metadata:
  name: protecodeExecuteScan
  description: Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family.
  longDescription: |-
    Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family.

    !!! hint "Auditing findings (Triaging)"
        Triaging is now supported by the Protecode backend and also Piper does consider this information during the analysis of the scan results though product versions are not supported by Protecode. Therefore please make sure that the `fileName` you are providing does either contain a stable version or that it does not contain one at all. By ensuring that you are able to triage CVEs globally on the upload file's name without affecting any other artifacts scanned in the same Protecode group and as such triaged vulnerabilities will be considered during the next scan and will not fail the build anymore.
spec:
  inputs:
    params:
    - name: excludeCVEs
      aliases:
      - name: protecodeExcludeCVEs
      type: string
      description: 'DEPRECATED: Do use triaging within the Protecode UI instead'
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
      default: []
    - name: failOnSevereVulnerabilities
      aliases:
      - name: protecodeFailOnSevereVulnerabilities
      type: bool
      description: Whether to fail the job on severe vulnerabilties or not
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
      default: true
    - name: scanImage
      aliases:
      - name: dockerImage
      type: string
      description: The reference to the docker image to scan with Protecode
      resourceRef:
        - name: commonPipelineEnvironment
          param: container/imageNameTag
      scope:
      - GENERAL
      - PARAMETERS
      - STAGES
      - STEPS
    - name: dockerRegistryUrl
      type: string
      description: The reference to the docker registry to scan with Protecode
      resourceRef:
        - name: commonPipelineEnvironment
          param: container/registryUrl
      scope:
      - GENERAL
      - PARAMETERS
      - STAGES
      - STEPS
    - name: cleanupMode
      type: string
      description: Decides which parts are removed from the Protecode backend after the scan
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
      default: binary
      possibleValues:
        - none
        - binary
        - complete
    - name: filePath
      type: string
      description: The path to the file from local workspace to scan with Protecode
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
    - name: includeLayers
      type: bool
      description: Flag if the docker layers should be included
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
    - name: addSideBarLink
      type: bool
      description: Whether to create a side bar link pointing to the report produced by Protecode or not
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
      default: true
    - name: timeoutMinutes
      aliases:
      - name: protecodeTimeoutMinutes
      type: string
      description: The timeout to wait for the scan to finish
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
      default: 60
    - name: serverUrl
      aliases:
      - name: protecodeServerUrl
      type: string
      description: The URL to the Protecode backend
      mandatory: true
      scope:
      - GENERAL
      - PARAMETERS
      - STAGES
      - STEPS
    - name: reportFileName
      type: string
      description: The file name of the report to be created
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
      default: protecode_report.pdf
    - name: fetchUrl
      type: string
      description: The URL to fetch the file to scan with Protecode which must be accessible via public HTTP GET request
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
    - name: group
      aliases:
      - name: protecodeGroup
      type: string
      description: The Protecode group ID of your team
      mandatory: true
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
    - name: reuseExisting
      type: bool
      description: Whether to reuse an existing product instead of creating a new one
      scope:
      - PARAMETERS
      - STAGES
      - STEPS
    - name: username
      aliases:
        - name: user
          deprecated: true
      type: string
      description: User which is used for the protecode scan
      mandatory: true
      scope:
        - PARAMETERS
        - STAGES
        - STEPS
      secret: true
    - name: password
      type: string
      description: Password which is used for the user
      mandatory: true
      scope:
        - PARAMETERS
        - STAGES
        - STEPS
      secret: true
    - name: artifactVersion
      type: string
      description: The version of the artifact to allow identification in protecode backend
      resourceRef:
        - name: commonPipelineEnvironment
          param: artifactVersion
      scope:
        - PARAMETERS
        - STAGES
        - STEPS
    - name: pullRequestName
      type: string
      description: The name of the pull request
      scope:
        - PARAMETERS
        - STAGES
        - STEPS
    secrets:
    - name: protecodeCredentialsId
      type: jenkins
    - name: dockerCredentialsId
      type: jenkins
  outputs:
    resources:
      - name: influx
        type: influx
        params:
          - name: protecode_data
            fields:
              - name: historical_vulnerabilities
              - name: triaged_vulnerabilities
              - name: excluded_vulnerabilities
              - name: minor_vulnerabilities
              - name: major_vulnerabilities
              - name: vulnerabilities