github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/cmd/detectExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type detectExecuteScanOptions struct { 25 Token string `json:"token,omitempty"` 26 CodeLocation string `json:"codeLocation,omitempty"` 27 ProjectName string `json:"projectName,omitempty"` 28 Scanners []string `json:"scanners,omitempty" validate:"possible-values=signature source"` 29 ScanPaths []string `json:"scanPaths,omitempty"` 30 DependencyPath string `json:"dependencyPath,omitempty"` 31 Unmap bool `json:"unmap,omitempty"` 32 ScanProperties []string `json:"scanProperties,omitempty"` 33 ServerURL string `json:"serverUrl,omitempty"` 34 Groups []string `json:"groups,omitempty"` 35 FailOn []string `json:"failOn,omitempty" validate:"possible-values=ALL BLOCKER CRITICAL MAJOR MINOR NONE"` 36 VersioningModel string `json:"versioningModel,omitempty" validate:"possible-values=major major-minor semantic full"` 37 Version string `json:"version,omitempty"` 38 CustomScanVersion string `json:"customScanVersion,omitempty"` 39 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 40 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 41 M2Path string `json:"m2Path,omitempty"` 42 InstallArtifacts bool `json:"installArtifacts,omitempty"` 43 IncludedPackageManagers []string `json:"includedPackageManagers,omitempty"` 44 ExcludedPackageManagers []string `json:"excludedPackageManagers,omitempty"` 45 MavenExcludedScopes []string `json:"mavenExcludedScopes,omitempty"` 46 DetectTools []string `json:"detectTools,omitempty"` 47 ScanOnChanges bool `json:"scanOnChanges,omitempty"` 48 UseDetect7 bool `json:"useDetect7,omitempty"` 49 UseDetect8 bool `json:"useDetect8,omitempty"` 50 SuccessOnSkip bool `json:"successOnSkip,omitempty"` 51 CustomEnvironmentVariables []string `json:"customEnvironmentVariables,omitempty"` 52 MinScanInterval int `json:"minScanInterval,omitempty"` 53 GithubToken string `json:"githubToken,omitempty"` 54 CreateResultIssue bool `json:"createResultIssue,omitempty"` 55 GithubAPIURL string `json:"githubApiUrl,omitempty"` 56 Owner string `json:"owner,omitempty"` 57 Repository string `json:"repository,omitempty"` 58 Assignees []string `json:"assignees,omitempty"` 59 CustomTLSCertificateLinks []string `json:"customTlsCertificateLinks,omitempty"` 60 FailOnSevereVulnerabilities bool `json:"failOnSevereVulnerabilities,omitempty"` 61 BuildTool string `json:"buildTool,omitempty"` 62 ExcludedDirectories []string `json:"excludedDirectories,omitempty"` 63 NpmDependencyTypesExcluded []string `json:"npmDependencyTypesExcluded,omitempty" validate:"possible-values=NONE DEV PEER"` 64 NpmArguments []string `json:"npmArguments,omitempty"` 65 PrivateModules string `json:"privateModules,omitempty"` 66 PrivateModulesGitToken string `json:"privateModulesGitToken,omitempty"` 67 } 68 69 type detectExecuteScanInflux struct { 70 step_data struct { 71 fields struct { 72 detect bool 73 } 74 tags struct { 75 } 76 } 77 detect_data struct { 78 fields struct { 79 vulnerabilities int 80 major_vulnerabilities int 81 minor_vulnerabilities int 82 components int 83 policy_violations int 84 } 85 tags struct { 86 } 87 } 88 } 89 90 func (i *detectExecuteScanInflux) persist(path, resourceName string) { 91 measurementContent := []struct { 92 measurement string 93 valType string 94 name string 95 value interface{} 96 }{ 97 {valType: config.InfluxField, measurement: "step_data", name: "detect", value: i.step_data.fields.detect}, 98 {valType: config.InfluxField, measurement: "detect_data", name: "vulnerabilities", value: i.detect_data.fields.vulnerabilities}, 99 {valType: config.InfluxField, measurement: "detect_data", name: "major_vulnerabilities", value: i.detect_data.fields.major_vulnerabilities}, 100 {valType: config.InfluxField, measurement: "detect_data", name: "minor_vulnerabilities", value: i.detect_data.fields.minor_vulnerabilities}, 101 {valType: config.InfluxField, measurement: "detect_data", name: "components", value: i.detect_data.fields.components}, 102 {valType: config.InfluxField, measurement: "detect_data", name: "policy_violations", value: i.detect_data.fields.policy_violations}, 103 } 104 105 errCount := 0 106 for _, metric := range measurementContent { 107 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 108 if err != nil { 109 log.Entry().WithError(err).Error("Error persisting influx environment.") 