mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-12 10:55:20 +02:00
dbbbe1f0b3
* Toolrecord framework - provide a common entry point for post processing code scan results Changes to be committed: new file: pkg/toolrecord/REAMDE_toolrecord.md new file: pkg/toolrecord/toolrecord_main.go new file: pkg/toolrecord/toolrecord_test.go * Add toolrecord file to Checkmarx results modified: cmd/checkmarxExecuteScan.go * Add toolrecord file to Fortify results modified: cmd/fortifyExecuteScan.go * Add toolrecord file to Whitesource results modified: cmd/whitesourceExecuteScan.go * unset umask (#2927) * (feat) adds error logging output for downloading reports from whitesource (#2928) * Add toolrecord file to Protecode results * address code climate findings (1/2) * address codeclimate findings (2/2) * add comments to all methods * Toolrecord library: - move all toolrun files into a subdirectory - fix timestamp generation in filenames * add protecode group's URL to toolrecord data * fix syntax error from previous commit in cmd/protecodeExecuteScan.go * toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go * cmd/fortifyExecuteScan.go: replace a hard-coded servername with config.ServerURL * update description * add toolrecord file to detectExecuteScan * toolrecord/whitesource: add project names as context Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de> Co-authored-by: ffeldmann <felix@bnbit.de> Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
1.6 KiB
1.6 KiB
Purpose of the "toolrecord" feature is to provide a common result file for tools (e.g. code scanners) to allow consumers of the piper result files to locate the results in the respective tool backends for further reporting and post processing
Currently it contains the minimal information to detect which tools have been executed, and where to locate the results in the respective tool backends.
The result files are called "tr_toolname_YYYYMMDDHHMMSS.json" and have the following structure:
{ "RecordVersion":1, "ToolName":"dummyTool", "ToolInstance":"dummyInstance", // Tool backend URL
// Tool-agnostic DisplayName and DisplayUrl for simple reportings
// ( this is deried from the keys details )
"DisplayName":"dummyOrgName - dummyProjName - dummyScanName",
"DisplayURL":"dummyScanUrl",
// tool-dependend identifiers; order is taken of tool's data model e.g. 'team owns project has scan'
"Keys":[
{
"Name":"Organization", // the technical name from the tool's data model
"Value":"dummyOrgId", // the key value needed to access the tool's backend via api
"DisplayName":"dummyOrgName", // User-friendly identifiert - optional can be empty
"URL":"dummyOrgUrl" // Url to access this data in the tool's ui - optional can be empty
},
{"Name":"Project","Value":"dummyProjectId","DisplayName":"dummyProjName","Url":"dummyProjUrl"},
{"Name":"ScanId","Value":"dummyScanId","DisplayName":"dummyScanName","Url":"dummyScanUrl"}
],
"Context":{} // additional context data - optional tool dependend
}