github.com/SAP/jenkins-library@v1.362.0/cmd/credentialdiggerScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "time" 9 10 "github.com/SAP/jenkins-library/pkg/config" 11 "github.com/SAP/jenkins-library/pkg/log" 12 "github.com/SAP/jenkins-library/pkg/splunk" 13 "github.com/SAP/jenkins-library/pkg/telemetry" 14 "github.com/SAP/jenkins-library/pkg/validation" 15 "github.com/spf13/cobra" 16 ) 17 18 type credentialdiggerScanOptions struct { 19 Repository string `json:"repository,omitempty"` 20 Snapshot string `json:"snapshot,omitempty"` 21 PrNumber int `json:"prNumber,omitempty"` 22 ExportAll bool `json:"exportAll,omitempty"` 23 APIURL string `json:"apiUrl,omitempty"` 24 Debug bool `json:"debug,omitempty"` 25 RulesDownloadURL string `json:"rulesDownloadUrl,omitempty"` 26 Models []string `json:"models,omitempty"` 27 Token string `json:"token,omitempty"` 28 RulesFile string `json:"rulesFile,omitempty"` 29 } 30 31 // CredentialdiggerScanCommand Scan a repository on GitHub with Credential Digger 32 func CredentialdiggerScanCommand() *cobra.Command { 33 const STEP_NAME = "credentialdiggerScan" 34 35 metadata := credentialdiggerScanMetadata() 36 var stepConfig credentialdiggerScanOptions 37 var startTime time.Time 38 var logCollector *log.CollectorHook 39 var splunkClient *splunk.Splunk 40 telemetryClient := &telemetry.Telemetry{} 41 42 var createCredentialdiggerScanCmd = &cobra.Command{ 43 Use: STEP_NAME, 44 Short: "Scan a repository on GitHub with Credential Digger", 45 Long: `This step allows you to scan a repository on Github using Credential Digger. 46 47 It can for example be used for DevSecOps scenarios to verify the source code does not contain hard-coded credentials before being merged or released for production. 48 It supports several scan flavors, i.e., full scans of a repo, scan of a snapshot, or scan of a pull request.`, 49 PreRunE: func(cmd *cobra.Command, _ []string) error { 50 startTime = time.Now() 51 log.SetStepName(STEP_NAME) 52 log.SetVerbose(GeneralConfig.Verbose) 53 54 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 55 56 path, _ := os.Getwd() 57 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 58 log.RegisterHook(fatalHook) 59 60 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 61 if err != nil { 62 log.SetErrorCategory(log.ErrorConfiguration) 63 return err 64 } 65 log.RegisterSecret(stepConfig.Token) 66 67 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 68 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 69 log.RegisterHook(&sentryHook) 70 } 71 72 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 || len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 73 splunkClient = &splunk.Splunk{} 74 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 75 log.RegisterHook(logCollector) 76 } 77 78 if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { 79 log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") 80 } 81 82 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 83 if err != nil { 84 return err 85 } 86 if err = validation.ValidateStruct(stepConfig); err != nil { 87 log.SetErrorCategory(log.ErrorConfiguration) 88 return err 89 } 90 91 return nil 92 }, 93 Run: func(_ *cobra.Command, _ []string) { 94 stepTelemetryData := telemetry.CustomData{} 95 stepTelemetryData.ErrorCode = "1" 96 handler := func() { 97 config.RemoveVaultSecretFiles() 98 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 99 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 100 stepTelemetryData.PiperCommitHash = GitCommit 101 telemetryClient.SetData(&stepTelemetryData) 102 telemetryClient.Send() 103 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 104 splunkClient.Initialize(GeneralConfig.CorrelationID, 105 GeneralConfig.HookConfig.SplunkConfig.Dsn, 106 GeneralConfig.HookConfig.SplunkConfig.Token, 107 GeneralConfig.HookConfig.SplunkConfig.Index, 108 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 109 splunkClient.Send(telemetryClient.GetData(), logCollector) 110 } 111 if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 112 splunkClient.Initialize(GeneralConfig.CorrelationID, 113 GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, 114 GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, 115 GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, 116 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 117 splunkClient.Send(telemetryClient.GetData(), logCollector) 118 } 119 } 120 log.DeferExitHandler(handler) 121 defer handler() 122 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME, GeneralConfig.HookConfig.PendoConfig.Token) 123 credentialdiggerScan(stepConfig, &stepTelemetryData) 124 stepTelemetryData.ErrorCode = "0" 125 log.Entry().Info("SUCCESS") 126 }, 127 } 128 129 addCredentialdiggerScanFlags(createCredentialdiggerScanCmd, &stepConfig) 130 return createCredentialdiggerScanCmd 131 } 132 133 func addCredentialdiggerScanFlags(cmd *cobra.Command, stepConfig *credentialdiggerScanOptions) { 134 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "URL of the GitHub repository (was name, but we need the url). In case it's missing, use the URL of the current repository.") 135 cmd.Flags().StringVar(&stepConfig.Snapshot, "snapshot", os.Getenv("PIPER_snapshot"), "If set, scan the snapshot of the repository at this commit_id/branch.") 