110 errCount++ 111 } 112 } 113 if errCount > 0 { 114 log.Entry().Error("failed to persist Influx environment") 115 } 116 } 117 118 type detectExecuteScanReports struct { 119 } 120 121 func (p *detectExecuteScanReports) persist(stepConfig detectExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 122 if gcsBucketId == "" { 123 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 124 return 125 } 126 log.Entry().Info("Uploading reports to Google Cloud Storage...") 127 content := []gcs.ReportOutputParam{ 128 {FilePattern: "**/*BlackDuck_RiskReport.pdf", ParamRef: "", StepResultType: "blackduck-ip"}, 129 {FilePattern: "**/blackduck-ip.json", ParamRef: "", StepResultType: "blackduck-ip"}, 130 {FilePattern: "**/toolrun_detectExecute_*.json", ParamRef: "", StepResultType: "blackduck-ip"}, 131 {FilePattern: "**/piper_detect_policy_violation_report.html", ParamRef: "", StepResultType: "blackduck-ip"}, 132 {FilePattern: "**/*BlackDuck_RiskReport.pdf", ParamRef: "", StepResultType: "blackduck-security"}, 133 {FilePattern: "**/detectExecuteScan_policy_*.json", ParamRef: "", StepResultType: "blackduck-security"}, 134 {FilePattern: "**/piper_detect_vulnerability_report.html", ParamRef: "", StepResultType: "blackduck-security"}, 135 {FilePattern: "**/toolrun_detectExecute_*.json", ParamRef: "", StepResultType: "blackduck-security"}, 136 {FilePattern: "**/piper_detect_vulnerability.sarif", ParamRef: "", StepResultType: "blackduck-security"}, 137 {FilePattern: "**/piper_hub_detect_sbom.xml", ParamRef: "", StepResultType: "blackduck-security"}, 138 } 139 envVars := []gcs.EnvVar{ 140 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 141 } 142 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 143 if err != nil { 144 log.Entry().Errorf("creation of GCS client failed: %v", err) 145 return 146 } 147 defer gcsClient.Close() 148 structVal := reflect.ValueOf(&stepConfig).Elem() 149 inputParameters := map[string]string{} 150 for i := 0; i < structVal.NumField(); i++ { 151 field := structVal.Type().Field(i) 152 if field.Type.String() == "string" { 153 paramName := strings.Split(field.Tag.Get("json"), ",") 154 paramValue, _ := structVal.Field(i).Interface().(string) 155 inputParameters[paramName[0]] = paramValue 156 } 157 } 158 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 159 log.Entry().Errorf("failed to persist reports: %v", err) 160 } 161 } 162 163 // DetectExecuteScanCommand Executes Synopsys Detect scan 164 func DetectExecuteScanCommand() *cobra.Command { 165 const STEP_NAME = "detectExecuteScan" 166 167 metadata := detectExecuteScanMetadata() 168 var stepConfig detectExecuteScanOptions 169 var startTime time.Time 170 var influx detectExecuteScanInflux 171 var reports detectExecuteScanReports 172 var logCollector *log.CollectorHook 173 var splunkClient *splunk.Splunk 174 telemetryClient := &telemetry.Telemetry{} 175 176 var createDetectExecuteScanCmd = &cobra.Command{ 177 Use: STEP_NAME, 178 Short: "Executes Synopsys Detect scan", 179 Long: `This step executes [Synopsys Detect](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=introduction.html&_LANG=enus) scans. 180 Synopsys Detect command line utlity can be used to run various scans including BlackDuck and Polaris scans. This step allows users to run BlackDuck scans by default. 181 Please configure your BlackDuck server Url using the serverUrl parameter and the API token of your user using the apiToken parameter for this step.`, 182 PreRunE: func(cmd *cobra.Command, _ []string) error { 183 startTime = time.Now() 184 log.SetStepName(STEP_NAME) 185 log.SetVerbose(GeneralConfig.Verbose) 186 187 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 188 189 path, _ := os.Getwd() 190 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 191 log.RegisterHook(fatalHook) 192 193 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 194 if err != nil { 195 log.SetErrorCategory(log.ErrorConfiguration) 196 return err 197 } 198 log.RegisterSecret(stepConfig.Token) 199 log.RegisterSecret(stepConfig.GithubToken) 200 log.RegisterSecret(stepConfig.PrivateModulesGitToken) 201 202 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 203 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 204 log.RegisterHook(&sentryHook) 205 } 206 207 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 208 splunkClient = &splunk.Splunk{} 209 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 210 