github.com/SAP/jenkins-library@v1.362.0/cmd/codeqlExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type codeqlExecuteScanOptions struct { 25 GithubToken string `json:"githubToken,omitempty"` 26 BuildTool string `json:"buildTool,omitempty" validate:"possible-values=custom maven golang npm pip yarn"` 27 BuildCommand string `json:"buildCommand,omitempty"` 28 Language string `json:"language,omitempty"` 29 ModulePath string `json:"modulePath,omitempty"` 30 Database string `json:"database,omitempty"` 31 QuerySuite string `json:"querySuite,omitempty"` 32 UploadResults bool `json:"uploadResults,omitempty"` 33 SarifCheckMaxRetries int `json:"sarifCheckMaxRetries,omitempty"` 34 SarifCheckRetryInterval int `json:"sarifCheckRetryInterval,omitempty"` 35 TargetGithubRepoURL string `json:"targetGithubRepoURL,omitempty"` 36 TargetGithubBranchName string `json:"targetGithubBranchName,omitempty"` 37 Threads string `json:"threads,omitempty"` 38 Ram string `json:"ram,omitempty"` 39 AnalyzedRef string `json:"analyzedRef,omitempty"` 40 Repository string `json:"repository,omitempty"` 41 CommitID string `json:"commitId,omitempty"` 42 VulnerabilityThresholdTotal int `json:"vulnerabilityThresholdTotal,omitempty"` 43 CheckForCompliance bool `json:"checkForCompliance,omitempty"` 44 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 45 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 46 DatabaseCreateFlags string `json:"databaseCreateFlags,omitempty"` 47 DatabaseAnalyzeFlags string `json:"databaseAnalyzeFlags,omitempty"` 48 } 49 50 type codeqlExecuteScanInflux struct { 51 step_data struct { 52 fields struct { 53 codeql bool 54 } 55 tags struct { 56 } 57 } 58 codeql_data struct { 59 fields struct { 60 repositoryURL string 61 repositoryReferenceURL string 62 codeScanningLink string 63 querySuite string 64 optionalTotal int 65 optionalAudited int 66 auditAllTotal int 67 auditAllAudited int 68 } 69 tags struct { 70 } 71 } 72 } 73 74 func (i *codeqlExecuteScanInflux) persist(path, resourceName string) { 75 measurementContent := []struct { 76 measurement string 77 valType string 78 name string 79 value interface{} 80 }{ 81 {valType: config.InfluxField, measurement: "step_data", name: "codeql", value: i.step_data.fields.codeql}, 82 {valType: config.InfluxField, measurement: "codeql_data", name: "repositoryUrl", value: i.codeql_data.fields.repositoryURL}, 83 {valType: config.InfluxField, measurement: "codeql_data", name: "repositoryReferenceUrl", value: i.codeql_data.fields.repositoryReferenceURL}, 84 {valType: config.InfluxField, measurement: "codeql_data", name: "codeScanningLink", value: i.codeql_data.fields.codeScanningLink}, 85 {valType: config.InfluxField, measurement: "codeql_data", name: "querySuite", value: i.codeql_data.fields.querySuite}, 86 {valType: config.InfluxField, measurement: "codeql_data", name: "optionalTotal", value: i.codeql_data.fields.optionalTotal}, 87 {valType: config.InfluxField, measurement: "codeql_data", name: "optionalAudited", value: i.codeql_data.fields.optionalAudited}, 88 {valType: config.InfluxField, measurement: "codeql_data", name: "auditAllTotal", value: i.codeql_data.fields.auditAllTotal}, 89 {valType: config.InfluxField, measurement: "codeql_data", name: "auditAllAudited", value: i.codeql_data.fields.auditAllAudited}, 90 } 91 92 errCount := 0 93 for _, metric := range measurementContent { 94 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 95 if err != nil { 96 log.Entry().WithError(err).Error("Error persisting influx environment.") 97 errCount++ 98 } 99 } 100 if errCount > 0 { 101 log.Entry().Error("failed to persist Influx environment") 102 } 103 } 104 105 type codeqlExecuteScanReports struct { 106 } 107 108 func (p *codeqlExecuteScanReports) persist(stepConfig codeqlExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 109 if gcsBucketId == "" { 110 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 111 return 112 } 113 log.Entry().Info("Uploading reports to Google Cloud Storage...") 