1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
sap-jenkins-library/pkg/toolrecord/REAMDE_toolrecord.md
larsbrueckner 61fe88e199
Add "toolrecord" files to Fortify, Checkmarx, Protecode and Whitesource results (#2929)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-23 15:05:00 +02:00

1.6 KiB

Purpose of the "toolrecord" feature is to provide a common result file for all code scanners that allows consumers of the piper result files to locate the results in the respective tool backends for further reporting and post processing

Currently it contains the minimal information to detect which tools have been executed, and where to locate the results in the respective tool backends.

The result files are called "tr_toolname_YYYYMMDDHHMMSS.json" and have the following structure:

{ "RecordVersion":1, "ToolName":"dummyTool", "ToolInstance":"dummyInstance", // Tool backend URL

// Tool-agnostic DisplayName and DisplayUrl for simple reportings
// ( this is deried from the keys details )
"DisplayName":"dummyOrgName - dummyProjName - dummyScanName",
"DisplayURL":"dummyScanUrl",

// tool-dependend identifiers; order is taken of tool's data model e.g. 'team owns project has scan'
"Keys":[
    {
        "Name":"Organization",         // the technical name from the tool's data model
        "Value":"dummyOrgId",          // the key value needed to access the tool's backend via api
        "DisplayName":"dummyOrgName",  // User-friendly identifiert - optional can be empty
        "URL":"dummyOrgUrl"            // Url to access this data in the tool's ui - optional can be empty
    },
    {"Name":"Project","Value":"dummyProjectId","DisplayName":"dummyProjName","Url":"dummyProjUrl"},
    {"Name":"ScanId","Value":"dummyScanId","DisplayName":"dummyScanName","Url":"dummyScanUrl"}
    ],

"Context":{}                            // additional context data - optional tool dependend

}