github.com/jaylevin/jenkins-library@v1.230.4/cmd/fortifyExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type fortifyExecuteScanOptions struct { 25 AdditionalScanParameters []string `json:"additionalScanParameters,omitempty"` 26 Assignees []string `json:"assignees,omitempty"` 27 AuthToken string `json:"authToken,omitempty"` 28 BuildDescriptorExcludeList []string `json:"buildDescriptorExcludeList,omitempty"` 29 CustomScanVersion string `json:"customScanVersion,omitempty"` 30 GithubToken string `json:"githubToken,omitempty"` 31 AutoCreate bool `json:"autoCreate,omitempty"` 32 ModulePath string `json:"modulePath,omitempty"` 33 PythonRequirementsFile string `json:"pythonRequirementsFile,omitempty"` 34 AutodetectClasspath bool `json:"autodetectClasspath,omitempty"` 35 MustAuditIssueGroups string `json:"mustAuditIssueGroups,omitempty"` 36 SpotAuditIssueGroups string `json:"spotAuditIssueGroups,omitempty"` 37 PythonRequirementsInstallSuffix string `json:"pythonRequirementsInstallSuffix,omitempty"` 38 PythonVersion string `json:"pythonVersion,omitempty"` 39 UploadResults bool `json:"uploadResults,omitempty"` 40 Version string `json:"version,omitempty"` 41 BuildDescriptorFile string `json:"buildDescriptorFile,omitempty"` 42 CommitID string `json:"commitId,omitempty"` 43 CommitMessage string `json:"commitMessage,omitempty"` 44 GithubAPIURL string `json:"githubApiUrl,omitempty"` 45 Owner string `json:"owner,omitempty"` 46 Repository string `json:"repository,omitempty"` 47 Memory string `json:"memory,omitempty"` 48 UpdateRulePack bool `json:"updateRulePack,omitempty"` 49 ReportDownloadEndpoint string `json:"reportDownloadEndpoint,omitempty"` 50 PollingMinutes int `json:"pollingMinutes,omitempty"` 51 QuickScan bool `json:"quickScan,omitempty"` 52 Translate string `json:"translate,omitempty"` 53 Src []string `json:"src,omitempty"` 54 Exclude []string `json:"exclude,omitempty"` 55 APIEndpoint string `json:"apiEndpoint,omitempty"` 56 ReportType string `json:"reportType,omitempty"` 57 PythonAdditionalPath []string `json:"pythonAdditionalPath,omitempty"` 58 ArtifactURL string `json:"artifactUrl,omitempty"` 59 ConsiderSuspicious bool `json:"considerSuspicious,omitempty"` 60 ConvertToSarif bool `json:"convertToSarif,omitempty"` 61 FprUploadEndpoint string `json:"fprUploadEndpoint,omitempty"` 62 ProjectName string `json:"projectName,omitempty"` 63 Reporting bool `json:"reporting,omitempty"` 64 ServerURL string `json:"serverUrl,omitempty"` 65 PullRequestMessageRegexGroup int `json:"pullRequestMessageRegexGroup,omitempty"` 66 DeltaMinutes int `json:"deltaMinutes,omitempty"` 67 SpotCheckMinimum int `json:"spotCheckMinimum,omitempty"` 68 FprDownloadEndpoint string `json:"fprDownloadEndpoint,omitempty"` 69 VersioningModel string `json:"versioningModel,omitempty" validate:"possible-values=major major-minor semantic full"` 70 PythonInstallCommand string `json:"pythonInstallCommand,omitempty"` 71 ReportTemplateID int `json:"reportTemplateId,omitempty"` 72 FilterSetTitle string `json:"filterSetTitle,omitempty"` 73 PullRequestName string `json:"pullRequestName,omitempty"` 74 PullRequestMessageRegex string `json:"pullRequestMessageRegex,omitempty"` 75 BuildTool string `json:"buildTool,omitempty"` 76 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 77 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 78 M2Path string `json:"m2Path,omitempty"` 79 VerifyOnly bool `json:"verifyOnly,omitempty"` 80 InstallArtifacts bool `json:"installArtifacts,omitempty"` 81 CreateResultIssue bool `json:"createResultIssue,omitempty"` 82 } 83 84 type fortifyExecuteScanInflux struct { 85 step_data struct { 86 fields struct { 87 fortify bool 88 } 89 tags struct { 90 } 91 } 92 fortify_data struct { 93 fields struct { 94 projectID int64 95 projectName string 96 projectVersion string 97 projectVersionID int64 98 violations int 99 corporateTotal int 100 corporateAudited int 101 auditAllTotal int 102 auditAllAudited int 103 spotChecksTotal int 104 spotChecksAudited int 105 spotChecksGap int 106 suspicious int 107 exploitable int 108 suppressed int 109 } 110 tags struct { 111 } 112 } 113 } 114 115 func (i *fortifyExecuteScanInflux) persist(path, resourceName string) { 116 measurementContent := []struct { 117 measurement string 118 valType string 119 name string 120 value interface{} 121 }{ 122 {valType: config.InfluxField, measurement: "step_data", name: "fortify", value: i.step_data.fields.fortify}, 123 {valType: config.InfluxField, measurement: "fortify_data", name: "projectID", value: i.fortify_data.fields.projectID}, 124 {valType: config.InfluxField, measurement: "fortify_data", name: "projectName", value: i.fortify_data.fields.projectName}, 125 {valType: config.InfluxField, measurement: "fortify_data", name: "projectVersion", value: i.fortify_data.fields.projectVersion}, 126 {valType: config.InfluxField, measurement: "fortify_data", name: "projectVersionId", value: i.fortify_data.fields.projectVersionID}, 127 {valType: config.InfluxField, measurement: "fortify_data", name: "violations", value: i.fortify_data.fields.violations}, 128 {valType: config.InfluxField, measurement: "fortify_data", name: "corporateTotal", value: i.fortify_data.fields.corporateTotal}, 129 {valType: config.InfluxField, measurement: "fortify_data", name: "corporateAudited", value: i.fortify_data.fields.corporateAudited}, 130 {valType: config.InfluxField, measurement: "fortify_data", name: "auditAllTotal", value: i.fortify_data.fields.auditAllTotal}, 131 {valType: config.InfluxField, measurement: "fortify_data", name: "auditAllAudited", value: i.fortify_data.fields.auditAllAudited}, 132 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksTotal", value: i.fortify_data.fields.spotChecksTotal}, 133 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksAudited", value: i.fortify_data.fields.spotChecksAudited}, 134 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksGap", value: i.fortify_data.fields.spotChecksGap}, 135 {valType: config.InfluxField, measurement: "fortify_data", name: "suspicious", value: i.fortify_data.fields.suspicious}, 136 {valType: config.InfluxField, measurement: "fortify_data", name: "exploitable", value: i.fortify_data.fields.exploitable}, 137 {valType: config.InfluxField, measurement: "fortify_data", name: "suppressed", value: i.fortify_data.fields.suppressed}, 138 } 139 140 errCount := 0 141 for _, metric := range measurementContent { 142 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 143 if err != nil { 144 log.Entry().WithError(err).Error("Error persisting influx environment.") 145 errCount++ 146 } 147 } 148 if errCount > 0 { 149 log.Entry().Error("failed to persist Influx environment") 150 } 151 } 152 153 type fortifyExecuteScanReports struct { 154 } 155 156 func (p *fortifyExecuteScanReports) persist(stepConfig fortifyExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 157 if gcsBucketId == "" { 158 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 159 return 160 } 161 log.Entry().Info("Uploading reports to Google Cloud Storage...") 162 content := []gcs.ReportOutputParam{ 163 {FilePattern: "**/*.PDF", ParamRef: "", StepResultType: "fortify"}, 164 {FilePattern: "**/*.fpr", ParamRef: "", StepResultType: "fortify"}, 165 {FilePattern: "**/fortify-scan.*", ParamRef: "", StepResultType: "fortify"}, 166 {FilePattern: "**/toolrun_fortify_*.json", ParamRef: "", StepResultType: "fortify"}, 167 {FilePattern: "**/piper_fortify_report.json", ParamRef: "", StepResultType: "fortify"}, 168 {FilePattern: "**/piper_fortify_report.html", ParamRef: "", StepResultType: "fortify"}, 169 } 170 envVars := []gcs.EnvVar{ 171 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 172 } 173 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 174 if err != nil { 175 log.Entry().Errorf("creation of GCS client failed: %v", err) 176 return 177 } 178 defer gcsClient.Close() 179 structVal := reflect.ValueOf(&stepConfig).Elem() 180 inputParameters := map[string]string{} 181 for i := 0; i < structVal.NumField(); i++ { 182 field := structVal.Type().Field(i) 183 if field.Type.String() == "string" { 184 paramName := strings.Split(field.Tag.Get("json"), ",") 185 paramValue, _ := structVal.Field(i).Interface().(string) 186 inputParameters[paramName[0]] = paramValue 187 } 188 } 189 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 190 log.Entry().Errorf("failed to persist reports: %v", err) 191 } 192 } 193 194 // FortifyExecuteScanCommand This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws. 195 func FortifyExecuteScanCommand() *cobra.Command { 196 const STEP_NAME = "fortifyExecuteScan" 197 198 metadata := fortifyExecuteScanMetadata() 199 var stepConfig fortifyExecuteScanOptions 200 var startTime time.Time 201 var influx fortifyExecuteScanInflux 202 var reports fortifyExecuteScanReports 203 var logCollector *log.CollectorHook 204 var splunkClient *splunk.Splunk 205 telemetryClient := &telemetry.Telemetry{} 206 207 var createFortifyExecuteScanCmd = &cobra.Command{ 208 Use: STEP_NAME, 209 Short: "This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.", 210 Long: `This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws. 211 212 The Fortify step triggers a scan locally on your Jenkins within a docker container so finally you have to supply a docker image with a Fortify SCA 213 and Java plus Maven / Gradle or alternatively Python installed into it for being able to perform any scans. 214 !!! hint "Scanning MTA projects" 215 Build type ` + "`" + `maven` + "`" + ` requires a so called aggregator pom which includes all modules to be scanned. If used in a mta-project which includes non-java submodules as maven dependency (e.g. node via frontend-maven-plugin), exclude those by specifying java path explicitly, e.g. ` + "`" + `java/**/src/main/java/**/*` + "`" + `. 216 217 Besides triggering a scan the step verifies the results after they have been uploaded and processed by the Fortify SSC. By default the following KPIs are enforced: 218 * All issues must be audited from the Corporate Security Requirements folder. 219 * All issues must be audited from the Audit All folder. 220 * At least one issue per category must be audited from the Spot Checks of Each Category folder. 221 * Nothing needs to be audited from the Optional folder.