114 content := []gcs.ReportOutputParam{ 115 {FilePattern: "**/*.csv", ParamRef: "", StepResultType: "codeql"}, 116 {FilePattern: "**/*.sarif", ParamRef: "", StepResultType: "codeql"}, 117 {FilePattern: "**/toolrun_codeql_*.json", ParamRef: "", StepResultType: "codeql"}, 118 {FilePattern: "**/piper_codeql_report.json", ParamRef: "", StepResultType: "codeql"}, 119 } 120 envVars := []gcs.EnvVar{ 121 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 122 } 123 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 124 if err != nil { 125 log.Entry().Errorf("creation of GCS client failed: %v", err) 126 return 127 } 128 defer gcsClient.Close() 129 structVal := reflect.ValueOf(&stepConfig).Elem() 130 inputParameters := map[string]string{} 131 for i := 0; i < structVal.NumField(); i++ { 132 field := structVal.Type().Field(i) 133 if field.Type.String() == "string" { 134 paramName := strings.Split(field.Tag.Get("json"), ",") 135 paramValue, _ := structVal.Field(i).Interface().(string) 136 inputParameters[paramName[0]] = paramValue 137 } 138 } 139 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 140 log.Entry().Errorf("failed to persist reports: %v", err) 141 } 142 } 143 144 // CodeqlExecuteScanCommand This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws. 145 func CodeqlExecuteScanCommand() *cobra.Command { 146 const STEP_NAME = "codeqlExecuteScan" 147 148 metadata := codeqlExecuteScanMetadata() 149 var stepConfig codeqlExecuteScanOptions 150 var startTime time.Time 151 var influx codeqlExecuteScanInflux 152 var reports codeqlExecuteScanReports 153 var logCollector *log.CollectorHook 154 var splunkClient *splunk.Splunk 155 telemetryClient := &telemetry.Telemetry{} 156 157 var createCodeqlExecuteScanCmd = &cobra.Command{ 158 Use: STEP_NAME, 159 Short: "This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.", 160 Long: `This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws. 161 162 The codeql step triggers a scan locally on your orchestrator (e.g. Jenkins) within a docker container so finally you have to supply a docker image with codeql 163 and Java plus Maven.`, 164 PreRunE: func(cmd *cobra.Command, _ []string) error { 165 startTime = time.Now() 166 log.SetStepName(STEP_NAME) 167 log.SetVerbose(GeneralConfig.Verbose) 168 169 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 170 171 path, _ := os.Getwd() 172 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 173 log.RegisterHook(fatalHook) 174 175 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 176 if err != nil { 177 log.SetErrorCategory(log.ErrorConfiguration) 178 return err 179 } 180 log.RegisterSecret(stepConfig.GithubToken) 181 182 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 183 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 184 log.RegisterHook(&sentryHook) 185 } 186 187 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 || len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 188 splunkClient = &splunk.Splunk{} 189 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 190 log.RegisterHook(logCollector) 191 } 192 193 if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { 194 log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") 195 } 196 197 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 198 if err != nil { 199 return err 200 } 201 if err = validation.ValidateStruct(stepConfig); err != nil { 202 log.SetErrorCategory(log.ErrorConfiguration) 203 return err 204 } 205 206 return nil 207 }, 208 Run: func(_ *cobra.Command, _ []string) { 209 stepTelemetryData := telemetry.CustomData{} 210 stepTelemetryData.ErrorCode = "1" 211 handler := func() { 212 influx.persist(GeneralConfig.EnvRootPath, "influx") 213 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 214 config.RemoveVaultSecretFiles() 215 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 216 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 217 stepTelemetryData.PiperCommitHash = GitCommit 218 telemetryClient.SetData(&stepTelemetryData) 219 telemetryClient.Send() 220 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 221 splunkClient.Initialize(GeneralConfig.CorrelationID, 222 GeneralConfig.HookConfig.SplunkConfig.Dsn, 223 GeneralConfig.HookConfig.SplunkConfig.Token, 224 GeneralConfig.HookConfig.SplunkConfig.Index, 225 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 226 splunkClient.Send(telemetryClient.GetData(), logCollector) 227 } 228 if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 229 splunkClient.Initialize(GeneralConfig.CorrelationID, 230 GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, 