github.com/SAP/jenkins-library@v1.362.0/cmd/protecodeExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type protecodeExecuteScanOptions struct { 25 ExcludeCVEs string `json:"excludeCVEs,omitempty"` 26 FailOnSevereVulnerabilities bool `json:"failOnSevereVulnerabilities,omitempty"` 27 ScanImage string `json:"scanImage,omitempty"` 28 DockerRegistryURL string `json:"dockerRegistryUrl,omitempty"` 29 ContainerRegistryPassword string `json:"containerRegistryPassword,omitempty"` 30 ContainerRegistryUser string `json:"containerRegistryUser,omitempty"` 31 DockerConfigJSON string `json:"dockerConfigJSON,omitempty"` 32 CleanupMode string `json:"cleanupMode,omitempty" validate:"possible-values=none binary complete"` 33 FilePath string `json:"filePath,omitempty"` 34 TimeoutMinutes string `json:"timeoutMinutes,omitempty"` 35 ServerURL string `json:"serverUrl,omitempty"` 36 ReportFileName string `json:"reportFileName,omitempty"` 37 FetchURL string `json:"fetchUrl,omitempty"` 38 Group string `json:"group,omitempty"` 39 VerifyOnly bool `json:"verifyOnly,omitempty"` 40 ReplaceProductID int `json:"replaceProductId,omitempty"` 41 Username string `json:"username,omitempty"` 42 Password string `json:"password,omitempty"` 43 UserAPIKey string `json:"userAPIKey,omitempty"` 44 Version string `json:"version,omitempty"` 45 CustomScanVersion string `json:"customScanVersion,omitempty"` 46 VersioningModel string `json:"versioningModel,omitempty" validate:"possible-values=major major-minor semantic full"` 47 PullRequestName string `json:"pullRequestName,omitempty"` 48 CustomDataJSONMap string `json:"customDataJSONMap,omitempty"` 49 } 50 51 type protecodeExecuteScanInflux struct { 52 step_data struct { 53 fields struct { 54 protecode bool 55 } 56 tags struct { 57 } 58 } 59 protecode_data struct { 60 fields struct { 61 excluded_vulnerabilities int 62 historical_vulnerabilities int 63 major_vulnerabilities int 64 minor_vulnerabilities int 65 triaged_vulnerabilities int 66 vulnerabilities int 67 } 68 tags struct { 69 } 70 } 71 } 72 73 func (i *protecodeExecuteScanInflux) persist(path, resourceName string) { 74 measurementContent := []struct { 75 measurement string 76 valType string 77 name string 78 value interface{} 79 }{ 80 {valType: config.InfluxField, measurement: "step_data", name: "protecode", value: i.step_data.fields.protecode}, 81 {valType: config.InfluxField, measurement: "protecode_data", name: "excluded_vulnerabilities", value: i.protecode_data.fields.excluded_vulnerabilities}, 82 {valType: config.InfluxField, measurement: "protecode_data", name: "historical_vulnerabilities", value: i.protecode_data.fields.historical_vulnerabilities}, 83 {valType: config.InfluxField, measurement: "protecode_data", name: "major_vulnerabilities", value: i.protecode_data.fields.major_vulnerabilities}, 84 {valType: config.InfluxField, measurement: "protecode_data", name: "minor_vulnerabilities", value: i.protecode_data.fields.minor_vulnerabilities}, 85 {valType: config.InfluxField, measurement: "protecode_data", name: "triaged_vulnerabilities", value: i.protecode_data.fields.triaged_vulnerabilities}, 86 {valType: config.InfluxField, measurement: "protecode_data", name: "vulnerabilities", value: i.protecode_data.fields.vulnerabilities}, 87 } 88 89 errCount := 0 90 for _, metric := range measurementContent { 91 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 92 if err != nil { 93 log.Entry().WithError(err).Error("Error persisting influx environment.") 94 errCount++ 95 } 96 } 97 if errCount > 0 { 98 log.Entry().Error("failed to persist Influx environment") 99 } 100 } 101 102 type protecodeExecuteScanReports struct { 103 } 104 105 func (p *protecodeExecuteScanReports) persist(stepConfig protecodeExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 106 if gcsBucketId == "" { 107 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 108 return 109 } 110 log.Entry().Info("Uploading reports to Google Cloud Storage...") 