`, 222 PreRunE: func(cmd *cobra.Command, _ []string) error { 223 startTime = time.Now() 224 log.SetStepName(STEP_NAME) 225 log.SetVerbose(GeneralConfig.Verbose) 226 227 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 228 229 path, _ := os.Getwd() 230 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 231 log.RegisterHook(fatalHook) 232 233 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 234 if err != nil { 235 log.SetErrorCategory(log.ErrorConfiguration) 236 return err 237 } 238 log.RegisterSecret(stepConfig.AuthToken) 239 log.RegisterSecret(stepConfig.GithubToken) 240 241 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 242 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 243 log.RegisterHook(&sentryHook) 244 } 245 246 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 247 splunkClient = &splunk.Splunk{} 248 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 249 log.RegisterHook(logCollector) 250 } 251 252 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 253 if err != nil { 254 return err 255 } 256 if err = validation.ValidateStruct(stepConfig); err != nil { 257 log.SetErrorCategory(log.ErrorConfiguration) 258 return err 259 } 260 261 return nil 262 }, 263 Run: func(_ *cobra.Command, _ []string) { 264 stepTelemetryData := telemetry.CustomData{} 265 stepTelemetryData.ErrorCode = "1" 266 handler := func() { 267 influx.persist(GeneralConfig.EnvRootPath, "influx") 268 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 269 config.RemoveVaultSecretFiles() 270 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 271 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 272 stepTelemetryData.PiperCommitHash = GitCommit 273 telemetryClient.SetData(&stepTelemetryData) 274 telemetryClient.Send() 275 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 276 splunkClient.Send(telemetryClient.GetData(), logCollector) 277 } 278 } 279 log.DeferExitHandler(handler) 280 defer handler() 281 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 282 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 283 splunkClient.Initialize(GeneralConfig.CorrelationID, 284 GeneralConfig.HookConfig.SplunkConfig.Dsn, 285 GeneralConfig.HookConfig.SplunkConfig.Token, 286 GeneralConfig.HookConfig.SplunkConfig.Index, 287 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 288 } 289 fortifyExecuteScan(stepConfig, &stepTelemetryData, &influx) 290 stepTelemetryData.ErrorCode = "0" 291 log.Entry().Info("SUCCESS") 292 }, 293 } 294 295 addFortifyExecuteScanFlags(createFortifyExecuteScanCmd, &stepConfig) 296 return createFortifyExecuteScanCmd 297 } 298 299 func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteScanOptions) { 300 cmd.Flags().StringSliceVar(&stepConfig.AdditionalScanParameters, "additionalScanParameters", []string{}, "List of additional scan parameters to be used for Fortify sourceanalyzer command execution.") 301 cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.") 302 cmd.Flags().StringVar(&stepConfig.AuthToken, "authToken", os.Getenv("PIPER_authToken"), "The FortifyToken to use for authentication") 303 cmd.Flags().StringSliceVar(&stepConfig.BuildDescriptorExcludeList, "buildDescriptorExcludeList", []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, "List of build descriptors and therefore modules to exclude from the scan and assessment activities.") 304 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "Custom version of the Fortify project used as source.") 305 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 306 cmd.Flags().BoolVar(&stepConfig.AutoCreate, "autoCreate", false, "Whether Fortify project and project version shall be implicitly auto created in case they cannot be found in the backend") 307 cmd.Flags().StringVar(&stepConfig.ModulePath, "modulePath", `./`, "Allows providing the path for the module to scan") 308 cmd.Flags().StringVar(&stepConfig.PythonRequirementsFile, "pythonRequirementsFile", os.Getenv("PIPER_pythonRequirementsFile"), "The requirements file used in `buildTool: 'pip'` to populate the build environment with the necessary dependencies") 309 cmd.Flags().BoolVar(&stepConfig.AutodetectClasspath, "autodetectClasspath", true, "Whether the classpath is automatically determined via build tool i.e. maven or pip or not at all") 310 cmd.Flags().StringVar(&stepConfig.MustAuditIssueGroups, "mustAuditIssueGroups", `Corporate Security Requirements, Audit All`, "Comma separated list of issue groups that must be audited completely") 311 cmd.Flags().StringVar(&stepConfig.SpotAuditIssueGroups, "spotAuditIssueGroups", `Spot Checks of Each Category`, "Comma separated list of issue groups that are spot checked and for which `spotCheckMinimum` audited issues are enforced") 312 cmd.Flags().StringVar(&stepConfig.PythonRequirementsInstallSuffix, "pythonRequirementsInstallSuffix", os.Getenv("PIPER_pythonRequirementsInstallSuffix"), "The suffix for the command used to install the requirements file in `buildTool: 'pip'` to populate the build environment with the necessary dependencies") 313 cmd.Flags().StringVar(&stepConfig.PythonVersion, "pythonVersion", `python3`, "Python version to be used in `buildTool: 'pip'`") 314 cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", true, "Whether results shall be uploaded or not") 315 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Version used in conjunction with [`versioningModel`](#versioningModel) to identify the Fortify project to be created and used for results aggregation.") 