* Update URL to recent SapMachine
11.0.2 in from Jan2019 := 5 years old
use the recent version => 11.0.24
* 11.0.24 to 25
meanwhile 11.0.25 is the latest version
* update from 11.0.25 to stable 21 link
now to use https://sap.github.io/SapMachine/latest/21/linux-x64/jre/
* applied generated go code
* Update whitesourceExecuteScan.yaml
* from 21-latest to 17.0.13
to speed this up
* revert description
* generate for new url
---------
Co-authored-by: Harald Aamot <harald.aamot@sap.com>
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* detect script v9 as default and detect script v8 as optional for blackduck
* unit test fix
---------
Co-authored-by: Dmitrii Pavlukhin <dmitrii.pavlukhin@sap.com>
* Update abapAddonAssemblyKitCheck.yaml
remove bullet points as they are not rendered together with markdown
* Update abapAddonAssemblyKitCheck.yaml
* delete trailing space
* go generate
* Improve logs of credentialdiggerScan step
* 'Restore step'
* Use dockerhub image for Credential Digger
* Regenerate credentialdiggerScan
* Update docker image tag
* Fix report generation with exportAll
* Update docker image for credentialdiggerScan
* Regenerate credentialdiggerScan step with new docker image
* Dont duplicate step name with log.Entry()
* Refactor RepoURL according to #4639
---------
Co-authored-by: Marcus Holl <marcus.holl@sap.com>
Co-authored-by: Googlom <36107508+Googlom@users.noreply.github.com>
* Remove blue green deployment support for cf native build tools
* Empty for testing
* Remove obsolete dependency
* feedback from code review
* Fix IT's run
* Add test
* chore: switch to new parameter name
Since warnings-ng plugin version 11 the blameDisabled parameter
has been replaced by skipBlames.
To be compatible with Jenkinsfile Runner we put the recordIssues step
into a try/catch, so no exception is thrown and the build fails.
* docs: improve wording
Co-authored-by: Srinikitha Kondreddy <srinikitha.kondreddy@sap.com>
---------
Co-authored-by: Srinikitha Kondreddy <srinikitha.kondreddy@sap.com>
* fix dead link in sonarExecuteScan.yaml
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner leads to "Page not found"
* Update sonarExecuteScan.yaml
* Update sonarExecuteScan.yaml
typo
* Update sonarExecuteScan_generated.go
---------
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
* small sarif fixes
* fixed merge
* attempt at pulling git source repo branch
* fix(cxone):new endpoint for project creation
* fix(cxOne): taxa is an array
* fix(cxOne): get Git branch from commonPipelineEnvironment
* fix(cxOne): add params to tag a scan and a project
* fix(cxOne): unit test - update project
* fix(cxOne): unit test - update project tags
* fix(cxOne): improve logs
* fix(cxOne): improve logs
---------
Co-authored-by: michael kubiaczyk <michael.kubiaczyk@checkmarx.com>
Co-authored-by: michaelkubiaczyk <48311127+michaelkubiaczyk@users.noreply.github.com>
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
* added running custom command
* go mod tidy
* added log with parsed command info
* fixed log format
---------
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
* support trustedCerts for cloneGitRepo
* some more steps
* Update sap_com_0948.go
* remove warning for config value type
* updated description for certificateNames
* go generate artifacts
* variable order and space in "[]interface {}"
* Initial in progress
* compiling but not yet functional
* Missed file
* updated checkmarxone step
* Working up to fetching a project then breaks
* Missed file
* Breaks when retrieving projects+proxy set
* Create project & run scan working, now polling
* Fixed polling
* added back the zipfile remove command
* Fixed polling again
* Generates and downloads PDF report
* Updated and working, prep for refactor
* Added compliance steps
* Cleanup, reporting, added groovy connector
* fixed groovy file
* checkmarxone to checkmarxOne
* checkmarxone to checkmarxOne
* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix
* Fixed filenames & yaml
* missed the metadata_generated.go
* added json to sarif conversion
* fix:type in new checkmarxone package
* fix:type in new checkmarxone package
* removed test logs, added temp error log for creds
* extra debugging to fix crash
* improved auth logging, fixed query parse issue
* fixed bug with group fetch when using oauth user
* CWE can be -1 if not defined, can't be uint
* Query also had CweID
* Disabled predicates-fetch in sarif generation
* Removing leftover info log message
* Better error handling
* fixed default preset configuration
* removing .bat files - sorry
* Cleanup per initial review
* refactoring per Gist, fixed project find, add apps
* small fix - sorry for commit noise while testing
* Fixing issues with incremental scans.
* removing maxretries
* Updated per PR feedback, further changes todo toda
* JSON Report changes and reporting cleanup
* removing .bat (again?)
* adding docs, groovy unit test, linter fixes
* Started adding tests maybe 15% covered
* fix(checkmarxOne): test cases for pkg and reporting
* fix(checkmarxOne):fix formatting
* feat(checkmarxone): update interface with missing method
* feat(checkmarxone):change runStep signature to be able to inject dependency
* feat(checkmarxone): add tests for step (wip)
* Adding a bit more coverage
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix code review
* feat(checkmarxOne): fix integration test PR
* adding scan-summary bug workaround, reportgen fail
* enforceThresholds fix when no results passed in
* fixed gap when preset empty in yaml & project conf
* fixed another gap in preset selection
* fix 0-result panic
* fail when no preset is set anywhere
* removed comment
* initial project-under-app support
* fixing sarif reportgen
* some cleanup of error messages
* post-merge test fixes
* revert previous upstream merge
* adding "incremental" to "full" triggers
* wrong boolean
* project-in-application api change prep
* Fixing SARIF report without preset access
* fix sarif deeplink
* removing comments
* fix(cxone):formatting
* fix(cxone):formatting
* small sarif fixes
* fixed merge
* attempt at pulling git source repo branch
* fix(cxone):new endpoint for project creation
---------
Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
* Run artifactPrepareVersion inside a docker container when build tool is CAP
* Run artifactPrepareVersion inside a docker container for CAP apps
* Run artifactPrepareVersion inside a docker container for CAP apps
* Update yaml
* feat(artifactPrepareVersion): Introduce build tool CAP
* feat(artifactPrepareVersion): Introduce build tool CAP
* Add CAPVersioningPreference to versioning.Options
* Include CAP to allowed build tool list
* Update go.mod
* Include CAP to allowed build tool list
* Delete CAP from additionalTargetTools
* Delete CAP from additionalTargetTools
* Fix test
* Update comment
* Update comment
* Add param description
* Add param description
* updated text of scope parameter
* go generate all yaml files
---------
Co-authored-by: Sarat Krishnan <78093145+sarat-krk@users.noreply.github.com>
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
This change allows usage of `stashNoDefaultExcludes` parameter,
as otherwise I think it it impossible to stash back the .git repository.
It should not affect anything if `stashNoDefaultExcludes` is not used.