log.RegisterHook(logCollector) 211 } 212 213 if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { 214 log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") 215 } 216 217 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 218 if err != nil { 219 return err 220 } 221 if err = validation.ValidateStruct(stepConfig); err != nil { 222 log.SetErrorCategory(log.ErrorConfiguration) 223 return err 224 } 225 226 return nil 227 }, 228 Run: func(_ *cobra.Command, _ []string) { 229 stepTelemetryData := telemetry.CustomData{} 230 stepTelemetryData.ErrorCode = "1" 231 handler := func() { 232 influx.persist(GeneralConfig.EnvRootPath, "influx") 233 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 234 config.RemoveVaultSecretFiles() 235 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 236 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 237 stepTelemetryData.PiperCommitHash = GitCommit 238 telemetryClient.SetData(&stepTelemetryData) 239 telemetryClient.Send() 240 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 241 splunkClient.Initialize(GeneralConfig.CorrelationID, 242 GeneralConfig.HookConfig.SplunkConfig.Dsn, 243 GeneralConfig.HookConfig.SplunkConfig.Token, 244 GeneralConfig.HookConfig.SplunkConfig.Index, 245 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 246 splunkClient.Send(telemetryClient.GetData(), logCollector) 247 } 248 if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 249 splunkClient.Initialize(GeneralConfig.CorrelationID, 250 GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, 251 GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, 252 GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, 253 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 254 splunkClient.Send(telemetryClient.GetData(), logCollector) 255 } 256 } 257 log.DeferExitHandler(handler) 258 defer handler() 259 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 260 detectExecuteScan(stepConfig, &stepTelemetryData, &influx) 261 stepTelemetryData.ErrorCode = "0" 262 log.Entry().Info("SUCCESS") 263 }, 264 } 265 266 addDetectExecuteScanFlags(createDetectExecuteScanCmd, &stepConfig) 267 return createDetectExecuteScanCmd 268 } 269 270 func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScanOptions) { 271 cmd.Flags().StringVar(&stepConfig.Token, "token", os.Getenv("PIPER_token"), "Api token to be used for connectivity with Synopsis Detect server.") 272 cmd.Flags().StringVar(&stepConfig.CodeLocation, "codeLocation", os.Getenv("PIPER_codeLocation"), "An override for the name Detect will use for the scan file it creates.") 273 cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", os.Getenv("PIPER_projectName"), "Name of the Synopsis Detect (formerly BlackDuck) project.") 274 cmd.Flags().StringSliceVar(&stepConfig.Scanners, "scanners", []string{`signature`}, "List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.") 275 cmd.Flags().StringSliceVar(&stepConfig.ScanPaths, "scanPaths", []string{`.`}, "List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.") 276 cmd.Flags().StringVar(&stepConfig.DependencyPath, "dependencyPath", `.`, "Absolute Path of the dependency management file of the project. This path represents the folder which contains the pom file, package.json etc. If the project contains multiple pom files, provide the path to the parent pom file or the base folder of the project") 277 cmd.Flags().BoolVar(&stepConfig.Unmap, "unmap", false, "Unmap flag will unmap all previous code locations and keep only the current scan results in the specified project version. Set this parameter to true, when the project version needs to store only the latest scan results.") 278 cmd.Flags().StringSliceVar(&stepConfig.ScanProperties, "scanProperties", []string{`--blackduck.signature.scanner.memory=4096`, `--detect.timeout=6000`, `--blackduck.trust.cert=true`, `--logging.level.com.synopsys.integration=DEBUG`, `--detect.maven.excluded.scopes=test`}, "Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=properties%2Fall-properties.html&_LANG=enus)") 279 cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Server URL to the Synopsis Detect (formerly BlackDuck) Server.") 280 cmd.Flags().StringSliceVar(&stepConfig.Groups, "groups", []string{}, "Users groups to be assigned for the Project") 281 cmd.Flags().StringSliceVar(&stepConfig.FailOn, "failOn", []string{`BLOCKER`}, "Mark the current build as fail based on the policy categories applied.") 