316 cmd.Flags().StringVar(&stepConfig.BuildDescriptorFile, "buildDescriptorFile", `./pom.xml`, "Path to the build descriptor file addressing the module/folder to be scanned.") 317 cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "Set the Git commit ID for identifying artifacts throughout the scan.") 318 cmd.Flags().StringVar(&stepConfig.CommitMessage, "commitMessage", os.Getenv("PIPER_commitMessage"), "Set the Git commit message for identifying pull request merges throughout the scan.") 319 cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") 320 cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Set the GitHub organization.") 321 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Set the GitHub repository.") 322 cmd.Flags().StringVar(&stepConfig.Memory, "memory", `-Xmx4G -Xms512M`, "The amount of memory granted to the translate/scan executions") 323 cmd.Flags().BoolVar(&stepConfig.UpdateRulePack, "updateRulePack", true, "Whether the rule pack shall be updated and pulled from Fortify SSC before scanning or not") 324 cmd.Flags().StringVar(&stepConfig.ReportDownloadEndpoint, "reportDownloadEndpoint", `/transfer/reportDownload.html`, "Fortify SSC endpoint for Report downloads") 325 cmd.Flags().IntVar(&stepConfig.PollingMinutes, "pollingMinutes", 30, "The number of minutes for which an uploaded FPR artifact''s status is being polled to finish queuing/processing, if exceeded polling will be stopped and an error will be thrown") 326 cmd.Flags().BoolVar(&stepConfig.QuickScan, "quickScan", false, "Whether a quick scan should be performed, please consult the related Fortify documentation on JAM on the impact of this setting") 327 cmd.Flags().StringVar(&stepConfig.Translate, "translate", os.Getenv("PIPER_translate"), "Options for translate phase of Fortify. Most likely, you do not need to set this parameter. See src, exclude. If `'src'` and `'exclude'` are set they are automatically used. Technical details: It has to be a JSON string of list of maps with required key `'src'`, and optional keys `'exclude'`, `'libDirs'`, `'aspnetcore'`, and `'dotNetCoreVersion'`") 328 cmd.Flags().StringSliceVar(&stepConfig.Src, "src", []string{}, "A list of source directories to scan. Wildcards can be used, e.g., `'src/main/java/**/*'`. If `'translate'` is set, this will ignored. The default value for `buildTool: 'maven'` is `['**/*.xml', '**/*.html', '**/*.jsp', '**/*.js', '**/src/main/resources/**/*', '**/src/main/java/**/*', '**/target/main/java/**/*', '**/target/main/resources/**/*', '**/target/generated-sources/**/*']`, for `buildTool: 'pip'` it is `['./**/*']`.") 329 cmd.Flags().StringSliceVar(&stepConfig.Exclude, "exclude", []string{}, "A list of directories/files to be excluded from the scan. Wildcards can be used, e.g., `'**/Test.java'`. If `translate` is set, this will ignored. The default value for `buildTool: 'maven'` is `['**/src/test/**/*']`, for `buildTool: 'pip'` it is `['./**/tests/**/*', './**/setup.py']`.") 330 cmd.Flags().StringVar(&stepConfig.APIEndpoint, "apiEndpoint", `/api/v1`, "Fortify SSC endpoint used for uploading the scan results and checking the audit state") 331 cmd.Flags().StringVar(&stepConfig.ReportType, "reportType", `PDF`, "The type of report to be generated") 332 cmd.Flags().StringSliceVar(&stepConfig.PythonAdditionalPath, "pythonAdditionalPath", []string{`./lib`, `.`}, "A list of additional paths which can be used in `buildTool: 'pip'` for customization purposes") 333 cmd.Flags().StringVar(&stepConfig.ArtifactURL, "artifactUrl", os.Getenv("PIPER_artifactUrl"), "Path/URL pointing to an additional artifact repository for resolution of additional artifacts during the build") 334 cmd.Flags().BoolVar(&stepConfig.ConsiderSuspicious, "considerSuspicious", true, "Whether suspicious issues should trigger the check to fail or not") 335 cmd.Flags().BoolVar(&stepConfig.ConvertToSarif, "convertToSarif", false, "[BETA] Convert the proprietary format of Fortify scan results to the open SARIF standard. Uploaded through Cumulus later on.") 336 cmd.Flags().StringVar(&stepConfig.FprUploadEndpoint, "fprUploadEndpoint", `/upload/resultFileUpload.html`, "Fortify SSC endpoint for FPR uploads") 337 cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", `{{list .GroupID .ArtifactID | join "-" | trimAll "-"}}`, "The project used for reporting results in SSC") 338 cmd.Flags().BoolVar(&stepConfig.Reporting, "reporting", false, "Influences whether a report is generated or not") 339 cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Fortify SSC Url to be used for accessing the APIs") 340 cmd.Flags().IntVar(&stepConfig.PullRequestMessageRegexGroup, "pullRequestMessageRegexGroup", 1, "The group number for extracting the pull request id in `'pullRequestMessageRegex'`") 341 cmd.Flags().IntVar(&stepConfig.DeltaMinutes, "deltaMinutes", 5, "The number of minutes for which an uploaded FPR artifact is considered to be recent and healthy, if exceeded an error will be thrown") 342 cmd.Flags().IntVar(&stepConfig.SpotCheckMinimum, "spotCheckMinimum", 1, "The minimum number of issues that must be audited per category in the `Spot Checks of each Category` folder to avoid an error being thrown") 343 cmd.Flags().StringVar(&stepConfig.FprDownloadEndpoint, "fprDownloadEndpoint", `/download/currentStateFprDownload.html`, "Fortify SSC endpoint for FPR downloads") 344 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`") 345 cmd.Flags().StringVar(&stepConfig.PythonInstallCommand, "pythonInstallCommand", `{{.Pip}} install --user .