1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
sap-jenkins-library/resources/metadata/detect.yaml
Kevin Stiehl 3eae0c5f68
feat(vault): fetch secrets from vault (#2032)
* cloud-foundry & sonar from vault

* add vault development hint

* don't abort on vault errors

* cloudfoundry make credentialsId only mandatory when vault is not configured

* add vault ref to step ymls

* rename vaultAddress to vaultServerUrl

* rename PIPER_vaultRole* to PIPER_vaultAppRole*

* add resourceRef for detect step

* fix error when no namespace is set

* added debug logs

* added debug logs

* fix vault resolving

* add vaultCustomBasePath

* rename vault_test.go to client_test.go

* refactored vault logging

* refactored config param lookup for vault

* added tüddelchen

* rename vaultCustomBasePath to vaultPath

* fix tests

* change lookup path for group secrets

* fix interpolation tests

* added vault resource ref to versioning

* execute go generate

* rename Approle to AppRole

* change verbose back to false

Co-authored-by: Leander Schulz <leander.schulz01@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2020-10-13 14:14:47 +02:00

226 lines
7.7 KiB
YAML

metadata:
name: detectExecuteScan
description: Executes Synopsys Detect scan
longDescription: |
This step executes [Synopsys Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans.
Synopsys Detect command line utlity can be used to run various scans including BlackDuck and Polaris scans. This step allows users to run BlackDuck scans by default.
Please configure your BlackDuck server Url using the serverUrl parameter and the API token of your user using the apiToken parameter for this step.
spec:
inputs:
resources:
- name: buildDescriptor
type: stash
- name: checkmarx
type: stash
secrets:
- name: detectTokenCredentialsId
aliases:
- name: apiTokenCredentialsId
description: Jenkins 'Secret text' credentials ID containing the API token used to authenticate with the Synopsis Detect (formerly BlackDuck) Server.
type: jenkins
params:
- name: token
aliases:
- name: blackduckToken
- name: detectToken
- name: apiToken
deprecated: true
- name: detect/apiToken
deprecated: true
description: Api token to be used for connectivity with Synopsis Detect server.
type: string
mandatory: true
secret: true
resourceRef:
- name: detectTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/detect
- $(vaultBasePath)/$(vaultPipelineName)/detect
- $(vaultBasePath)/GROUP-SECRETS/detect
scope:
- PARAMETERS
- STAGES
- STEPS
- name: codeLocation
description: An override for the name Detect will use for the scan file it creates.
type: string
mandatory: false
scope:
- PARAMETERS
- STAGES
- STEPS
- name: projectName
description: Name of the Synopsis Detect (formerly BlackDuck) project.
aliases:
- name: detect/projectName
type: string
mandatory: true
scope:
- PARAMETERS
- STAGES
- STEPS
- name: scanners
description: List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.
aliases:
- name: detect/scanners
type: "[]string"
mandatory: false
default:
- signature
possibleValues:
- signature
- source
scope:
- PARAMETERS
- STAGES
- STEPS
- name: scanPaths
description: List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.
aliases:
- name: detect/scanPaths
type: "[]string"
mandatory: false
default:
- "."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: scanProperties
description: Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)
aliases:
- name: detect/scanProperties
type: "[]string"
mandatory: false
default:
- --blackduck.signature.scanner.memory=4096
- --blackduck.timeout=6000
- --blackduck.trust.cert=true
- --detect.report.timeout=4800
- --logging.level.com.synopsys.integration=DEBUG
- --detect.maven.excluded.scopes=test
scope:
- PARAMETERS
- STAGES
- STEPS
- name: serverUrl
description: Server URL to the Synopsis Detect (formerly BlackDuck) Server.
aliases:
- name: detect/serverUrl
type: string
mandatory: true
scope:
- PARAMETERS
- STAGES
- STEPS
- name: groups
description: Users groups to be assigned for the Project
aliases:
- name: detect/groups
type: "[]string"
mandatory: false
scope:
- PARAMETERS
- STAGES
- STEPS
- name: failOn
description: Mark the current build as fail based on the policy categories applied.
longDescription: |
A list of policies can be provided which will be applied after the scan is completed. These policies if violated will mark the build/scan result as failed.
The list of accepted valed can be found at https://blackducksoftware.github.io/synopsys-detect/latest/properties/configuration/project/#fail-on-policy-violation-severities
aliases:
- name: detect/failOn
type: "[]string"
mandatory: false
default:
- BLOCKER
possibleValues:
- ALL
- BLOCKER
- CRITICAL
- MAJOR
- MINOR
- NONE
scope:
- PARAMETERS
- STAGES
- STEPS
- name: version
aliases:
- name: projectVersion
- name: detect/projectVersion
type: string
description: Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.
longDescription: |-
Defines the version number of the artifact being build in the pipeline.
It is used for build version creation and as source for the Detect version.
**Typically it is available through the pipeline run.**
The project version of the Detect project is calculated using the [`versioningModel`](#versioningmodel).
resourceRef:
- name: commonPipelineEnvironment
param: artifactVersion
scope:
- PARAMETERS
- STAGES
- STEPS
- name: versioningModel
type: string
description: The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1
longDescription: |-
The versioning model used for result reporting (based on the artifact version).
For example: the version 1.2.3 of the artifact will result in a version 1 to report into, when `versioningModel: major` is used and will result in a version 1.2 when `versioningModel: major-minor` is used.
Recommendation for a Continuous Delivery process is to use `versioningModel: major`.
scope:
- PARAMETERS
- GENERAL
- STAGES
- STEPS
default: "major"
possibleValues:
- major
- major-minor
- semantic
- full
- name: projectSettingsFile
type: string
description: "Path or url to the mvn settings file that should be used as project settings file."
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
mandatory: false
aliases:
- name: maven/projectSettingsFile
- name: globalSettingsFile
type: string
description: "Path or url to the mvn settings file that should be used as global settings file"
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
mandatory: false
aliases:
- name: maven/globalSettingsFile
- name: m2Path
type: string
description: Path to the location of the local repository that should be used.
scope:
- GENERAL
- STEPS
- STAGES
- PARAMETERS
mandatory: false
aliases:
- name: maven/m2Path
containers:
- name: openjdk
image: openjdk:11
workingDir: /root
options:
- name: -u
value: "0"