282 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1") 283 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.") 284 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "A custom version used along with the uploaded scan results.") 285 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path or url to the mvn settings file that should be used as project settings file.") 286 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path or url to the mvn settings file that should be used as global settings file") 287 cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.") 288 cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running detect. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.") 289 cmd.Flags().StringSliceVar(&stepConfig.IncludedPackageManagers, "includedPackageManagers", []string{}, "The package managers that need to be included for this scan. Providing the package manager names with this parameter will ensure that the build descriptor file of that package manager will be searched in the scan folder For the complete list of possible values for this parameter, please refer [Synopsys detect documentation](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=properties%2Fconfiguration%2Fdetector.html&_LANG=enus&anchor=detector-types-included-advanced)") 290 cmd.Flags().StringSliceVar(&stepConfig.ExcludedPackageManagers, "excludedPackageManagers", []string{}, "The package managers that need to be excluded for this scan. Providing the package manager names with this parameter will ensure that the build descriptor file of that package manager will be ignored in the scan folder For the complete list of possible values for this parameter, please refer [Synopsys detect documentation](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=properties%2Fconfiguration%2Fdetector.html&_LANG=enus&anchor=detector-types-excluded-advanced)") 291 cmd.Flags().StringSliceVar(&stepConfig.MavenExcludedScopes, "mavenExcludedScopes", []string{}, "The maven scopes that need to be excluded from the scan. For example, setting the value 'test' will exclude all components which are defined with a test scope in maven") 292 cmd.Flags().StringSliceVar(&stepConfig.DetectTools, "detectTools", []string{}, "The type of BlackDuck scanners to include while running the BlackDuck scan. By default All scanners are included. For the complete list of possible values, Please refer [Synopsys detect documentation](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=properties%2Fconfiguration%2Fpaths.html&_LANG=enus&anchor=detect-tools-included)") 293 cmd.Flags().BoolVar(&stepConfig.ScanOnChanges, "scanOnChanges", false, "This flag determines if the scan is submitted to the server. If set to true, then the scan request is submitted to the server only when changes are detected in the Open Source Bill of Materials If the flag is set to false, then the scan request is submitted to server regardless of any changes. For more details please refer to the [documentation](https://github.com/blackducksoftware/detect_rescan/blob/master/README.md)") 294 cmd.Flags().BoolVar(&stepConfig.UseDetect7, "useDetect7", false, "This flag allows to use the currently supported 8 version of Detect Script instead of v7") 295 cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", true, "This flag allows to use the currently supported 8 version of Detect Script instead of v7") 296 cmd.Flags().BoolVar(&stepConfig.SuccessOnSkip, "successOnSkip", true, "This flag allows forces Black Duck to exit with 0 error code if any step is skipped") 297 cmd.Flags().StringSliceVar(&stepConfig.CustomEnvironmentVariables, "customEnvironmentVariables", []string{}, "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan. This includes a list of environment variables defined by Synopsys. The full list can be found [here](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=configuring%2Fenvvars.html&_LANG=enus) This list affects the detect script downloaded while running the scan. Right now only detect7.sh is available for downloading") 298 cmd.Flags().IntVar(&stepConfig.MinScanInterval, "minScanInterval", 0, "This parameter controls the frequency (in number of hours) at which the signature scan is re-submitted for scan. When set to a value greater than 0, the signature scans are skipped until the specified number of hours has elapsed since the last signature scan.") 299 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 300 cmd.Flags().BoolVar(&stepConfig.CreateResultIssue, "createResultIssue", false, "Activate creation of a result issue in GitHub.") 