`, "Additional install command that can be run when `buildTool: 'pip'` is used which allows further customizing the execution environment of the scan") 346 cmd.Flags().IntVar(&stepConfig.ReportTemplateID, "reportTemplateId", 18, "Report template ID to be used for generating the Fortify report") 347 cmd.Flags().StringVar(&stepConfig.FilterSetTitle, "filterSetTitle", `SAP`, "Title of the filter set to use for analysing the results") 348 cmd.Flags().StringVar(&stepConfig.PullRequestName, "pullRequestName", os.Getenv("PIPER_pullRequestName"), "The name of the pull request branch which will trigger creation of a new version in Fortify SSC based on the master branch version") 349 cmd.Flags().StringVar(&stepConfig.PullRequestMessageRegex, "pullRequestMessageRegex", `.*Merge pull request #(\\d+) from.*`, "Regex used to identify the PR-XXX reference within the merge commit message") 350 cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Scan type used for the step which can be `'maven'`, `'pip'` or `'gradle'`") 351 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.") 352 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.") 353 cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.") 354 cmd.Flags().BoolVar(&stepConfig.VerifyOnly, "verifyOnly", false, "Whether the step shall only apply verification checks or whether it does a full scan and check cycle") 355 cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running Fortify. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.") 356 cmd.Flags().BoolVar(&stepConfig.CreateResultIssue, "createResultIssue", false, "Activate creation of a result issue in GitHub.") 357 358 cmd.MarkFlagRequired("authToken") 359 cmd.Flags().MarkDeprecated("pythonAdditionalPath", "this is deprecated") 360 cmd.MarkFlagRequired("serverUrl") 361 } 362 363 // retrieve step metadata 364 func fortifyExecuteScanMetadata() config.StepData { 365 var theMetaData = config.StepData{ 366 Metadata: config.StepMetadata{ 367 Name: "fortifyExecuteScan", 368 Aliases: []config.Alias{}, 369 Description: "This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.", 370 }, 371 Spec: config.StepSpec{ 372 Inputs: config.StepInputs{ 373 Secrets: []config.StepSecrets{ 374 {Name: "fortifyCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to Fortify SSC.", Type: "jenkins"}, 375 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 376 }, 377 Resources: []config.StepResources{ 378 {Name: "commonPipelineEnvironment"}, 379 {Name: "buildDescriptor", Type: "stash"}, 380 {Name: "deployDescriptor", Type: "stash"}, 381 {Name: "tests", Type: "stash"}, 382 {Name: "opensourceConfiguration", Type: "stash"}, 383 }, 384 Parameters: []config.StepParameters{ 385 { 386 Name: "additionalScanParameters", 387 ResourceRef: []config.ResourceReference{}, 388 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 389 Type: "[]string", 390 Mandatory: false, 391 Aliases: []config.Alias{}, 392 Default: []string{}, 393 }, 394 { 395 Name: "assignees", 396 ResourceRef: []config.ResourceReference{}, 397 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 398 Type: "[]string", 399 Mandatory: false, 400 Aliases: []config.Alias{}, 401 Default: []string{``}, 402 }, 403 { 404 Name: "authToken", 405 ResourceRef: []config.ResourceReference{ 406 { 407 Name: "fortifyCredentialsId", 408 Type: "secret", 409 }, 410 411 { 412 Name: "fortifyVaultSecretName", 413 Type: "vaultSecret", 414 Default: "fortify", 415 }, 416 }, 417 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 418 Type: "string", 419 Mandatory: true, 420 Aliases: []config.Alias{}, 421 Default: os.Getenv("PIPER_authToken"), 422 }, 423 { 424 Name: "buildDescriptorExcludeList", 425 ResourceRef: []config.ResourceReference{}, 426 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 427 Type: "[]string", 428 Mandatory: false, 429 Aliases: []config.Alias{}, 430 Default: []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, 431 }, 432 { 433 Name: "customScanVersion", 434 ResourceRef: []config.ResourceReference{}, 435 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 436 Type: "string", 437 Mandatory: false, 438 Aliases: []config.Alias{}, 439 Default: os.Getenv("PIPER_customScanVersion"), 440 }, 441 { 442 Name: "githubToken", 443 ResourceRef: []config.ResourceReference{ 444 { 445 Name: "githubTokenCredentialsId", 446 Type: "secret", 447 }, 448 449 { 450 Name: "githubVaultSecretName", 451 Type: "vaultSecret", 452 Default: "github", 453 }, 454 }, 455 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 456 Type: "string", 457 Mandatory: false, 458 Aliases: []config.Alias{{Name: "access_token"}}, 459 Default: os.Getenv("PIPER_githubToken"), 460 }, 461 { 462 Name: "autoCreate", 463 ResourceRef: []config.ResourceReference{}, 464 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 465 Type: "bool", 466 Mandatory: false, 467 Aliases: []config.Alias{}, 468 Default: false, 469 }, 470 { 471 Name: "modulePath", 472 ResourceRef: []config.ResourceReference{}, 473 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 474 Type: "string", 475 Mandatory: false, 476 Aliases: []config.Alias{}, 477 Default: `./`, 478 }, 479 { 480 Name: "pythonRequirementsFile", 481 ResourceRef: []config.ResourceReference{}, 482 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 483 Type: "string", 484 Mandatory: false, 485 Aliases: []config.Alias{}, 486 Default: os.Getenv("PIPER_pythonRequirementsFile"), 487 }, 488 { 489 Name: "autodetectClasspath", 490 ResourceRef: []config.ResourceReference{}, 491 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 492 Type: "bool", 493 Mandatory: false, 494 Aliases: []config.Alias{}, 495 Default: true, 496 }, 497 { 498 Name: "mustAuditIssueGroups", 499 ResourceRef: []config.ResourceReference{}, 500 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 501 Type: "string", 502 Mandatory: false, 503 Aliases: []config.Alias{}, 504 Default: `Corporate Security Requirements, Audit All`, 505 }, 506 { 507 Name: "spotAuditIssueGroups", 508 ResourceRef: []config.ResourceReference{}, 509 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 510 Type: "string", 511 Mandatory: false, 512 Aliases: []config.Alias{}, 513 Default: `Spot Checks of Each Category`, 514 }, 515 { 516 Name: "pythonRequirementsInstallSuffix", 517 ResourceRef: []config.ResourceReference{}, 518 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 519 Type: "string", 520 Mandatory: false, 521 Aliases: []config.Alias{}, 522 Default: os.Getenv("PIPER_pythonRequirementsInstallSuffix"), 523 }, 524 { 525 Name: "pythonVersion", 526 ResourceRef: []config.ResourceReference{}, 527 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 528 Type: "string", 529 Mandatory: false, 530 Aliases: []config.Alias{}, 531 Default: `python3`, 532 }, 533 { 534 Name: "uploadResults", 535 ResourceRef: []config.ResourceReference{}, 536 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 537 Type: "bool", 538 Mandatory: false, 539 Aliases: []config.Alias{}, 540 Default: true, 541 }, 542 { 543 Name: "version", 544 ResourceRef: []config.ResourceReference{ 545 { 546 Name: "commonPipelineEnvironment", 547 Param: "artifactVersion", 548 }, 549 }, 550 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 551 Type: "string", 552 Mandatory: false, 553 Aliases: []config.Alias{{Name: "fortifyProjectVersion", Deprecated: true}}, 554 Default: os.Getenv("PIPER_version"), 555 }, 556 { 557 Name: "buildDescriptorFile", 558 ResourceRef: []config.ResourceReference{}, 559 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 560 Type: "string", 561 Mandatory: false, 562 Aliases: []config.Alias{}, 563 Default: `./pom.xml`, 564 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "maven"}}}}, 565 }, 566 { 567 Name: "buildDescriptorFile", 568 ResourceRef: []config.ResourceReference{}, 569 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 570 Type: "string", 571 Mandatory: false, 572 Aliases: []config.Alias{}, 573 Default: `./setup.py`, 574 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "pip"}}}}, 575 }, 576 { 577 Name: "buildDescriptorFile", 578 ResourceRef: []config.ResourceReference{}, 579 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 580 Type: "string", 581 Mandatory: false, 582 Aliases: []config.Alias{}, 583 Default: `./build.gradle`, 584 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "gradle"}}}}, 585 }, 586 { 587 Name: "commitId", 588 ResourceRef: []config.ResourceReference{ 589 { 590 Name: "commonPipelineEnvironment", 591 Param: "git/commitId", 592 }, 593 }, 594 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 595 Type: "string", 596 Mandatory: false, 597 Aliases: []config.Alias{}, 598 Default: os.Getenv("PIPER_commitId"), 599 }, 600 { 601 Name: "commitMessage", 602 ResourceRef: []config.ResourceReference{ 603 { 604 Name: "commonPipelineEnvironment", 605 Param: "git/commitMessage", 606 }, 607 }, 608 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 609 Type: "string", 610 Mandatory: false, 611 Aliases: []config.Alias{}, 612 Default: os.Getenv("PIPER_commitMessage"), 613 }, 614 { 615 Name: "githubApiUrl", 616 ResourceRef: []config.ResourceReference{}, 617 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 618 Type: "string", 619 Mandatory: false, 620 Aliases: []config.Alias{}, 621 Default: `https://api.github.com`, 622 }, 623 { 624 Name: "owner", 625 ResourceRef: []config.ResourceReference{ 626 { 627 Name: "commonPipelineEnvironment", 628 Param: "github/owner", 629 }, 630 }, 631 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 632 Type: "string", 633 Mandatory: false, 634 Aliases: []config.Alias{{Name: "githubOrg"}}, 635 Default: os.Getenv("PIPER_owner"), 636 }, 637 { 638 Name: "repository", 639 ResourceRef: []config.ResourceReference{ 640 { 641 Name: "commonPipelineEnvironment", 642 Param: "github/repository", 643 }, 644 }, 645 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 646 Type: "string", 647 Mandatory: false, 648 Aliases: []config.Alias{{Name: "githubRepo"}}, 649 Default: os.Getenv("PIPER_repository"), 650 }, 651 { 652 Name: "memory", 653 ResourceRef: []config.ResourceReference{}, 654 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 