jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Code Issues Releases Activity
ebedf412e4
sap-jenkins-library/pkg/toolrecord/REAMDE_toolrecord.md
larsbrueckner dbbbe1f0b3
Updates to toolrecord framework (#2986) 
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames

* add protecode group's URL to toolrecord data

* fix syntax error from previous commit in cmd/protecodeExecuteScan.go

* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go

* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL

* update description

* add toolrecord file to detectExecuteScan

* toolrecord/whitesource: add project names as context

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-07-23 08:48:48 +02:00

1.6 KiB
Raw Blame History

Purpose of the "toolrecord" feature is to provide a common result file for tools (e.g. code scanners) to allow consumers of the piper result files to locate the results in the respective tool backends for further reporting and post processing

Currently it contains the minimal information to detect which tools have been executed, and where to locate the results in the respective tool backends.

The result files are called "tr_toolname_YYYYMMDDHHMMSS.json" and have the following structure:

{ "RecordVersion":1, "ToolName":"dummyTool", "ToolInstance":"dummyInstance", // Tool backend URL

// Tool-agnostic DisplayName and DisplayUrl for simple reportings
// ( this is deried from the keys details )
"DisplayName":"dummyOrgName - dummyProjName - dummyScanName",
"DisplayURL":"dummyScanUrl",

// tool-dependend identifiers; order is taken of tool's data model e.g. 'team owns project has scan'
"Keys":[
    {
        "Name":"Organization",         // the technical name from the tool's data model
        "Value":"dummyOrgId",          // the key value needed to access the tool's backend via api
        "DisplayName":"dummyOrgName",  // User-friendly identifiert - optional can be empty
        "URL":"dummyOrgUrl"            // Url to access this data in the tool's ui - optional can be empty
    },
    {"Name":"Project","Value":"dummyProjectId","DisplayName":"dummyProjName","Url":"dummyProjUrl"},
    {"Name":"ScanId","Value":"dummyScanId","DisplayName":"dummyScanName","Url":"dummyScanUrl"}
    ],

"Context":{}                            // additional context data - optional tool dependend

}