301 cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") 302 cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Set the GitHub organization.") 303 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Set the GitHub repository.") 304 cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.") 305 cmd.Flags().StringSliceVar(&stepConfig.CustomTLSCertificateLinks, "customTlsCertificateLinks", []string{}, "List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with repositories (like nexus) when publish flag is set to true.") 306 cmd.Flags().BoolVar(&stepConfig.FailOnSevereVulnerabilities, "failOnSevereVulnerabilities", true, "Whether to fail the step on severe vulnerabilties or not") 307 cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", os.Getenv("PIPER_buildTool"), "Defines the tool which is used for building the artifact.") 308 cmd.Flags().StringSliceVar(&stepConfig.ExcludedDirectories, "excludedDirectories", []string{}, "List of directories which should be excluded from the scan.") 309 cmd.Flags().StringSliceVar(&stepConfig.NpmDependencyTypesExcluded, "npmDependencyTypesExcluded", []string{}, "List of npm dependency types which Detect should exclude from the BOM.") 310 cmd.Flags().StringSliceVar(&stepConfig.NpmArguments, "npmArguments", []string{}, "List of additional arguments that Detect will add at then end of the npm ls command line when Detect executes the NPM CLI Detector on an NPM project.") 311 cmd.Flags().StringVar(&stepConfig.PrivateModules, "privateModules", os.Getenv("PIPER_privateModules"), "Tells go which modules shall be considered to be private (by setting [GOPRIVATE](https://pkg.go.dev/cmd/go#hdr-Configuration_for_downloading_non_public_code)).") 312 cmd.Flags().StringVar(&stepConfig.PrivateModulesGitToken, "privateModulesGitToken", os.Getenv("PIPER_privateModulesGitToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.") 313 314 cmd.MarkFlagRequired("token") 315 cmd.MarkFlagRequired("projectName") 316 cmd.MarkFlagRequired("serverUrl") 317 } 318 319 // retrieve step metadata 320 func detectExecuteScanMetadata() config.StepData { 321 var theMetaData = config.StepData{ 322 Metadata: config.StepMetadata{ 323 Name: "detectExecuteScan", 324 Aliases: []config.Alias{}, 325 Description: "Executes Synopsys Detect scan", 326 }, 327 Spec: config.StepSpec{ 328 Inputs: config.StepInputs{ 329 Secrets: []config.StepSecrets{ 330 {Name: "detectTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing the API token used to authenticate with the Synopsis Detect (formerly BlackDuck) Server.", Type: "jenkins", Aliases: []config.Alias{{Name: "apiTokenCredentialsId", Deprecated: false}}}, 331 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 332 {Name: "golangPrivateModulesGitTokenCredentialsId", Description: "Jenkins 'Username with password' credentials ID containing username/password for http access to your git repos where your go private modules are stored.", Type: "jenkins"}, 333 }, 334 Resources: []config.StepResources{ 335 {Name: "buildDescriptor", Type: "stash"}, 336 {Name: "checkmarx", Type: "stash"}, 337 }, 338 Parameters: []config.StepParameters{ 339 { 340 Name: "token", 341 ResourceRef: []config.ResourceReference{ 342 { 343 Name: "detectTokenCredentialsId", 344 Type: "secret", 345 }, 346 347 { 348 Name: "detectVaultSecretName", 349 Type: "vaultSecret", 350 Default: "detect", 351 }, 352 }, 353 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 354 Type: "string", 355 Mandatory: true, 356 Aliases: []config.Alias{{Name: "blackduckToken"}, {Name: "detectToken"}, {Name: "apiToken", Deprecated: true}, {Name: "detect/apiToken", Deprecated: true}}, 357 Default: os.Getenv("PIPER_token"), 358 }, 359 { 360 Name: "codeLocation", 361 ResourceRef: []config.ResourceReference{}, 362 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 363 Type: "string", 364 Mandatory: false, 365 Aliases: []config.Alias{}, 366 Default: os.Getenv("PIPER_codeLocation"), 367 }, 368 { 369 Name: "projectName", 370 ResourceRef: []config.ResourceReference{}, 371 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 372 Type: "string", 373 Mandatory: true, 374 Aliases: []config.Alias{{Name: "detect/projectName"}}, 375 Default: os.Getenv("PIPER_projectName"), 376 }, 377 { 378 Name: "scanners", 379 ResourceRef: []config.ResourceReference{}, 380 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 381 Type: "[]string", 382 Mandatory: false, 383 Aliases: []config.Alias{{Name: "detect/scanners"}}, 384 Default: []string{`signature`}, 385 }, 386 { 387 Name: "scanPaths", 388 ResourceRef: []config.ResourceReference{}, 389 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 390 Type: "[]string", 391 Mandatory: false, 392 Aliases: []config.Alias{{Name: "detect/scanPaths"}}, 393 Default: []string{`.