mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-03-03 15:02:35 +02:00
8e74952166
* Switch Detect scan to golang implementation * update workingDir * use universal container as default * Switch to official curl image * fix code climate issue * switch default image * update docker options * update CommonStepsTest * remove invalid groovy test * clean up defaults Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
120 lines
3.6 KiB
YAML
120 lines
3.6 KiB
YAML
metadata:
|
|
name: detectExecuteScan
|
|
description: Executes Synopsis Detect scan
|
|
longDescription: |
|
|
This step executes [Synopsis Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans.
|
|
spec:
|
|
inputs:
|
|
resources:
|
|
- name: buildDescriptor
|
|
type: stash
|
|
- name: checkmarx
|
|
type: stash
|
|
secrets:
|
|
- name: detectTokenCredentialsId
|
|
aliases:
|
|
- name: apiTokenCredentialsId
|
|
description: Jenkins 'Secret text' credentials ID containing the API token used to authenticate with the Synopsis Detect (formerly BlackDuck) Server.
|
|
type: jenkins
|
|
params:
|
|
- name: apiToken
|
|
aliases:
|
|
- name: detect/apiToken
|
|
description: Api token to be used for connectivity with Synopsis Detect server.
|
|
type: string
|
|
mandatory: true
|
|
secret: true
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: codeLocation
|
|
description: An override for the name Detect will use for the scan file it creates.
|
|
type: string
|
|
mandatory: false
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: projectName
|
|
description: Name of the Synopsis Detect (formerly BlackDuck) project.
|
|
aliases:
|
|
- name: detect/projectName
|
|
type: string
|
|
mandatory: true
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: projectVersion
|
|
description: Version of the Synopsis Detect (formerly BlackDuck) project.
|
|
aliases:
|
|
- name: detect/projectVersion
|
|
type: string
|
|
mandatory: true
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanners
|
|
description: List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.
|
|
aliases:
|
|
- name: detect/scanners
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- signature
|
|
possibleValues:
|
|
- signature
|
|
- source
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanPaths
|
|
description: List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.
|
|
aliases:
|
|
- name: detect/scanPaths
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- '.'
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: scanProperties
|
|
description: Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)
|
|
aliases:
|
|
- name: detect/scanProperties
|
|
type: '[]string'
|
|
mandatory: false
|
|
default:
|
|
- --blackduck.signature.scanner.memory=4096
|
|
- --blackduck.timeout=6000
|
|
- --blackduck.trust.cert=true
|
|
- --detect.policy.check.fail.on.severities=BLOCKER,CRITICAL,MAJOR
|
|
- --detect.report.timeout=4800
|
|
- --logging.level.com.synopsys.integration=DEBUG
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: serverUrl
|
|
description: Server url to the Synopsis Detect (formerly BlackDuck) Server.
|
|
aliases:
|
|
- name: detect/serverUrl
|
|
type: string
|
|
mandatory: false
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
containers:
|
|
- name: openjdk
|
|
image: openjdk:11
|
|
workingDir: /root
|
|
options:
|
|
- name: -u
|
|
value: '0'
|