655 Type: "string", 656 Mandatory: false, 657 Aliases: []config.Alias{}, 658 Default: `-Xmx4G -Xms512M`, 659 }, 660 { 661 Name: "updateRulePack", 662 ResourceRef: []config.ResourceReference{}, 663 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 664 Type: "bool", 665 Mandatory: false, 666 Aliases: []config.Alias{}, 667 Default: true, 668 }, 669 { 670 Name: "reportDownloadEndpoint", 671 ResourceRef: []config.ResourceReference{}, 672 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 673 Type: "string", 674 Mandatory: false, 675 Aliases: []config.Alias{{Name: "fortifyReportDownloadEndpoint"}}, 676 Default: `/transfer/reportDownload.html`, 677 }, 678 { 679 Name: "pollingMinutes", 680 ResourceRef: []config.ResourceReference{}, 681 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 682 Type: "int", 683 Mandatory: false, 684 Aliases: []config.Alias{}, 685 Default: 30, 686 }, 687 { 688 Name: "quickScan", 689 ResourceRef: []config.ResourceReference{}, 690 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 691 Type: "bool", 692 Mandatory: false, 693 Aliases: []config.Alias{}, 694 Default: false, 695 }, 696 { 697 Name: "translate", 698 ResourceRef: []config.ResourceReference{}, 699 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 700 Type: "string", 701 Mandatory: false, 702 Aliases: []config.Alias{}, 703 Default: os.Getenv("PIPER_translate"), 704 }, 705 { 706 Name: "src", 707 ResourceRef: []config.ResourceReference{}, 708 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 709 Type: "[]string", 710 Mandatory: false, 711 Aliases: []config.Alias{}, 712 Default: []string{}, 713 }, 714 { 715 Name: "exclude", 716 ResourceRef: []config.ResourceReference{}, 717 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 718 Type: "[]string", 719 Mandatory: false, 720 Aliases: []config.Alias{}, 721 Default: []string{}, 722 }, 723 { 724 Name: "apiEndpoint", 725 ResourceRef: []config.ResourceReference{}, 726 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 727 Type: "string", 728 Mandatory: false, 729 Aliases: []config.Alias{{Name: "fortifyApiEndpoint"}}, 730 Default: `/api/v1`, 731 }, 732 { 733 Name: "reportType", 734 ResourceRef: []config.ResourceReference{}, 735 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 736 Type: "string", 737 Mandatory: false, 738 Aliases: []config.Alias{}, 739 Default: `PDF`, 740 }, 741 { 742 Name: "pythonAdditionalPath", 743 ResourceRef: []config.ResourceReference{}, 744 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 745 Type: "[]string", 746 Mandatory: false, 747 Aliases: []config.Alias{}, 748 Default: []string{`./lib`, `.`}, 749 DeprecationMessage: "this is deprecated", 750 }, 751 { 752 Name: "artifactUrl", 753 ResourceRef: []config.ResourceReference{}, 754 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 755 Type: "string", 756 Mandatory: false, 757 Aliases: []config.Alias{}, 758 Default: os.Getenv("PIPER_artifactUrl"), 759 }, 760 { 761 Name: "considerSuspicious", 762 ResourceRef: []config.ResourceReference{}, 763 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 764 Type: "bool", 765 Mandatory: false, 766 Aliases: []config.Alias{}, 767 Default: true, 768 }, 769 { 770 Name: "convertToSarif", 771 ResourceRef: []config.ResourceReference{}, 772 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 773 Type: "bool", 774 Mandatory: false, 775 Aliases: []config.Alias{}, 776 Default: false, 777 }, 778 { 779 Name: "fprUploadEndpoint", 780 ResourceRef: []config.ResourceReference{}, 781 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 782 Type: "string", 783 Mandatory: false, 784 Aliases: []config.Alias{{Name: "fortifyFprUploadEndpoint"}}, 785 Default: `/upload/resultFileUpload.html`, 786 }, 787 { 788 Name: "projectName", 789 ResourceRef: []config.ResourceReference{}, 790 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 791 Type: "string", 792 Mandatory: false, 793 Aliases: []config.Alias{{Name: "fortifyProjectName"}}, 794 Default: `{{list .GroupID .ArtifactID | join "-" | trimAll "-"}}`, 795 }, 796 { 797 Name: "reporting", 798 ResourceRef: []config.ResourceReference{}, 799 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 800 Type: "bool", 801 Mandatory: false, 802 Aliases: []config.Alias{}, 803 Default: false, 804 }, 805 { 806 Name: "serverUrl", 807 ResourceRef: []config.ResourceReference{}, 808 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 809 Type: "string", 810 Mandatory: true, 811 Aliases: []config.Alias{{Name: "fortifyServerUrl"}, {Name: "sscUrl", Deprecated: true}}, 812 Default: os.Getenv("PIPER_serverUrl"), 813 }, 814 { 815 Name: "pullRequestMessageRegexGroup", 816 ResourceRef: []config.ResourceReference{}, 817 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 818 Type: "int", 819 Mandatory: false, 820 Aliases: []config.Alias{}, 821 Default: 1, 822 }, 823 { 824 Name: "deltaMinutes", 825 ResourceRef: []config.ResourceReference{}, 826 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 827 Type: "int", 828 Mandatory: false, 829 Aliases: []config.Alias{}, 830 Default: 5, 831 }, 832 { 833 Name: "spotCheckMinimum", 834 ResourceRef: []config.ResourceReference{}, 835 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 836 Type: "int", 