111 content := []gcs.ReportOutputParam{ 112 {FilePattern: "**/toolrun_protecode_*.json", ParamRef: "", StepResultType: "protecode"}, 113 {FilePattern: "", ParamRef: "reportFileName", StepResultType: "protecode"}, 114 {FilePattern: "**/protecodeExecuteScan.json", ParamRef: "", StepResultType: "protecode"}, 115 {FilePattern: "**/protecodescan_vulns.json", ParamRef: "", StepResultType: "protecode"}, 116 } 117 envVars := []gcs.EnvVar{ 118 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 119 } 120 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 121 if err != nil { 122 log.Entry().Errorf("creation of GCS client failed: %v", err) 123 return 124 } 125 defer gcsClient.Close() 126 structVal := reflect.ValueOf(&stepConfig).Elem() 127 inputParameters := map[string]string{} 128 for i := 0; i < structVal.NumField(); i++ { 129 field := structVal.Type().Field(i) 130 if field.Type.String() == "string" { 131 paramName := strings.Split(field.Tag.Get("json"), ",") 132 paramValue, _ := structVal.Field(i).Interface().(string) 133 inputParameters[paramName[0]] = paramValue 134 } 135 } 136 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 137 log.Entry().Errorf("failed to persist reports: %v", err) 138 } 139 } 140 141 // ProtecodeExecuteScanCommand Black Duck Binary Analysis (BDBA), previously known as Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family. 142 func ProtecodeExecuteScanCommand() *cobra.Command { 143 const STEP_NAME = "protecodeExecuteScan" 144 145 metadata := protecodeExecuteScanMetadata() 146 var stepConfig protecodeExecuteScanOptions 147 var startTime time.Time 148 var influx protecodeExecuteScanInflux 149 var reports protecodeExecuteScanReports 150 var logCollector *log.CollectorHook 151 var splunkClient *splunk.Splunk 152 telemetryClient := &telemetry.Telemetry{} 153 154 var createProtecodeExecuteScanCmd = &cobra.Command{ 155 Use: STEP_NAME, 156 Short: "Black Duck Binary Analysis (BDBA), previously known as Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family.", 157 Long: `Black Duck Binary Analysis (previously known as Protecode) is an Open Source Vulnerability Scan tool which provides the composition of Open Source components in a product along with Security information (no license info is provided). 158 BDBA (Protecode) uses a combination of static binary analysis techniques to X-ray the provided software package to identify third-party software components and their exact versions with a high level of confidence. Methods range from simple string matching to proprietary patent-pending techniques. 159 160 !!! hint "Auditing findings (Triaging)" 161 Triaging is now supported by the BDBA (Protecode) backend and also Piper does consider this information during the analysis of the scan results though product versions are not supported by BDBA (Protecode). Therefore please make sure that the ` + "`" + `fileName` + "`" + ` you are providing does either contain a stable version or that it does not contain one at all. By ensuring that you are able to triage CVEs globally on the upload file's name without affecting any other artifacts scanned in the same BDBA (Protecode) group and as such triaged vulnerabilities will be considered during the next scan and will not fail the build anymore.`, 162 PreRunE: func(cmd *cobra.Command, _ []string) error { 163 startTime = time.Now() 164 log.SetStepName(STEP_NAME) 165 log.SetVerbose(GeneralConfig.Verbose) 166 167 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 168 169 path, _ := os.Getwd() 170 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 171 log.RegisterHook(fatalHook) 172 173 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 174 if err != nil { 175 log.SetErrorCategory(log.ErrorConfiguration) 176 return err 177 } 178 log.RegisterSecret(stepConfig.ContainerRegistryPassword) 179 log.RegisterSecret(stepConfig.ContainerRegistryUser) 180 log.RegisterSecret(stepConfig.DockerConfigJSON) 181 log.RegisterSecret(stepConfig.Username) 182 log.RegisterSecret(stepConfig.Password) 183 log.RegisterSecret(stepConfig.UserAPIKey) 184 185 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 186 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 187 log.RegisterHook(&sentryHook) 188 } 189 190 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 || len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 191 splunkClient = &splunk.Splunk{} 192 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 193 log.RegisterHook(logCollector) 194 } 195 196 