`}, 394 }, 395 { 396 Name: "dependencyPath", 397 ResourceRef: []config.ResourceReference{}, 398 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 399 Type: "string", 400 Mandatory: false, 401 Aliases: []config.Alias{{Name: "detect/dependencyPath"}}, 402 Default: `.`, 403 }, 404 { 405 Name: "unmap", 406 ResourceRef: []config.ResourceReference{}, 407 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 408 Type: "bool", 409 Mandatory: false, 410 Aliases: []config.Alias{{Name: "detect/unmap"}}, 411 Default: false, 412 }, 413 { 414 Name: "scanProperties", 415 ResourceRef: []config.ResourceReference{}, 416 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 417 Type: "[]string", 418 Mandatory: false, 419 Aliases: []config.Alias{{Name: "detect/scanProperties"}}, 420 Default: []string{`--blackduck.signature.scanner.memory=4096`, `--detect.timeout=6000`, `--blackduck.trust.cert=true`, `--logging.level.com.synopsys.integration=DEBUG`, `--detect.maven.excluded.scopes=test`}, 421 }, 422 { 423 Name: "serverUrl", 424 ResourceRef: []config.ResourceReference{}, 425 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 426 Type: "string", 427 Mandatory: true, 428 Aliases: []config.Alias{{Name: "detect/serverUrl"}}, 429 Default: os.Getenv("PIPER_serverUrl"), 430 }, 431 { 432 Name: "groups", 433 ResourceRef: []config.ResourceReference{}, 434 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 435 Type: "[]string", 436 Mandatory: false, 437 Aliases: []config.Alias{{Name: "detect/groups"}}, 438 Default: []string{}, 439 }, 440 { 441 Name: "failOn", 442 ResourceRef: []config.ResourceReference{}, 443 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 444 Type: "[]string", 445 Mandatory: false, 446 Aliases: []config.Alias{{Name: "detect/failOn"}}, 447 Default: []string{`BLOCKER`}, 448 }, 449 { 450 Name: "versioningModel", 451 ResourceRef: []config.ResourceReference{}, 452 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 453 Type: "string", 454 Mandatory: false, 455 Aliases: []config.Alias{}, 456 Default: `major`, 457 }, 458 { 459 Name: "version", 460 ResourceRef: []config.ResourceReference{ 461 { 462 Name: "commonPipelineEnvironment", 463 Param: "artifactVersion", 464 }, 465 }, 466 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 467 Type: "string", 468 Mandatory: false, 469 Aliases: []config.Alias{{Name: "projectVersion"}, {Name: "detect/projectVersion"}}, 470 Default: os.Getenv("PIPER_version"), 471 }, 472 { 473 Name: "customScanVersion", 474 ResourceRef: []config.ResourceReference{}, 475 Scope: []string{"GENERAL", "STAGES", "STEPS", "PARAMETERS"}, 476 Type: "string", 477 Mandatory: false, 478 Aliases: []config.Alias{}, 479 Default: os.Getenv("PIPER_customScanVersion"), 480 }, 481 { 482 Name: "projectSettingsFile", 483 ResourceRef: []config.ResourceReference{}, 484 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 485 Type: "string", 486 Mandatory: false, 487 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 488 Default: os.Getenv("PIPER_projectSettingsFile"), 489 }, 490 { 491 Name: "globalSettingsFile", 492 ResourceRef: []config.ResourceReference{}, 493 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 494 Type: "string", 495 Mandatory: false, 496 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 497 Default: os.Getenv("PIPER_globalSettingsFile"), 498 }, 499 { 500 Name: "m2Path", 501 ResourceRef: []config.ResourceReference{}, 502 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 503 Type: "string", 504 Mandatory: false, 505 Aliases: []config.Alias{{Name: "maven/m2Path"}}, 506 Default: os.Getenv("PIPER_m2Path"), 507 }, 508 { 509 Name: "installArtifacts", 510 ResourceRef: []config.ResourceReference{}, 511 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 512 Type: "bool", 513 Mandatory: false, 514 Aliases: []config.Alias{}, 515 