mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-01-22 05:33:10 +02:00
b0e4599d4d
* feat(malwareExecuteScan): add support for scanning docker images * refactoring * print out finding if available * generate toolrecord for malware scan * persist scan report * docs * fix * fix * rollback cmd/init_unix.go * auhenticated pull * fix * fix: report shall be consistent with the api model * gcs upload * fix linter
167 lines
5.3 KiB
YAML
167 lines
5.3 KiB
YAML
metadata:
|
|
name: malwareExecuteScan
|
|
description: Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).
|
|
longDescription: |
|
|
Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).
|
|
spec:
|
|
inputs:
|
|
secrets:
|
|
- name: malwareScanCredentialsId
|
|
description: Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.
|
|
type: jenkins
|
|
params:
|
|
- name: buildTool
|
|
type: string
|
|
description: "Defines the tool which is used for building the artifact."
|
|
mandatory: true
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: buildTool
|
|
- name: dockerConfigJSON
|
|
type: string
|
|
description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: custom/dockerConfigJSON
|
|
- name: dockerConfigJsonCredentialsId
|
|
type: secret
|
|
- type: vaultSecretFile
|
|
name: dockerConfigFileVaultSecretName
|
|
default: docker-config
|
|
- name: containerRegistryPassword
|
|
description: "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment."
|
|
type: string
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: custom/repositoryPassword
|
|
- name: containerRegistryUser
|
|
description: "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment."
|
|
type: string
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: custom/repositoryUsername
|
|
- name: host
|
|
type: string
|
|
description: "malware scanning host."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: true
|
|
- name: username
|
|
type: string
|
|
description: "User"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: true
|
|
secret: true
|
|
resourceRef:
|
|
- name: malwareScanCredentialsId
|
|
type: secret
|
|
param: username
|
|
- name: malwareScanUsernameVaultSecretName
|
|
type: vaultSecret
|
|
default: malware-scan
|
|
- name: password
|
|
type: string
|
|
description: "Password"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: true
|
|
secret: true
|
|
resourceRef:
|
|
- name: malwareScanCredentialsId
|
|
type: secret
|
|
param: password
|
|
- name: malwareScanPasswordVaultSecretName
|
|
type: vaultSecret
|
|
default: malware-scan
|
|
- name: scanImage
|
|
type: string
|
|
description: "For `buildTool: docker`: Defines the docker image which should be scanned."
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: container/imageNameTag
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanImageIncludeLayers
|
|
type: bool
|
|
description: "For `buildTool: docker`: Defines if layers should be included."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: true
|
|
- name: scanImageRegistryUrl
|
|
type: string
|
|
description: "For `buildTool: docker`: Defines the registry where the scanImage is located."
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: container/registryUrl
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanFile
|
|
aliases:
|
|
- name: file
|
|
deprecated: true
|
|
type: string
|
|
description: "The file which is scanned for malware"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: timeout
|
|
type: string
|
|
description: "timeout for http layer in seconds"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: false
|
|
default: 600
|
|
- name: reportFileName
|
|
type: string
|
|
description: The file name of the report to be created
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: malwarescan_report.json
|
|
outputs:
|
|
resources:
|
|
- name: reports
|
|
type: reports
|
|
params:
|
|
- filePattern: "**/toolrun_malwarescan_*.json"
|
|
type: malwarescan
|
|
- paramRef: reportFileName
|
|
type: malwarescan
|