if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { 197 log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") 198 } 199 200 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 201 if err != nil { 202 return err 203 } 204 if err = validation.ValidateStruct(stepConfig); err != nil { 205 log.SetErrorCategory(log.ErrorConfiguration) 206 return err 207 } 208 209 return nil 210 }, 211 Run: func(_ *cobra.Command, _ []string) { 212 stepTelemetryData := telemetry.CustomData{} 213 stepTelemetryData.ErrorCode = "1" 214 handler := func() { 215 influx.persist(GeneralConfig.EnvRootPath, "influx") 216 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 217 config.RemoveVaultSecretFiles() 218 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 219 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 220 stepTelemetryData.PiperCommitHash = GitCommit 221 telemetryClient.SetData(&stepTelemetryData) 222 telemetryClient.Send() 223 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 224 splunkClient.Initialize(GeneralConfig.CorrelationID, 225 GeneralConfig.HookConfig.SplunkConfig.Dsn, 226 GeneralConfig.HookConfig.SplunkConfig.Token, 227 GeneralConfig.HookConfig.SplunkConfig.Index, 228 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 229 splunkClient.Send(telemetryClient.GetData(), logCollector) 230 } 231 if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 232 splunkClient.Initialize(GeneralConfig.CorrelationID, 233 GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, 234 GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, 235 GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, 236 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 237 splunkClient.Send(telemetryClient.GetData(), logCollector) 238 } 239 } 240 log.DeferExitHandler(handler) 241 defer handler() 242 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME, GeneralConfig.HookConfig.PendoConfig.Token) 243 protecodeExecuteScan(stepConfig, &stepTelemetryData, &influx) 244 stepTelemetryData.ErrorCode = "0" 245 log.Entry().Info("SUCCESS") 246 }, 247 } 248 249 addProtecodeExecuteScanFlags(createProtecodeExecuteScanCmd, &stepConfig) 250 return createProtecodeExecuteScanCmd 251 } 252 253 func addProtecodeExecuteScanFlags(cmd *cobra.Command, stepConfig *protecodeExecuteScanOptions) { 254 cmd.Flags().StringVar(&stepConfig.ExcludeCVEs, "excludeCVEs", ``, "DEPRECATED: Do use triaging within the Protecode UI instead") 255 cmd.Flags().BoolVar(&stepConfig.FailOnSevereVulnerabilities, "failOnSevereVulnerabilities", true, "Whether to fail the step on severe vulnerabilties or not") 256 cmd.Flags().StringVar(&stepConfig.ScanImage, "scanImage", os.Getenv("PIPER_scanImage"), "The reference to the docker image to scan with Protecode. Note: If possible please also check [fetchUrl](https://www.project-piper.io/steps/protecodeExecuteScan/#fetchurl) parameter, which might help you to optimize upload time.") 257 cmd.Flags().StringVar(&stepConfig.DockerRegistryURL, "dockerRegistryUrl", os.Getenv("PIPER_dockerRegistryUrl"), "The reference to the docker registry to scan with Protecode") 258 cmd.Flags().StringVar(&stepConfig.ContainerRegistryPassword, "containerRegistryPassword", os.Getenv("PIPER_containerRegistryPassword"), "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment.") 259 cmd.Flags().StringVar(&stepConfig.ContainerRegistryUser, "containerRegistryUser", os.Getenv("PIPER_containerRegistryUser"), "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment.") 260 cmd.Flags().StringVar(&stepConfig.DockerConfigJSON, "dockerConfigJSON", os.Getenv("PIPER_dockerConfigJSON"), "Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).") 261 cmd.Flags().StringVar(&stepConfig.CleanupMode, "cleanupMode", `binary`, "Decides which parts are removed from the Protecode backend after the scan") 262 cmd.Flags().StringVar(&stepConfig.FilePath, "filePath", os.Getenv("PIPER_filePath"), "The path to the file from local workspace to scan with Protecode") 263 cmd.Flags().StringVar(&stepConfig.TimeoutMinutes, "timeoutMinutes", `60`, "The timeout to wait for the scan to finish") 264 cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "The URL to the Protecode backend") 265 cmd.Flags().StringVar(&stepConfig.ReportFileName, "reportFileName", `protecode_report.pdf`, "The file name of the report to be created") 266 cmd.Flags().StringVar(&stepConfig.FetchURL, "fetchUrl", os.Getenv("PIPER_fetchUrl"), "The URL to fetch the file or image to scan with Protecode.") 