136 cmd.Flags().IntVar(&stepConfig.PrNumber, "prNumber", 0, "If set, scan the pull request open with this number.") 137 cmd.Flags().BoolVar(&stepConfig.ExportAll, "exportAll", false, "Export all the findings, i.e., including non-leaks.") 138 cmd.Flags().StringVar(&stepConfig.APIURL, "apiUrl", `https://api.github.com`, "Set the GitHub API url. Needed for scanning a pull request.") 139 cmd.Flags().BoolVar(&stepConfig.Debug, "debug", false, "Execute the scans in debug mode (i.e., print logs).") 140 cmd.Flags().StringVar(&stepConfig.RulesDownloadURL, "rulesDownloadUrl", os.Getenv("PIPER_rulesDownloadUrl"), "URL where to download custom rules. The file published at this URL must be formatted as the default ruleset https://raw.githubusercontent.com/SAP/credential-digger/main/ui/backend/rules.yml") 141 cmd.Flags().StringSliceVar(&stepConfig.Models, "models", []string{}, "Machine learning models to automatically verify the findings.") 142 cmd.Flags().StringVar(&stepConfig.Token, "token", os.Getenv("PIPER_token"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 143 cmd.Flags().StringVar(&stepConfig.RulesFile, "rulesFile", `inputs/rules.yml`, "Name of the rules file used locally within the step. If a remote files for rules is declared as `rulesDownloadUrl`, the stashed file is ignored. If you change the file's name make sure your stashing configuration also reflects this.") 144 145 cmd.MarkFlagRequired("apiUrl") 146 cmd.MarkFlagRequired("token") 147 } 148 149 // retrieve step metadata 150 func credentialdiggerScanMetadata() config.StepData { 151 var theMetaData = config.StepData{ 152 Metadata: config.StepMetadata{ 153 Name: "credentialdiggerScan", 154 Aliases: []config.Alias{}, 155 Description: "Scan a repository on GitHub with Credential Digger", 156 }, 157 Spec: config.StepSpec{ 158 Inputs: config.StepInputs{ 159 Secrets: []config.StepSecrets{ 160 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 161 }, 162 Parameters: []config.StepParameters{ 163 { 164 Name: "repository", 165 ResourceRef: []config.ResourceReference{}, 166 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 167 Type: "string", 168 Mandatory: false, 169 Aliases: []config.Alias{{Name: "githubRepo"}}, 170 Default: os.Getenv("PIPER_repository"), 171 }, 172 { 173 Name: "snapshot", 174 ResourceRef: []config.ResourceReference{}, 175 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 176 Type: "string", 177 Mandatory: false, 178 Aliases: []config.Alias{}, 179 Default: os.Getenv("PIPER_snapshot"), 180 }, 181 { 182 Name: "prNumber", 183 ResourceRef: []config.ResourceReference{}, 184 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 185 Type: "int", 186 Mandatory: false, 187 Aliases: []config.Alias{}, 188 Default: 0, 189 }, 190 { 191 Name: "exportAll", 192 ResourceRef: []config.ResourceReference{}, 193 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 194 Type: "bool", 195 Mandatory: false, 196 Aliases: []config.Alias{}, 197 Default: false, 198 }, 199 { 200 Name: "apiUrl", 201 ResourceRef: []config.ResourceReference{}, 202 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 203 Type: "string", 204 Mandatory: true, 205 Aliases: []config.Alias{{Name: "githubApiUrl"}}, 206 Default: `https://api.github.com`, 207 }, 208 { 209 Name: "debug", 210 ResourceRef: []config.ResourceReference{}, 211 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 212 Type: "bool", 213 Mandatory: false, 214 Aliases: []config.Alias{{Name: "verbose"}}, 215 Default: false, 216 }, 217 { 218 Name: "rulesDownloadUrl", 219 ResourceRef: []config.ResourceReference{}, 220 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 221 Type: "string", 222 Mandatory: false, 223 Aliases: []config.Alias{}, 224 Default: os.Getenv("PIPER_rulesDownloadUrl"), 225 }, 226 { 227 Name: "models", 228 ResourceRef: []config.ResourceReference{}, 229 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 230 Type: "[]string", 231 Mandatory: false, 232 Aliases: []config.Alias{}, 233 Default: []string{}, 234 }, 235 { 236 Name: "token", 237 ResourceRef: []config.ResourceReference{ 238 { 239 Name: "githubTokenCredentialsId", 240 Type: "secret", 241 }, 242 243 { 244 Name: "githubVaultSecretName", 245 Type: "vaultSecret", 246 Default: "github", 247 }, 248 }, 249 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 250 Type: "string", 251 Mandatory: true, 252 Aliases: []config.Alias{{Name: "githubToken"}, {Name: "access_token"}}, 253 Default: os.Getenv("PIPER_token"), 254 }, 255 { 256 Name: "rulesFile", 257 ResourceRef: []config.ResourceReference{}, 258 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 259 Type: "string", 260 Mandatory: false, 261 Aliases: []config.Alias{}, 262 Default: `inputs/rules.yml`, 263 }, 264 }, 265 }, 266 Containers: []config.Container{ 267 {Image: "credentialdigger.int.repositories.cloud.sap/credential_digger:4.9.2"}, 268 }, 269 Outputs: config.StepOutputs{ 270 Resources: []config.StepResources{ 271 { 272 Name: "report", 273 Type: "report", 274 Parameters: []map[string]interface{}{ 275 {"filePattern": "**/report*.csv", "type": "credentialdigger-report"}, 276 }, 277 }, 278 }, 279 }, 280 }, 281 } 282 return theMetaData 283 }