Default: false, 516 }, 517 { 518 Name: "includedPackageManagers", 519 ResourceRef: []config.ResourceReference{}, 520 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 521 Type: "[]string", 522 Mandatory: false, 523 Aliases: []config.Alias{{Name: "detect/includedPackageManagers"}}, 524 Default: []string{}, 525 }, 526 { 527 Name: "excludedPackageManagers", 528 ResourceRef: []config.ResourceReference{}, 529 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 530 Type: "[]string", 531 Mandatory: false, 532 Aliases: []config.Alias{{Name: "detect/excludedPackageManagers"}}, 533 Default: []string{}, 534 }, 535 { 536 Name: "mavenExcludedScopes", 537 ResourceRef: []config.ResourceReference{}, 538 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 539 Type: "[]string", 540 Mandatory: false, 541 Aliases: []config.Alias{{Name: "detect/mavenExcludedScopes"}}, 542 Default: []string{}, 543 }, 544 { 545 Name: "detectTools", 546 ResourceRef: []config.ResourceReference{}, 547 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 548 Type: "[]string", 549 Mandatory: false, 550 Aliases: []config.Alias{{Name: "detect/detectTools"}}, 551 Default: []string{}, 552 }, 553 { 554 Name: "scanOnChanges", 555 ResourceRef: []config.ResourceReference{}, 556 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 557 Type: "bool", 558 Mandatory: false, 559 Aliases: []config.Alias{}, 560 Default: false, 561 }, 562 { 563 Name: "useDetect7", 564 ResourceRef: []config.ResourceReference{}, 565 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 566 Type: "bool", 567 Mandatory: false, 568 Aliases: []config.Alias{{Name: "detect/useDetect7"}}, 569 Default: false, 570 }, 571 { 572 Name: "useDetect8", 573 ResourceRef: []config.ResourceReference{}, 574 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 575 Type: "bool", 576 Mandatory: false, 577 Aliases: []config.Alias{{Name: "detect/useDetect8", Deprecated: true}}, 578 Default: true, 579 }, 580 { 581 Name: "successOnSkip", 582 ResourceRef: []config.ResourceReference{}, 583 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 584 Type: "bool", 585 Mandatory: false, 586 Aliases: []config.Alias{{Name: "detect/successOnSkip", Deprecated: true}}, 587 Default: true, 588 }, 589 { 590 Name: "customEnvironmentVariables", 591 ResourceRef: []config.ResourceReference{}, 592 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 593 Type: "[]string", 594 Mandatory: false, 595 Aliases: []config.Alias{}, 596 Default: []string{}, 597 }, 598 { 599 Name: "minScanInterval", 600 ResourceRef: []config.ResourceReference{}, 601 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 602 Type: "int", 603 Mandatory: false, 604 Aliases: []config.Alias{}, 605 Default: 0, 606 }, 607 { 608 Name: "githubToken", 609 ResourceRef: []config.ResourceReference{ 610 { 611 Name: "githubTokenCredentialsId", 612 Type: "secret", 613 }, 614 615 { 616 Name: "githubVaultSecretName", 617 Type: "vaultSecret", 618 Default: "github", 619 }, 620 }, 621 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 622 Type: "string", 623 Mandatory: false, 624 Aliases: []config.Alias{{Name: "access_token"}}, 625 Default: os.Getenv("PIPER_githubToken"), 626 }, 627 { 628 Name: "createResultIssue", 629 ResourceRef: []config.ResourceReference{ 630 { 631 Name: "commonPipelineEnvironment", 632 Param: "custom/isOptimizedAndScheduled", 633 }, 634 }, 635 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 636 Type: "bool", 637 Mandatory: false, 638 Aliases: []config.Alias{}, 639 Default: false, 640 }, 641 { 642 Name: "githubApiUrl", 643 ResourceRef: []config.ResourceReference{}, 644 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 645 Type: "string", 646 Mandatory: false, 647 Aliases: []config.Alias{}, 648 Default: `https://api.github.com`, 649 }, 650 { 651 Name: "owner", 652 ResourceRef: []config.ResourceReference{ 653 { 654 Name: "commonPipelineEnvironment", 655 Param: "github/owner", 656 }, 657 }, 658 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 659 Type: "string", 660 Mandatory: false, 661 Aliases: []config.Alias{{Name: "githubOrg"}}, 662 Default: os.Getenv("PIPER_owner"), 663 }, 664 { 665 Name: "repository", 666 ResourceRef: []config.ResourceReference{ 667 { 668 Name: "commonPipelineEnvironment", 669 Param: "github/repository", 670 }, 671 }, 672 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 673 Type: "string", 674 Mandatory: false, 675 