267 cmd.Flags().StringVar(&stepConfig.Group, "group", os.Getenv("PIPER_group"), "The Protecode group ID of your team") 268 cmd.Flags().BoolVar(&stepConfig.VerifyOnly, "verifyOnly", false, "Whether the step shall only apply verification checks or whether it does a full scan and check cycle") 269 cmd.Flags().IntVar(&stepConfig.ReplaceProductID, "replaceProductId", 0, "Specify <replaceProductId> which application binary will be replaced and rescanned and product id remains unchanged. By using this parameter, Protecode avoids creating multiple same products. Note this will affect results and feeds. If product id is not specified, then Piper starts auto detection mechanism, more precisely it searches a product id with scanned product name in that specified group, if there are several scans have been done with the same product name then the latest scan id will be fetched from BDBA backend. After obtaining product id, Piper re-uploads / replaces new binary without affecting already existing product id.") 270 cmd.Flags().StringVar(&stepConfig.Username, "username", os.Getenv("PIPER_username"), "User which is used for the protecode scan") 271 cmd.Flags().StringVar(&stepConfig.Password, "password", os.Getenv("PIPER_password"), "Password which is used for the user") 272 cmd.Flags().StringVar(&stepConfig.UserAPIKey, "userAPIKey", os.Getenv("PIPER_userAPIKey"), "User API key which is used for API calls. Replacement for username and password / basic authentication.") 273 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "The version of the artifact to allow identification in protecode backend") 274 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "A custom version used along with the uploaded scan results.") 275 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1") 276 cmd.Flags().StringVar(&stepConfig.PullRequestName, "pullRequestName", os.Getenv("PIPER_pullRequestName"), "The name of the pull request") 277 cmd.Flags().StringVar(&stepConfig.CustomDataJSONMap, "customDataJSONMap", os.Getenv("PIPER_customDataJSONMap"), "The JSON map of key-value pairs to be included in this scan's Custom Data (See protecode API).") 278 279 cmd.MarkFlagRequired("serverUrl") 280 cmd.MarkFlagRequired("group") 281 cmd.MarkFlagRequired("username") 282 cmd.MarkFlagRequired("password") 283 } 284 285 // retrieve step metadata 286 func protecodeExecuteScanMetadata() config.StepData { 287 var theMetaData = config.StepData{ 288 Metadata: config.StepMetadata{ 289 Name: "protecodeExecuteScan", 290 Aliases: []config.Alias{}, 291 Description: "Black Duck Binary Analysis (BDBA), previously known as Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family.", 292 }, 293 Spec: config.StepSpec{ 294 Inputs: config.StepInputs{ 295 Secrets: []config.StepSecrets{ 296 {Name: "protecodeCredentialsId", Description: "Jenkins 'Username with password' credentials ID containing username and password to authenticate to the Protecode system.", Type: "jenkins"}, 297 {Name: "protecodeApiKeyCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing API Key/token to authenticate to BDBA server.", Type: "jenkins"}, 298 {Name: "dockerConfigJsonCredentialsId", Description: "Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can create it like explained in [Prerequisites](https://www.project-piper.io/steps/protecodeExecuteScan/#prerequisites).", Type: "jenkins", Aliases: []config.Alias{{Name: "dockerCredentialsId", Deprecated: true}}}, 299 }, 300 Parameters: []config.StepParameters{ 301 { 302 Name: "excludeCVEs", 303 ResourceRef: []config.ResourceReference{}, 304 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 305 Type: "string", 306 Mandatory: false, 307 Aliases: []config.Alias{{Name: "protecodeExcludeCVEs"}}, 308 Default: ``, 309 }, 310 { 311 Name: "failOnSevereVulnerabilities", 312 ResourceRef: []config.ResourceReference{}, 313 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 314 Type: "bool", 315 Mandatory: false, 316 Aliases: []config.Alias{{Name: "protecodeFailOnSevereVulnerabilities"}}, 