231 GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, 232 GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, 233 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 234 splunkClient.Send(telemetryClient.GetData(), logCollector) 235 } 236 } 237 log.DeferExitHandler(handler) 238 defer handler() 239 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME, GeneralConfig.HookConfig.PendoConfig.Token) 240 codeqlExecuteScan(stepConfig, &stepTelemetryData, &influx) 241 stepTelemetryData.ErrorCode = "0" 242 log.Entry().Info("SUCCESS") 243 }, 244 } 245 246 addCodeqlExecuteScanFlags(createCodeqlExecuteScanCmd, &stepConfig) 247 return createCodeqlExecuteScanCmd 248 } 249 250 func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScanOptions) { 251 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token in plain text. NEVER set this parameter in a file commited to a source code repository. This parameter is intended to be used from the command line or set securely via the environment variable listed below. In most pipeline use-cases, you should instead either store the token in Vault (where it can be automatically retrieved by the step from one of the paths listed below) or store it as a Jenkins secret and configure the secret's id via the `githubTokenCredentialsId` parameter.") 252 cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Defines the build tool which is used for building the project.") 253 cmd.Flags().StringVar(&stepConfig.BuildCommand, "buildCommand", os.Getenv("PIPER_buildCommand"), "Command to build the project") 254 cmd.Flags().StringVar(&stepConfig.Language, "language", os.Getenv("PIPER_language"), "The programming language used to analyze.") 255 cmd.Flags().StringVar(&stepConfig.ModulePath, "modulePath", `./`, "Allows providing the path for the module to scan") 256 cmd.Flags().StringVar(&stepConfig.Database, "database", `codeqlDB`, "Path to the CodeQL database to create. This directory will be created, and must not already exist.") 257 cmd.Flags().StringVar(&stepConfig.QuerySuite, "querySuite", os.Getenv("PIPER_querySuite"), "The name of a CodeQL query suite. If omitted, the default query suite for the language of the database being analyzed will be used.") 258 cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", false, "Allows you to upload codeql SARIF results to your github project. You will need to set githubToken for this.") 259 cmd.Flags().IntVar(&stepConfig.SarifCheckMaxRetries, "sarifCheckMaxRetries", 10, "Maximum number of retries when waiting for the server to finish processing the SARIF upload.") 260 cmd.Flags().IntVar(&stepConfig.SarifCheckRetryInterval, "sarifCheckRetryInterval", 30, "Interval in seconds between retries when waiting for the server to finish processing the SARIF upload.") 261 cmd.Flags().StringVar(&stepConfig.TargetGithubRepoURL, "targetGithubRepoURL", os.Getenv("PIPER_targetGithubRepoURL"), "Target github repo url. Only relevant, if project uses a combination of Piper and non-GitHub SCM.") 262 cmd.Flags().StringVar(&stepConfig.TargetGithubBranchName, "targetGithubBranchName", os.Getenv("PIPER_targetGithubBranchName"), "Target github branch name. Only relevant, if project uses a combination of Piper and non-GitHub SCM.") 263 cmd.Flags().StringVar(&stepConfig.Threads, "threads", `0`, "Use this many threads for the codeql operations.") 264 cmd.Flags().StringVar(&stepConfig.Ram, "ram", `4000`, "Use this much ram (MB) for the codeql operations.") 265 cmd.Flags().StringVar(&stepConfig.AnalyzedRef, "analyzedRef", os.Getenv("PIPER_analyzedRef"), "Name of the ref that was analyzed.") 266 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "URL of the GitHub instance") 267 cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "SHA of commit that was analyzed.") 268 cmd.Flags().IntVar(&stepConfig.VulnerabilityThresholdTotal, "vulnerabilityThresholdTotal", 0, "Threashold for maximum number of allowed vulnerabilities.") 269 cmd.Flags().BoolVar(&stepConfig.CheckForCompliance, "checkForCompliance", false, "If set to true, the piper step checks for compliance based on vulnerability threadholds. Example - If total vulnerabilites are 10 and vulnerabilityThresholdTotal is set as 0, then the steps throws an compliance error.") 270 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.") 