metadata: name: detectExecuteScan description: Executes Synopsys Detect scan longDescription: | This step executes [Synopsys Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans. Synopsys Detect command line utlity can be used to run various scans including BlackDuck and Polaris scans. This step allows users to run BlackDuck scans by default. Please configure your BlackDuck server Url using the serverUrl parameter and the API token of your user using the apiToken parameter for this step. spec: inputs: resources: - name: buildDescriptor type: stash - name: checkmarx type: stash secrets: - name: detectTokenCredentialsId aliases: - name: apiTokenCredentialsId description: Jenkins 'Secret text' credentials ID containing the API token used to authenticate with the Synopsis Detect (formerly BlackDuck) Server. type: jenkins params: - name: token aliases: - name: blackduckToken - name: detectToken - name: apiToken deprecated: true - name: detect/apiToken deprecated: true description: Api token to be used for connectivity with Synopsis Detect server. type: string mandatory: true secret: true resourceRef: - name: detectTokenCredentialsId type: secret - type: vaultSecret paths: - $(vaultPath)/detect - $(vaultBasePath)/$(vaultPipelineName)/detect - $(vaultBasePath)/GROUP-SECRETS/detect scope: - PARAMETERS - STAGES - STEPS - name: codeLocation description: An override for the name Detect will use for the scan file it creates. type: string scope: - PARAMETERS - STAGES - STEPS - name: projectName description: Name of the Synopsis Detect (formerly BlackDuck) project. aliases: - name: detect/projectName type: string mandatory: true scope: - PARAMETERS - STAGES - STEPS - name: scanners description: List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan. aliases: - name: detect/scanners type: "[]string" default: - signature possibleValues: - signature - source scope: - PARAMETERS - STAGES - STEPS - name: scanPaths description: List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan. aliases: - name: detect/scanPaths type: "[]string" default: - "." scope: - PARAMETERS - STAGES - STEPS - name: scanProperties description: Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties) aliases: - name: detect/scanProperties type: "[]string" default: - --blackduck.signature.scanner.memory=4096 - --blackduck.timeout=6000 - --blackduck.trust.cert=true - --detect.report.timeout=4800 - --logging.level.com.synopsys.integration=DEBUG - --detect.maven.excluded.scopes=test scope: - PARAMETERS - STAGES - STEPS - name: serverUrl description: Server URL to the Synopsis Detect (formerly BlackDuck) Server. aliases: - name: detect/serverUrl type: string mandatory: true scope: - PARAMETERS - STAGES - STEPS - name: groups description: Users groups to be assigned for the Project aliases: - name: detect/groups type: "[]string" scope: - PARAMETERS - STAGES - STEPS - name: failOn description: Mark the current build as fail based on the policy categories applied. longDescription: | A list of policies can be provided which will be applied after the scan is completed. These policies if violated will mark the build/scan result as failed. The list of accepted valed can be found at https://blackducksoftware.github.io/synopsys-detect/latest/properties/configuration/project/#fail-on-policy-violation-severities aliases: - name: detect/failOn type: "[]string" default: - BLOCKER possibleValues: - ALL - BLOCKER - CRITICAL - MAJOR - MINOR - NONE scope: - PARAMETERS - STAGES - STEPS - name: version aliases: - name: projectVersion - name: detect/projectVersion type: string description: Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version. longDescription: |- Defines the version number of the artifact being build in the pipeline. It is used for build version creation and as source for the Detect version. **Typically it is available through the pipeline run.** The project version of the Detect project is calculated using the [`versioningModel`](#versioningmodel). resourceRef: - name: commonPipelineEnvironment param: artifactVersion scope: - PARAMETERS - STAGES - STEPS - name: versioningModel type: string description: The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1 longDescription: |- The versioning model used for result reporting (based on the artifact version). For example: the version 1.2.3 of the artifact will result in a version 1 to report into, when `versioningModel: major` is used and will result in a version 1.2 when `versioningModel: major-minor` is used. Recommendation for a Continuous Delivery process is to use `versioningModel: major`. scope: - PARAMETERS - GENERAL - STAGES - STEPS default: "major" possibleValues: - major - major-minor - semantic - full - name: projectSettingsFile type: string description: "Path or url to the mvn settings file that should be used as project settings file." scope: - GENERAL - PARAMETERS - STAGES - STEPS aliases: - name: maven/projectSettingsFile - name: globalSettingsFile type: string description: "Path or url to the mvn settings file that should be used as global settings file" scope: - GENERAL - PARAMETERS - STAGES - STEPS aliases: - name: maven/globalSettingsFile - name: m2Path type: string description: Path to the location of the local repository that should be used. scope: - GENERAL - STEPS - STAGES - PARAMETERS aliases: - name: maven/m2Path containers: - name: openjdk image: openjdk:11 workingDir: /root options: - name: -u value: "0"