317 Default: true, 318 }, 319 { 320 Name: "scanImage", 321 ResourceRef: []config.ResourceReference{ 322 { 323 Name: "commonPipelineEnvironment", 324 Param: "container/imageNameTag", 325 }, 326 }, 327 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 328 Type: "string", 329 Mandatory: false, 330 Aliases: []config.Alias{{Name: "dockerImage"}}, 331 Default: os.Getenv("PIPER_scanImage"), 332 }, 333 { 334 Name: "dockerRegistryUrl", 335 ResourceRef: []config.ResourceReference{ 336 { 337 Name: "commonPipelineEnvironment", 338 Param: "container/registryUrl", 339 }, 340 }, 341 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 342 Type: "string", 343 Mandatory: false, 344 Aliases: []config.Alias{}, 345 Default: os.Getenv("PIPER_dockerRegistryUrl"), 346 }, 347 { 348 Name: "containerRegistryPassword", 349 ResourceRef: []config.ResourceReference{ 350 { 351 Name: "commonPipelineEnvironment", 352 Param: "container/repositoryPassword", 353 }, 354 355 { 356 Name: "commonPipelineEnvironment", 357 Param: "custom/repositoryPassword", 358 }, 359 }, 360 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 361 Type: "string", 362 Mandatory: false, 363 Aliases: []config.Alias{}, 364 Default: os.Getenv("PIPER_containerRegistryPassword"), 365 }, 366 { 367 Name: "containerRegistryUser", 368 ResourceRef: []config.ResourceReference{ 369 { 370 Name: "commonPipelineEnvironment", 371 Param: "container/repositoryUsername", 372 }, 373 374 { 375 Name: "commonPipelineEnvironment", 376 Param: "custom/repositoryUsername", 377 }, 378 }, 379 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 380 Type: "string", 381 Mandatory: false, 382 Aliases: []config.Alias{}, 383 Default: os.Getenv("PIPER_containerRegistryUser"), 384 }, 385 { 386 Name: "dockerConfigJSON", 387 ResourceRef: []config.ResourceReference{ 388 { 389 Name: "commonPipelineEnvironment", 390 Param: "custom/dockerConfigJSON", 391 }, 392 393 { 394 Name: "dockerConfigJsonCredentialsId", 395 Type: "secret", 396 }, 397 398 { 399 Name: "dockerConfigFileVaultSecretName", 400 Type: "vaultSecretFile", 401 Default: "docker-config", 402 }, 403 }, 404 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 405 Type: "string", 406 Mandatory: false, 407 Aliases: []config.Alias{}, 408 Default: os.Getenv("PIPER_dockerConfigJSON"), 409 }, 410 { 411 Name: "cleanupMode", 412 ResourceRef: []config.ResourceReference{}, 413 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 414 Type: "string", 415 Mandatory: false, 416 Aliases: []config.Alias{}, 417 Default: `binary`, 418 }, 419 { 420 Name: "filePath", 421 ResourceRef: []config.ResourceReference{}, 422 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 423 Type: "string", 424 Mandatory: false, 425 Aliases: []config.Alias{}, 426 Default: os.Getenv("PIPER_filePath"), 427 }, 428 { 429 Name: "timeoutMinutes", 430 ResourceRef: []config.ResourceReference{}, 431 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 432 Type: "string", 433 Mandatory: false, 434 Aliases: []config.Alias{{Name: "protecodeTimeoutMinutes"}}, 435 Default: `60`, 436 }, 437 { 438 Name: "serverUrl", 439 ResourceRef: []config.ResourceReference{}, 440 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 441 Type: "string", 442 Mandatory: true, 443 Aliases: []config.Alias{{Name: "protecodeServerUrl"}}, 444 Default: os.Getenv("PIPER_serverUrl"), 445 }, 446 { 447 Name: "reportFileName", 448 ResourceRef: []config.ResourceReference{}, 449 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 450 Type: "string", 451 Mandatory: false, 452 Aliases: []config.Alias{}, 453 Default: `protecode_report.pdf`, 454 }, 455 { 456 Name: "fetchUrl", 457 ResourceRef: []config.ResourceReference{}, 458 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 459 Type: "string", 460 Mandatory: false, 461 Aliases: []config.Alias{}, 462 Default: os.Getenv("PIPER_fetchUrl"), 463 }, 464 { 465 Name: "group", 466 ResourceRef: []config.ResourceReference{}, 467 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 468 Type: "string", 469 Mandatory: true, 470 Aliases: []config.Alias{{Name: "protecodeGroup"}}, 471 Default: os.Getenv("PIPER_group"), 472 }, 473 { 474 Name: "verifyOnly", 475 ResourceRef: []config.ResourceReference{}, 476 