit tests to cover all functionality

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* * Fixes comment

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* * Adds tests for error cases
* Adds mock utils to mock external calls for errors

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* * Adds test for os.Open

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Cleans code

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Makes test OS independent

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Makes TestFilterFileGlob run in parallel

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Marks all tests to run in parallel

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for string conversion and zip file

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for write file

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for write file

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Add tests and error handling for PathMatch

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Refactor zipFolder method to reduce complexity

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* simplify parameters

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Revert "simplify parameters"

This reverts commit 0bfc582808.

* Revert "Revert "simplify parameters""

This reverts commit 102633cf2d.

* Extract getWorkspace to reduce parameters

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Adapts tests to new error handling of 0 files zip

Only logs error for 0 files zip if no other errors appeared

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* Extract method to reduce complexity

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* rename method

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* remove method needing many parameters

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* remove strconv api

Signed-off-by: Fabian Reh <fabian.reh@sap.com>

* remove project variable as project is created in this method

Signed-off-by: Fabian Reh <fabian.reh@sap.com>
 2021-04-08 07:05:37 +02:00
Sven Merk
8c6089cca9
checkmarxExecuteScan: Fix error message on empty ZIP (#2709) 
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-04-07 09:56:19 +02:00
Sven Merk
d52a1a3619
Influx step execution reporting (#2700) 
* Influx step execution reporting

* influx for newmanExecute added

Co-authored-by: lndrschlz <leander.schulz01@sap.com>
 2021-03-18 10:32:03 +01:00
Christopher Fenner
f999925788
fix(influx): correct data type of influx measurements (#2171) 
* update data type of influx measurements

* Update checkmarx.yaml

* pick changes from #1885 for testing

* update generated code

* update to new datatype

* adjust to type changes

* change back to string type

* Update fortifyExecuteScan.go

* add typo to be backward compatible

* change type to int for files_scanned and lines_of_code_scanned

* add typo

* add measurements to whitesource

* update generated sources

* adjust test cases

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2021-03-10 16:00:53 +01:00
Sven Merk
5d1782aa01
checkmarxExecuteScan: adapt to 9.2 api (#2363) 
* Update checkmarxExecuteScan.go

* api mods

* Switch default

* Fix decode

* mod marshalling

* Fix unmarshalling

* Code fmt and small fix

* Optimize preset handling

* Integer handling

* Fix test

* cleanup

* go fmt

* Improve test
 2020-11-25 13:47:26 +01:00
Sven Merk
3c7712f2ee
Retry capabilities for HTTP requests + enablement for Checkmarx step (#2346) 2020-11-11 13:35:53 +01:00
Christopher Fenner
b8d3a7d1a9
fix(influx): correct project_name field name (#2195) 
* Update checkmarx.yaml

* regenerate

* adjust code
 2020-10-19 13:09:17 +02:00
Oliver Nocon
0fb7ee5488
fix: Checkmarx project creation (#2112) 
* fix : allow creation of Checkmarx projects

* checkmarx: fix project creation

* do not swallow error

* fix preset error handling
 2020-10-05 08:16:18 +02:00
Oliver Nocon
9354697525
fix : allow creation of Checkmarx projects (#2106) 2020-10-01 17:08:07 +02:00
Oliver Nocon
15b3957137
checkmarxExecuteScan: update error handling (#2084) 
* checkmarxExecuteScan: update error handling

* Update cmd/checkmarxExecuteScan.go

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>

* include PR feedback

Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
 2020-09-29 09:23:31 +02:00
Christopher Fenner
6999380ee3
chore(go): simplify code using gofmt -s (#2065) 2020-09-24 08:58:53 +02:00
Christopher Fenner
b219fb6514
fix(typo): found by misspell (#2064) 
* fix typos in step yamls

* fix typos in go files

* regenerate step code

* fix typos in md files

* fix typos in groovy files

* fix further typos
 2020-09-24 07:41:06 +02:00
Oliver Nocon
c8b1ffd654
checkmarxExecuteScan: fix PR project identification (#2055) 2020-09-22 14:39:34 +02:00
Sven Merk
4ae46823b1
Fix PR feature (#2048) 
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
 2020-09-22 12:36:22 +02:00
Sven Merk
612d3a645b
Support verify only mode for SAST tools (#2018) 
* Support verify only mode for SAST

* Include feedback

* Add tests

* Fix imports
 2020-09-18 08:19:34 +02:00
Sven Merk
51158d2457
checkmarxExecuteScan: Fix access to projects (#1997) 2020-09-10 11:14:58 +02:00
Stephan Aßmus
ec779a719b
Checkmarx: honor "preset" parameter also for existing projects (#1893) 2020-08-06 17:20:26 +02:00
lndrschlz
94dba13fef
fix(checkmarxExecuteScan): whitespace in filePatterns; log output; (#1784) 
* removed whitespaces in filePatterns and add zip file count log

* safer string-replace for whitespaces

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2020-07-20 16:50:48 +02:00
Daniel Kurzynski
41c1653a06
Fix checkmarx (#1655) 2020-06-12 09:22:22 +02:00
Oliver Nocon
9c1bd04752
Streamline step generation (#1142) 
* Streamline step generation
* Include PR feedback, update DEVELOPMENT.md

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
 2020-02-04 10:46:43 +01:00
Sven Merk
36423eb78d
Avoid potential collisions among steps (#1141) 
* Avoid potential collisions amongst steps

* Improve code, move to JenkinsUtils

* Improve code

* Improve tests

* Fix test

* Add scope on golang side
 2020-02-03 15:25:49 +01:00
Sven Merk
cbe368fe36
Checkmarx as golang (#1075) 
* Added base functionality for checkmarx interaction

* Extend http client with file upload capabilities

* Latest changes

* Add debug logging

* Introduce Uploader interface

* Add tests for checkmarx client

* Hook new checkmarx command

* Improve coverage

* Add tests

* Improved test coverage and fixed code

* Add influx reporting

* Add alternation capabilities

* Add groovy step

* Try fix cmd

* Enhancements

* Fix report generation

* Final performance improvements

* Fix code

* Structure code, cleanup

* Improvements

* Fix codeclimate issue

* Update groovy

* Adapt latest changes to http

* Fix test

* Fix http tests

* Fix test

* Fix test

* Fix test 2

* Fix code

* Fix code 2

* Fix code

* Code

* Fix

* Fix

* Add report and link handling

* Fix returns, add groovy test

* Review comments

* Added doc template

* Docs update

* Remove SAP internals

* Better status display

* Add name to link

* Fix test

* Fix

* Fix verbose handling

* Fix verbose handling 2

* Fix verbose handling 3

* Fix

* Tiny improvements

* Regenerate

* Fix test

* Fix test code

* Fix verbosity issue

* Fix test

* Fix test

* Fix test
 2020-01-27 23:40:53 +01:00