jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Code Issues Releases Activity
971d5d1461
sap-jenkins-library/resources/metadata/credentialdiggerScan.yaml
Marco Rosa 6b18448124
Add credentialdiggerScan step (#4141) 
* Add credentialdiggerScan metadata

* Integrate new step into piper process

* Add credentialdiggerScan implementation and tests

* Remove duplicated code

* Add doc file for credentialdiggerScan step

* Regenerate metadata

* Fix return type in tests

* Add credentialdiggerScan to CommonStepsTest

* Fix typo

* Improve code style

* Add support for custom rules file in stash

* Regenerate metadata for credentialdiggerScan

---------

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2023-04-04 16:57:15 +02:00

125 lines
4.1 KiB
YAML
Raw Blame History

metadata:
name: credentialdiggerScan
description: Scan a repository on GitHub with Credential Digger
longDescription: |
This step allows you to scan a repository on Github using Credential Digger.
It can for example be used for DevSecOps scenarios to verify the source code does not contain hard-coded credentials before being merged or released for production.
It supports several scan flavors, i.e., full scans of a repo, scan of a snapshot, or scan of a pull request.
spec:
inputs:
secrets:
- name: githubTokenCredentialsId
description: Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.
type: jenkins
params:
- name: repository
aliases:
- name: githubRepo
description: URL of the GitHub repository (was name, but we need the url). In case it's missing, use the URL of the current repository.
scope:
- PARAMETERS
- STAGES
- STEPS
type: string
mandatory: false
- name: snapshot
description: If set, scan the snapshot of the repository at this commit_id/branch.
scope:
- PARAMETERS
- STAGES
- STEPS
type: string
mandatory: false
- name: prNumber
description: If set, scan the pull request open with this number.
scope:
- PARAMETERS
- STAGES
- STEPS
type: int
mandatory: false
- name: exportAll
type: bool
description: Export all the findings, i.e., including non-leaks.
scope:
- PARAMETERS
- STAGES
- STEPS
default: false
- name: apiUrl
aliases:
- name: githubApiUrl
description: Set the GitHub API url. Needed for scanning a pull request.
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
type: string
default: https://api.github.com
mandatory: true
- name: debug
aliases:
- name: verbose
description: Execute the scans in debug mode (i.e., print logs).
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
type: bool
default: false
- name: rulesDownloadUrl
type: string
description: URL where to download custom rules. The file published at this URL must be formatted as the default ruleset https://raw.githubusercontent.com/SAP/credential-digger/main/ui/backend/rules.yml
scope:
- PARAMETERS
- STAGES
- STEPS
mandatory: false
- name: models
description: Machine learning models to automatically verify the findings.
scope:
- PARAMETERS
- STAGES
- STEPS
type: "[]string"
- name: token
aliases:
- name: githubToken
- name: access_token
description: GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
type: string
mandatory: true
secret: true
resourceRef:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
default: github
name: githubVaultSecretName
- name: rulesFile
type: string
description: Name of the rules file used locally within the step. If a remote files for rules is declared as `rulesDownloadUrl`, the stashed file is ignored. If you change the file's name make sure your stashing configuration also reflects this.
mandatory: false
scope:
- PARAMETERS
- STAGES
- STEPS
default: inputs/rules.yml
outputs:
resources:
- name: report
type: report
params:
- filePattern: "**/report*.csv"
type: credentialdigger-report
containers:
- image: "credentialdigger.int.repositories.cloud.sap/credential_digger:4.9.2"
Reference in New Issue View Git Blame Copy Permalink