837 Mandatory: false, 838 Aliases: []config.Alias{}, 839 Default: 1, 840 }, 841 { 842 Name: "fprDownloadEndpoint", 843 ResourceRef: []config.ResourceReference{}, 844 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 845 Type: "string", 846 Mandatory: false, 847 Aliases: []config.Alias{{Name: "fortifyFprDownloadEndpoint"}}, 848 Default: `/download/currentStateFprDownload.html`, 849 }, 850 { 851 Name: "versioningModel", 852 ResourceRef: []config.ResourceReference{}, 853 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 854 Type: "string", 855 Mandatory: false, 856 Aliases: []config.Alias{{Name: "defaultVersioningModel", Deprecated: true}}, 857 Default: `major`, 858 }, 859 { 860 Name: "pythonInstallCommand", 861 ResourceRef: []config.ResourceReference{}, 862 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 863 Type: "string", 864 Mandatory: false, 865 Aliases: []config.Alias{}, 866 Default: `{{.Pip}} install --user .`, 867 }, 868 { 869 Name: "reportTemplateId", 870 ResourceRef: []config.ResourceReference{}, 871 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 872 Type: "int", 873 Mandatory: false, 874 Aliases: []config.Alias{}, 875 Default: 18, 876 }, 877 { 878 Name: "filterSetTitle", 879 ResourceRef: []config.ResourceReference{}, 880 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 881 Type: "string", 882 Mandatory: false, 883 Aliases: []config.Alias{}, 884 Default: `SAP`, 885 }, 886 { 887 Name: "pullRequestName", 888 ResourceRef: []config.ResourceReference{}, 889 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 890 Type: "string", 891 Mandatory: false, 892 Aliases: []config.Alias{}, 893 Default: os.Getenv("PIPER_pullRequestName"), 894 }, 895 { 896 Name: "pullRequestMessageRegex", 897 ResourceRef: []config.ResourceReference{}, 898 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 899 Type: "string", 900 Mandatory: false, 901 Aliases: []config.Alias{}, 902 Default: `.*Merge pull request #(\\d+) from.*`, 903 }, 904 { 905 Name: "buildTool", 906 ResourceRef: []config.ResourceReference{}, 907 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 908 Type: "string", 909 Mandatory: false, 910 Aliases: []config.Alias{}, 911 Default: `maven`, 912 }, 913 { 914 Name: "projectSettingsFile", 915 ResourceRef: []config.ResourceReference{}, 916 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 917 Type: "string", 918 Mandatory: false, 919 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 920 Default: os.Getenv("PIPER_projectSettingsFile"), 921 }, 922 { 923 Name: "globalSettingsFile", 924 ResourceRef: []config.ResourceReference{}, 925 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 926 Type: "string", 927 Mandatory: false, 928 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 929 Default: os.Getenv("PIPER_globalSettingsFile"), 930 }, 931 { 932 Name: "m2Path", 933 ResourceRef: []config.ResourceReference{}, 934 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 935 Type: "string", 936 Mandatory: false, 937 Aliases: []config.Alias{{Name: "maven/m2Path"}}, 938 Default: os.Getenv("PIPER_m2Path"), 939 }, 940 { 941 Name: "verifyOnly", 942 ResourceRef: []config.ResourceReference{}, 943 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 944 Type: "bool", 945 Mandatory: false, 946 Aliases: []config.Alias{}, 947 Default: false, 948 }, 949 { 950 Name: "installArtifacts", 951 ResourceRef: []config.ResourceReference{}, 952 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 953 Type: "bool", 954 Mandatory: false, 955 Aliases: []config.Alias{}, 956 Default: false, 957 }, 958 { 959 Name: "createResultIssue", 960 ResourceRef: []config.ResourceReference{ 961 { 962 Name: "commonPipelineEnvironment", 963 Param: "custom/isOptimizedAndScheduled", 964 }, 965 }, 966 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 967 Type: "bool", 968 Mandatory: false, 969 Aliases: []config.Alias{}, 970 Default: false, 971 }, 972 }, 973 }, 974 Containers: []config.Container{ 975 {}, 976 }, 977 Outputs: config.StepOutputs{ 978 Resources: []config.StepResources{ 979 { 980 Name: "influx", 981 Type: "influx", 982 Parameters: []map[string]interface{}{ 983 {"name": "step_data", "fields": []map[string]string{{"name": "fortify"}}}, 984 {"name": "fortify_data", "fields": []map[string]string{{"name": "projectID"}, {"name": "projectName"}, {"name": "projectVersion"}, {"name": "projectVersionId"}, {"name": "violations"}, {"name": "corporateTotal"}, {"name": "corporateAudited"}, {"name": "auditAllTotal"}, {"name": "auditAllAudited"}, {"name": "spotChecksTotal"}, {"name": "spotChecksAudited"}, {"name": "spotChecksGap"}, {"name": "suspicious"}, {"name": "exploitable"}, {"name": "suppressed"}}}, 985 }, 986 }, 987 { 988 Name: "reports", 989 Type: "reports", 990 Parameters: []map[string]interface{}{ 991 {"filePattern": "**/*.PDF", "type": "fortify"}, 992 {"filePattern": "**/*.fpr", "type": "fortify"}, 993 {"filePattern": "**/fortify-scan.*", "type": "fortify"}, 994 {"filePattern": "**/toolrun_fortify_*.json", "type": "fortify"}, 995 {"filePattern": "**/piper_fortify_report.json", "type": "fortify"}, 996 {"filePattern": "**/piper_fortify_report.html", "type": "fortify"}, 997 }, 998 }, 999 }, 1000 }, 1001 }, 1002 } 1003 return theMetaData 1004 }