1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-22 05:33:10 +02:00
sap-jenkins-library/resources/metadata/malwareExecuteScan.yaml
Christian Volk b0e4599d4d
feat(malwareExecuteScan): refactoring and docker support (#3421)
* feat(malwareExecuteScan): add support for scanning docker images

* refactoring

* print out finding if available

* generate toolrecord for malware scan

* persist scan report

* docs

* fix

* fix

* rollback cmd/init_unix.go

* auhenticated pull

* fix

* fix: report shall be consistent with the api model

* gcs upload

* fix linter
2022-01-24 09:48:01 +01:00

167 lines
5.3 KiB
YAML

metadata:
name: malwareExecuteScan
description: Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).
longDescription: |
Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).
spec:
inputs:
secrets:
- name: malwareScanCredentialsId
description: Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.
type: jenkins
params:
- name: buildTool
type: string
description: "Defines the tool which is used for building the artifact."
mandatory: true
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
resourceRef:
- name: commonPipelineEnvironment
param: buildTool
- name: dockerConfigJSON
type: string
description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
scope:
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: commonPipelineEnvironment
param: custom/dockerConfigJSON
- name: dockerConfigJsonCredentialsId
type: secret
- type: vaultSecretFile
name: dockerConfigFileVaultSecretName
default: docker-config
- name: containerRegistryPassword
description: "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment."
type: string
scope:
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: commonPipelineEnvironment
param: custom/repositoryPassword
- name: containerRegistryUser
description: "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment."
type: string
scope:
- PARAMETERS
- STAGES
- STEPS
secret: true
resourceRef:
- name: commonPipelineEnvironment
param: custom/repositoryUsername
- name: host
type: string
description: "malware scanning host."
scope:
- PARAMETERS
- STAGES
- STEPS
mandatory: true
- name: username
type: string
description: "User"
scope:
- PARAMETERS
- STAGES
- STEPS
mandatory: true
secret: true
resourceRef:
- name: malwareScanCredentialsId
type: secret
param: username
- name: malwareScanUsernameVaultSecretName
type: vaultSecret
default: malware-scan
- name: password
type: string
description: "Password"
scope:
- PARAMETERS
- STAGES
- STEPS
mandatory: true
secret: true
resourceRef:
- name: malwareScanCredentialsId
type: secret
param: password
- name: malwareScanPasswordVaultSecretName
type: vaultSecret
default: malware-scan
- name: scanImage
type: string
description: "For `buildTool: docker`: Defines the docker image which should be scanned."
resourceRef:
- name: commonPipelineEnvironment
param: container/imageNameTag
scope:
- PARAMETERS
- STAGES
- STEPS
- name: scanImageIncludeLayers
type: bool
description: "For `buildTool: docker`: Defines if layers should be included."
scope:
- PARAMETERS
- STAGES
- STEPS
default: true
- name: scanImageRegistryUrl
type: string
description: "For `buildTool: docker`: Defines the registry where the scanImage is located."
resourceRef:
- name: commonPipelineEnvironment
param: container/registryUrl
scope:
- PARAMETERS
- STAGES
- STEPS
- name: scanFile
aliases:
- name: file
deprecated: true
type: string
description: "The file which is scanned for malware"
scope:
- PARAMETERS
- STAGES
- STEPS
- name: timeout
type: string
description: "timeout for http layer in seconds"
scope:
- PARAMETERS
- STAGES
- STEPS
mandatory: false
default: 600
- name: reportFileName
type: string
description: The file name of the report to be created
scope:
- PARAMETERS
- STAGES
- STEPS
default: malwarescan_report.json
outputs:
resources:
- name: reports
type: reports
params:
- filePattern: "**/toolrun_malwarescan_*.json"
type: malwarescan
- paramRef: reportFileName
type: malwarescan