mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-14 11:03:09 +02:00
8ee0d358b9
Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com> Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
215 lines
7.2 KiB
YAML
215 lines
7.2 KiB
YAML
metadata:
|
|
name: detectExecuteScan
|
|
description: Executes Synopsys Detect scan
|
|
longDescription: |
|
|
This step executes [Synopsys Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans.
|
|
Synopsys Detect command line utlity can be used to run various scans including BlackDuck and Polaris scans. This step allows users to run BlackDuck scans by default.
|
|
Please configure your BlackDuck server Url using the serverUrl parameter and the API token of your user using the apiToken parameter for this step.
|
|
spec:
|
|
inputs:
|
|
resources:
|
|
- name: buildDescriptor
|
|
type: stash
|
|
- name: checkmarx
|
|
type: stash
|
|
secrets:
|
|
- name: detectTokenCredentialsId
|
|
aliases:
|
|
- name: apiTokenCredentialsId
|
|
description: Jenkins 'Secret text' credentials ID containing the API token used to authenticate with the Synopsis Detect (formerly BlackDuck) Server.
|
|
type: jenkins
|
|
params:
|
|
- name: apiToken
|
|
aliases:
|
|
- name: detect/apiToken
|
|
description: Api token to be used for connectivity with Synopsis Detect server.
|
|
type: string
|
|
mandatory: true
|
|
secret: true
|
|
resourceRef:
|
|
- name: detectTokenCredentialsId
|
|
type: secret
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: codeLocation
|
|
description: An override for the name Detect will use for the scan file it creates.
|
|
type: string
|
|
mandatory: false
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: projectName
|
|
description: Name of the Synopsis Detect (formerly BlackDuck) project.
|
|
aliases:
|
|
- name: detect/projectName
|
|
type: string
|
|
mandatory: true
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanners
|
|
description: List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.
|
|
aliases:
|
|
- name: detect/scanners
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- signature
|
|
possibleValues:
|
|
- signature
|
|
- source
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanPaths
|
|
description: List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.
|
|
aliases:
|
|
- name: detect/scanPaths
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- '.'
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanProperties
|
|
description: Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)
|
|
aliases:
|
|
- name: detect/scanProperties
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- --blackduck.signature.scanner.memory=4096
|
|
- --blackduck.timeout=6000
|
|
- --blackduck.trust.cert=true
|
|
- --detect.report.timeout=4800
|
|
- --logging.level.com.synopsys.integration=DEBUG
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: serverUrl
|
|
description: Server URL to the Synopsis Detect (formerly BlackDuck) Server.
|
|
aliases:
|
|
- name: detect/serverUrl
|
|
type: string
|
|
mandatory: true
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: groups
|
|
description: Users groups to be assigned for the Project
|
|
aliases:
|
|
- name: detect/groups
|
|
type: '[]string'
|
|
mandatory: false
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: failOn
|
|
description: Mark the current build as fail based on the policy categories applied.
|
|
longDescription: |
|
|
A list of policies can be provided which will be applied after the scan is completed. These policies if violated will mark the build/scan result as failed.
|
|
The list of accepted valed can be found at https://blackducksoftware.github.io/synopsys-detect/latest/properties/configuration/project/#fail-on-policy-violation-severities
|
|
aliases:
|
|
- name: detect/failOn
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- BLOCKER
|
|
possibleValues:
|
|
- ALL
|
|
- BLOCKER
|
|
- CRITICAL
|
|
- MAJOR
|
|
- MINOR
|
|
- NONE
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: version
|
|
aliases:
|
|
- name: projectVersion
|
|
- name: detect/projectVersion
|
|
type: string
|
|
description: Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.
|
|
longDescription: |-
|
|
Defines the version number of the artifact being build in the pipeline.
|
|
It is used for build version creation and as source for the Detect version.
|
|
**Typically it is available through the pipeline run.**
|
|
The project version of the Detect project is calculated using the [`versioningModel`](#versioningmodel).
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: artifactVersion
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: versioningModel
|
|
type: string
|
|
description: The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1
|
|
longDescription: |-
|
|
The versioning model used for result reporting (based on the artifact version).
|
|
For example: the version 1.2.3 of the artifact will result in a version 1 to report into, when `versioningModel: major` is used and will result in a version 1.2 when `versioningModel: major-minor` is used.
|
|
Recommendation for a Continuous Delivery process is to use `versioningModel: major`.
|
|
scope:
|
|
- PARAMETERS
|
|
- GENERAL
|
|
- STAGES
|
|
- STEPS
|
|
default: "major"
|
|
possibleValues:
|
|
- major
|
|
- major-minor
|
|
- semantic
|
|
- full
|
|
- name: projectSettingsFile
|
|
type: string
|
|
description: "Path or url to the mvn settings file that should be used as project settings file."
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: false
|
|
aliases:
|
|
- name: maven/projectSettingsFile
|
|
- name: globalSettingsFile
|
|
type: string
|
|
description: "Path or url to the mvn settings file that should be used as global settings file"
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: false
|
|
aliases:
|
|
- name: maven/globalSettingsFile
|
|
- name: m2Path
|
|
type: string
|
|
description: Path to the location of the local repository that should be used.
|
|
scope:
|
|
- GENERAL
|
|
- STEPS
|
|
- STAGES
|
|
- PARAMETERS
|
|
mandatory: false
|
|
aliases:
|
|
- name: maven/m2Path
|
|
containers:
|
|
- name: openjdk
|
|
image: openjdk:11
|
|
workingDir: /root
|
|
options:
|
|
- name: -u
|
|
value: '0'
|