271 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.") 272 cmd.Flags().StringVar(&stepConfig.DatabaseCreateFlags, "databaseCreateFlags", os.Getenv("PIPER_databaseCreateFlags"), "A space-separated string of flags for the 'codeql database create' command.") 273 cmd.Flags().StringVar(&stepConfig.DatabaseAnalyzeFlags, "databaseAnalyzeFlags", os.Getenv("PIPER_databaseAnalyzeFlags"), "A space-separated string of flags for the 'codeql database analyze' command.") 274 275 cmd.MarkFlagRequired("buildTool") 276 } 277 278 // retrieve step metadata 279 func codeqlExecuteScanMetadata() config.StepData { 280 var theMetaData = config.StepData{ 281 Metadata: config.StepMetadata{ 282 Name: "codeqlExecuteScan", 283 Aliases: []config.Alias{}, 284 Description: "This step executes a codeql scan on the specified project to perform static code analysis and check the source code for security flaws.", 285 }, 286 Spec: config.StepSpec{ 287 Inputs: config.StepInputs{ 288 Secrets: []config.StepSecrets{ 289 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 290 }, 291 Resources: []config.StepResources{ 292 {Name: "commonPipelineEnvironment"}, 293 {Name: "buildDescriptor", Type: "stash"}, 294 {Name: "tests", Type: "stash"}, 295 }, 296 Parameters: []config.StepParameters{ 297 { 298 Name: "githubToken", 299 ResourceRef: []config.ResourceReference{ 300 { 301 Name: "githubTokenCredentialsId", 302 Type: "secret", 303 }, 304 305 { 306 Name: "githubVaultSecretName", 307 Type: "vaultSecret", 308 Default: "github", 309 }, 310 }, 311 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 312 Type: "string", 313 Mandatory: false, 314 Aliases: []config.Alias{{Name: "access_token"}}, 315 Default: os.Getenv("PIPER_githubToken"), 316 }, 317 { 318 Name: "buildTool", 319 ResourceRef: []config.ResourceReference{}, 320 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 321 Type: "string", 322 Mandatory: true, 323 Aliases: []config.Alias{}, 324 Default: `maven`, 325 }, 326 { 327 Name: "buildCommand", 328 ResourceRef: []config.ResourceReference{}, 329 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 330 Type: "string", 331 Mandatory: false, 332 Aliases: []config.Alias{}, 333 Default: os.Getenv("PIPER_buildCommand"), 334 }, 335 { 336 Name: "language", 337 ResourceRef: []config.ResourceReference{}, 338 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 339 Type: "string", 340 Mandatory: false, 341 Aliases: []config.Alias{}, 342 Default: os.Getenv("PIPER_language"), 343 }, 344 { 345 Name: "modulePath", 346 ResourceRef: []config.ResourceReference{}, 347 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 348 Type: "string", 349 Mandatory: false, 350 Aliases: []config.Alias{}, 351 Default: `./`, 352 }, 353 { 354 Name: "database", 355 ResourceRef: []config.ResourceReference{}, 356 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 357 Type: "string", 358 Mandatory: false, 359 Aliases: []config.Alias{}, 360 Default: `codeqlDB`, 361 }, 362 { 363 Name: "querySuite", 364 ResourceRef: []config.ResourceReference{}, 365 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 366 Type: "string", 367 Mandatory: false, 368 Aliases: []config.Alias{}, 369 Default: os.Getenv("PIPER_querySuite"), 370 }, 371 { 372 Name: "uploadResults", 373 ResourceRef: []config.ResourceReference{}, 374 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 375 Type: "bool", 376 Mandatory: false, 377 Aliases: []config.Alias{}, 378 Default: false, 379 }, 380 { 381 Name: "sarifCheckMaxRetries", 382 ResourceRef: []config.ResourceReference{}, 383 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 384 Type: "int", 385 Mandatory: false, 386 Aliases: []config.Alias{}, 387 Default: 10, 388 }, 389 { 390 Name: "sarifCheckRetryInterval", 391 ResourceRef: []config.ResourceReference{}, 392 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 393 Type: "int", 394 Mandatory: false, 395 Aliases: []config.Alias{}, 396 Default: 30, 397 }, 398 { 399 Name: "targetGithubRepoURL", 400 ResourceRef: []config.ResourceReference{}, 401 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 402 Type: "string", 403 Mandatory: false, 404 Aliases: []config.Alias{}, 405 Default: os.Getenv("PIPER_targetGithubRepoURL"), 406 }, 407 { 408 Name: "targetGithubBranchName", 409 