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 477 Type: "bool", 478 Mandatory: false, 479 Aliases: []config.Alias{{Name: "reuseExisting", Deprecated: true}}, 480 Default: false, 481 }, 482 { 483 Name: "replaceProductId", 484 ResourceRef: []config.ResourceReference{}, 485 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 486 Type: "int", 487 Mandatory: false, 488 Aliases: []config.Alias{}, 489 Default: 0, 490 }, 491 { 492 Name: "username", 493 ResourceRef: []config.ResourceReference{ 494 { 495 Name: "protecodeCredentialsId", 496 Param: "username", 497 Type: "secret", 498 }, 499 500 { 501 Name: "protecodeVaultSecretName", 502 Type: "vaultSecret", 503 Default: "protecode", 504 }, 505 }, 506 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 507 Type: "string", 508 Mandatory: true, 509 Aliases: []config.Alias{{Name: "user", Deprecated: true}}, 510 Default: os.Getenv("PIPER_username"), 511 }, 512 { 513 Name: "password", 514 ResourceRef: []config.ResourceReference{ 515 { 516 Name: "protecodeCredentialsId", 517 Param: "password", 518 Type: "secret", 519 }, 520 521 { 522 Name: "protecodeVaultSecretName", 523 Type: "vaultSecret", 524 Default: "protecode", 525 }, 526 }, 527 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 528 Type: "string", 529 Mandatory: true, 530 Aliases: []config.Alias{}, 531 Default: os.Getenv("PIPER_password"), 532 }, 533 { 534 Name: "userAPIKey", 535 ResourceRef: []config.ResourceReference{ 536 { 537 Name: "protecodeApiKeyCredentialsId", 538 Param: "userAPIKey", 539 Type: "secret", 540 }, 541 542 { 543 Name: "protecodeApiKeyVaultSecretName", 544 Type: "vaultSecret", 545 Default: "protecode", 546 }, 547 }, 548 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 549 Type: "string", 550 Mandatory: false, 551 Aliases: []config.Alias{}, 552 Default: os.Getenv("PIPER_userAPIKey"), 553 }, 554 { 555 Name: "version", 556 ResourceRef: []config.ResourceReference{ 557 { 558 Name: "commonPipelineEnvironment", 559 Param: "artifactVersion", 560 }, 561 }, 562 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 563 Type: "string", 564 Mandatory: false, 565 Aliases: []config.Alias{{Name: "artifactVersion", Deprecated: true}}, 566 Default: os.Getenv("PIPER_version"), 567 }, 568 { 569 Name: "customScanVersion", 570 ResourceRef: []config.ResourceReference{}, 571 Scope: []string{"GENERAL", "STAGES", "STEPS", "PARAMETERS"}, 572 Type: "string", 573 Mandatory: false, 574 Aliases: []config.Alias{}, 575 Default: os.Getenv("PIPER_customScanVersion"), 576 }, 577 { 578 Name: "versioningModel", 579 ResourceRef: []config.ResourceReference{}, 580 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 581 Type: "string", 582 Mandatory: false, 583 Aliases: []config.Alias{}, 584 Default: `major`, 585 }, 586 { 587 Name: "pullRequestName", 588 ResourceRef: []config.ResourceReference{}, 589 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 590 Type: "string", 591 Mandatory: false, 592 Aliases: []config.Alias{}, 593 Default: os.Getenv("PIPER_pullRequestName"), 594 }, 595 { 596 Name: "customDataJSONMap", 597 ResourceRef: []config.ResourceReference{}, 598 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 599 Type: "string", 600 Mandatory: false, 601 Aliases: []config.Alias{}, 602 Default: os.Getenv("PIPER_customDataJSONMap"), 603 }, 604 }, 605 }, 606 Outputs: config.StepOutputs{ 607 Resources: []config.StepResources{ 608 { 609 Name: "influx", 610 Type: "influx", 611 Parameters: []map[string]interface{}{ 612 {"name": "step_data", "fields": []map[string]string{{"name": "protecode"}}}, 613 {"name": "protecode_data", "fields": []map[string]string{{"name": "excluded_vulnerabilities"}, {"name": "historical_vulnerabilities"}, {"name": "major_vulnerabilities"}, {"name": "minor_vulnerabilities"}, {"name": "triaged_vulnerabilities"}, {"name": "vulnerabilities"}}}, 614 }, 615 }, 616 { 617 Name: "reports", 618 Type: "reports", 619 Parameters: []map[string]interface{}{ 620 {"filePattern": "**/toolrun_protecode_*.json", "type": "protecode"}, 621 {"type": "protecode"}, 622 {"filePattern": "**/protecodeExecuteScan.json", "type": "protecode"}, 623 {"filePattern": "**/protecodescan_vulns.json", "type": "protecode"}, 624 }, 625 }, 626 }, 627 }, 628 }, 629 } 630 return theMetaData 631 }