Aliases: []config.Alias{{Name: "githubRepo"}}, 676 Default: os.Getenv("PIPER_repository"), 677 }, 678 { 679 Name: "assignees", 680 ResourceRef: []config.ResourceReference{}, 681 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 682 Type: "[]string", 683 Mandatory: false, 684 Aliases: []config.Alias{}, 685 Default: []string{``}, 686 }, 687 { 688 Name: "customTlsCertificateLinks", 689 ResourceRef: []config.ResourceReference{}, 690 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 691 Type: "[]string", 692 Mandatory: false, 693 Aliases: []config.Alias{}, 694 Default: []string{}, 695 }, 696 { 697 Name: "failOnSevereVulnerabilities", 698 ResourceRef: []config.ResourceReference{}, 699 Scope: []string{"PARAMETERS"}, 700 Type: "bool", 701 Mandatory: false, 702 Aliases: []config.Alias{}, 703 Default: true, 704 }, 705 { 706 Name: "buildTool", 707 ResourceRef: []config.ResourceReference{ 708 { 709 Name: "commonPipelineEnvironment", 710 Param: "buildTool", 711 }, 712 }, 713 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 714 Type: "string", 715 Mandatory: false, 716 Aliases: []config.Alias{}, 717 Default: os.Getenv("PIPER_buildTool"), 718 }, 719 { 720 Name: "excludedDirectories", 721 ResourceRef: []config.ResourceReference{}, 722 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 723 Type: "[]string", 724 Mandatory: false, 725 Aliases: []config.Alias{{Name: "detect/excludedDirectories"}}, 726 Default: []string{}, 727 }, 728 { 729 Name: "npmDependencyTypesExcluded", 730 ResourceRef: []config.ResourceReference{}, 731 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 732 Type: "[]string", 733 Mandatory: false, 734 Aliases: []config.Alias{{Name: "detect/npmDependencyTypesExcluded"}}, 735 Default: []string{}, 736 }, 737 { 738 Name: "npmArguments", 739 ResourceRef: []config.ResourceReference{}, 740 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 741 Type: "[]string", 742 Mandatory: false, 743 Aliases: []config.Alias{{Name: "detect/npmArguments"}}, 744 Default: []string{}, 745 }, 746 { 747 Name: "privateModules", 748 ResourceRef: []config.ResourceReference{}, 749 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 750 Type: "string", 751 Mandatory: false, 752 Aliases: []config.Alias{}, 753 Default: os.Getenv("PIPER_privateModules"), 754 }, 755 { 756 Name: "privateModulesGitToken", 757 ResourceRef: []config.ResourceReference{ 758 { 759 Name: "golangPrivateModulesGitTokenCredentialsId", 760 Param: "password", 761 Type: "secret", 762 }, 763 764 { 765 Name: "golangPrivateModulesGitTokenVaultSecret", 766 Type: "vaultSecret", 767 Default: "golang", 768 }, 769 }, 770 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 771 Type: "string", 772 Mandatory: false, 773 Aliases: []config.Alias{}, 774 Default: os.Getenv("PIPER_privateModulesGitToken"), 775 }, 776 }, 777 }, 778 Containers: []config.Container{ 779 {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, 780 }, 781 Outputs: config.StepOutputs{ 782 Resources: []config.StepResources{ 783 { 784 Name: "influx", 785 Type: "influx", 786 Parameters: []map[string]interface{}{ 787 {"name": "step_data", "fields": []map[string]string{{"name": "detect"}}}, 788 {"name": "detect_data", "fields": []map[string]string{{"name": "vulnerabilities"}, {"name": "major_vulnerabilities"}, {"name": "minor_vulnerabilities"}, {"name": "components"}, {"name": "policy_violations"}}}, 789 }, 790 }, 791 { 792 Name: "reports", 793 Type: "reports", 794 Parameters: []map[string]interface{}{ 795 {"filePattern": "**/*BlackDuck_RiskReport.pdf", "type": "blackduck-ip"}, 796 {"filePattern": "**/blackduck-ip.json", "type": "blackduck-ip"}, 797 {"filePattern": "**/toolrun_detectExecute_*.json", "type": "blackduck-ip"}, 798 {"filePattern": "**/piper_detect_policy_violation_report.html", "type": "blackduck-ip"}, 799 {"filePattern": "**/*BlackDuck_RiskReport.pdf", "type": "blackduck-security"}, 800 {"filePattern": "**/detectExecuteScan_policy_*.json", "type": "blackduck-security"}, 801 {"filePattern": "**/piper_detect_vulnerability_report.html", "type": "blackduck-security"}, 802 {"filePattern": "**/toolrun_detectExecute_*.json", "type": "blackduck-security"}, 803 {"filePattern": "**/piper_detect_vulnerability.sarif", "type": "blackduck-security"}, 804 {"filePattern": "**/piper_hub_detect_sbom.xml", "type": "blackduck-security"}, 805 }, 806 }, 807 }, 808 }, 809 }, 810 } 811 return theMetaData 812 }