ResourceRef: []config.ResourceReference{}, 410 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 411 Type: "string", 412 Mandatory: false, 413 Aliases: []config.Alias{}, 414 Default: os.Getenv("PIPER_targetGithubBranchName"), 415 }, 416 { 417 Name: "threads", 418 ResourceRef: []config.ResourceReference{}, 419 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 420 Type: "string", 421 Mandatory: false, 422 Aliases: []config.Alias{}, 423 Default: `0`, 424 }, 425 { 426 Name: "ram", 427 ResourceRef: []config.ResourceReference{}, 428 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 429 Type: "string", 430 Mandatory: false, 431 Aliases: []config.Alias{}, 432 Default: `4000`, 433 }, 434 { 435 Name: "analyzedRef", 436 ResourceRef: []config.ResourceReference{ 437 { 438 Name: "commonPipelineEnvironment", 439 Param: "git/ref", 440 }, 441 }, 442 Scope: []string{}, 443 Type: "string", 444 Mandatory: false, 445 Aliases: []config.Alias{}, 446 Default: os.Getenv("PIPER_analyzedRef"), 447 }, 448 { 449 Name: "repository", 450 ResourceRef: []config.ResourceReference{ 451 { 452 Name: "commonPipelineEnvironment", 453 Param: "git/httpsUrl", 454 }, 455 }, 456 Scope: []string{}, 457 Type: "string", 458 Mandatory: false, 459 Aliases: []config.Alias{{Name: "githubRepo"}}, 460 Default: os.Getenv("PIPER_repository"), 461 }, 462 { 463 Name: "commitId", 464 ResourceRef: []config.ResourceReference{ 465 { 466 Name: "commonPipelineEnvironment", 467 Param: "git/remoteCommitId", 468 }, 469 }, 470 Scope: []string{}, 471 Type: "string", 472 Mandatory: false, 473 Aliases: []config.Alias{}, 474 Default: os.Getenv("PIPER_commitId"), 475 }, 476 { 477 Name: "vulnerabilityThresholdTotal", 478 ResourceRef: []config.ResourceReference{}, 479 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 480 Type: "int", 481 Mandatory: false, 482 Aliases: []config.Alias{}, 483 Default: 0, 484 }, 485 { 486 Name: "checkForCompliance", 487 ResourceRef: []config.ResourceReference{}, 488 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 489 Type: "bool", 490 Mandatory: false, 491 Aliases: []config.Alias{}, 492 Default: false, 493 }, 494 { 495 Name: "projectSettingsFile", 496 ResourceRef: []config.ResourceReference{}, 497 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 498 Type: "string", 499 Mandatory: false, 500 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 501 Default: os.Getenv("PIPER_projectSettingsFile"), 502 }, 503 { 504 Name: "globalSettingsFile", 505 ResourceRef: []config.ResourceReference{}, 506 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 507 Type: "string", 508 Mandatory: false, 509 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 510 Default: os.Getenv("PIPER_globalSettingsFile"), 511 }, 512 { 513 Name: "databaseCreateFlags", 514 ResourceRef: []config.ResourceReference{}, 515 Scope: []string{"STEPS", "STAGES", "PARAMETERS"}, 516 Type: "string", 517 Mandatory: false, 518 Aliases: []config.Alias{}, 519 Default: os.Getenv("PIPER_databaseCreateFlags"), 520 }, 521 { 522 Name: "databaseAnalyzeFlags", 523 ResourceRef: []config.ResourceReference{}, 524 Scope: []string{"STEPS", "STAGES", "PARAMETERS"}, 525 Type: "string", 526 Mandatory: false, 527 Aliases: []config.Alias{}, 528 Default: os.Getenv("PIPER_databaseAnalyzeFlags"), 529 }, 530 }, 531 }, 532 Containers: []config.Container{ 533 {}, 534 }, 535 Outputs: config.StepOutputs{ 536 Resources: []config.StepResources{ 537 { 538 Name: "influx", 539 Type: "influx", 540 Parameters: []map[string]interface{}{ 541 {"name": "step_data", "fields": []map[string]string{{"name": "codeql"}}}, 542 {"name": "codeql_data", "fields": []map[string]string{{"name": "repositoryUrl"}, {"name": "repositoryReferenceUrl"}, {"name": "codeScanningLink"}, {"name": "querySuite"}, {"name": "optionalTotal"}, {"name": "optionalAudited"}, {"name": "auditAllTotal"}, {"name": "auditAllAudited"}}}, 543 }, 544 }, 545 { 546 Name: "reports", 547 Type: "reports", 548 Parameters: []map[string]interface{}{ 549 {"filePattern": "**/*.csv", "type": "codeql"}, 550 {"filePattern": "**/*.sarif", "type": "codeql"}, 551 {"filePattern": "**/toolrun_codeql_*.json", "type": "codeql"}, 552 {"filePattern": "**/piper_codeql_report.json", "type": "codeql"}, 553 }, 554 }, 555 }, 556 }, 557 }, 558 } 559 return theMetaData 560 }