github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/cmd/fortifyExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type fortifyExecuteScanOptions struct { 25 AdditionalScanParameters []string `json:"additionalScanParameters,omitempty"` 26 AdditionalMvnParameters []string `json:"additionalMvnParameters,omitempty"` 27 Assignees []string `json:"assignees,omitempty"` 28 AuthToken string `json:"authToken,omitempty"` 29 BuildDescriptorExcludeList []string `json:"buildDescriptorExcludeList,omitempty"` 30 CustomScanVersion string `json:"customScanVersion,omitempty"` 31 GithubToken string `json:"githubToken,omitempty"` 32 AutoCreate bool `json:"autoCreate,omitempty"` 33 ModulePath string `json:"modulePath,omitempty"` 34 PythonRequirementsFile string `json:"pythonRequirementsFile,omitempty"` 35 AutodetectClasspath bool `json:"autodetectClasspath,omitempty"` 36 MustAuditIssueGroups string `json:"mustAuditIssueGroups,omitempty"` 37 SpotAuditIssueGroups string `json:"spotAuditIssueGroups,omitempty"` 38 PythonRequirementsInstallSuffix string `json:"pythonRequirementsInstallSuffix,omitempty"` 39 PythonVersion string `json:"pythonVersion,omitempty" validate:"possible-values=python3 python2"` 40 UploadResults bool `json:"uploadResults,omitempty"` 41 Version string `json:"version,omitempty"` 42 BuildDescriptorFile string `json:"buildDescriptorFile,omitempty"` 43 CommitID string `json:"commitId,omitempty"` 44 CommitMessage string `json:"commitMessage,omitempty"` 45 GithubAPIURL string `json:"githubApiUrl,omitempty"` 46 Owner string `json:"owner,omitempty"` 47 Repository string `json:"repository,omitempty"` 48 Memory string `json:"memory,omitempty"` 49 UpdateRulePack bool `json:"updateRulePack,omitempty"` 50 ReportDownloadEndpoint string `json:"reportDownloadEndpoint,omitempty"` 51 PollingMinutes int `json:"pollingMinutes,omitempty"` 52 QuickScan bool `json:"quickScan,omitempty"` 53 Translate string `json:"translate,omitempty"` 54 Src []string `json:"src,omitempty"` 55 Exclude []string `json:"exclude,omitempty"` 56 APIEndpoint string `json:"apiEndpoint,omitempty"` 57 ReportType string `json:"reportType,omitempty"` 58 PythonAdditionalPath []string `json:"pythonAdditionalPath,omitempty"` 59 ArtifactURL string `json:"artifactUrl,omitempty"` 60 ConsiderSuspicious bool `json:"considerSuspicious,omitempty"` 61 ConvertToSarif bool `json:"convertToSarif,omitempty"` 62 FprUploadEndpoint string `json:"fprUploadEndpoint,omitempty"` 63 ProjectName string `json:"projectName,omitempty"` 64 Reporting bool `json:"reporting,omitempty"` 65 ServerURL string `json:"serverUrl,omitempty"` 66 PullRequestMessageRegexGroup int `json:"pullRequestMessageRegexGroup,omitempty"` 67 DeltaMinutes int `json:"deltaMinutes,omitempty"` 68 SpotCheckMinimum int `json:"spotCheckMinimum,omitempty"` 69 SpotCheckMinimumUnit string `json:"spotCheckMinimumUnit,omitempty" validate:"possible-values=number percentage"` 70 SpotCheckMaximum int `json:"spotCheckMaximum,omitempty"` 71 FprDownloadEndpoint string `json:"fprDownloadEndpoint,omitempty"` 72 VersioningModel string `json:"versioningModel,omitempty" validate:"possible-values=major major-minor semantic full"` 73 PythonInstallCommand string `json:"pythonInstallCommand,omitempty"` 74 ReportTemplateID int `json:"reportTemplateId,omitempty"` 75 FilterSetTitle string `json:"filterSetTitle,omitempty"` 76 PullRequestName string `json:"pullRequestName,omitempty"` 77 PullRequestMessageRegex string `json:"pullRequestMessageRegex,omitempty"` 78 BuildTool string `json:"buildTool,omitempty"` 79 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 80 Proxy string `json:"proxy,omitempty"` 81 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 82 M2Path string `json:"m2Path,omitempty"` 83 VerifyOnly bool `json:"verifyOnly,omitempty"` 84 InstallArtifacts bool `json:"installArtifacts,omitempty"` 85 CreateResultIssue bool `json:"createResultIssue,omitempty"` 86 } 87 88 type fortifyExecuteScanInflux struct { 89 step_data struct { 90 fields struct { 91 fortify bool 92 } 93 tags struct { 94 } 95 } 96 fortify_data struct { 97 fields struct { 98 projectID int64 99 projectName string 100 projectVersion string 101 projectVersionID int64 102 violations int 103 corporateTotal int 104 corporateAudited int 105 auditAllTotal int 106 auditAllAudited int 107 spotChecksTotal int 108 spotChecksAudited int 109 spotChecksGap int 110 suspicious int 111 exploitable int 112 suppressed int 113 } 114 tags struct { 115 } 116 } 117 } 118 119 func (i *fortifyExecuteScanInflux) persist(path, resourceName string) { 120 measurementContent := []struct { 121 measurement string 122 valType string 123 name string 124 value interface{} 125 }{ 126 {valType: config.InfluxField, measurement: "step_data", name: "fortify", value: i.step_data.fields.fortify}, 127 {valType: config.InfluxField, measurement: "fortify_data", name: "projectID", value: i.fortify_data.fields.projectID}, 128 {valType: config.InfluxField, measurement: "fortify_data", name: "projectName", value: i.fortify_data.fields.projectName}, 129 {valType: config.InfluxField, measurement: "fortify_data", name: "projectVersion", value: i.fortify_data.fields.projectVersion}, 130 {valType: config.InfluxField, measurement: "fortify_data", name: "projectVersionId", value: i.fortify_data.fields.projectVersionID}, 131 {valType: config.InfluxField, measurement: "fortify_data", name: "violations", value: i.fortify_data.fields.violations}, 132 {valType: config.InfluxField, measurement: "fortify_data", name: "corporateTotal", value: i.fortify_data.fields.corporateTotal}, 133 {valType: config.InfluxField, measurement: "fortify_data", name: "corporateAudited", value: i.fortify_data.fields.corporateAudited}, 134 {valType: config.InfluxField, measurement: "fortify_data", name: "auditAllTotal", value: i.fortify_data.fields.auditAllTotal}, 135 {valType: config.InfluxField, measurement: "fortify_data", name: "auditAllAudited", value: i.fortify_data.fields.auditAllAudited}, 136 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksTotal", value: i.fortify_data.fields.spotChecksTotal}, 137 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksAudited", value: i.fortify_data.fields.spotChecksAudited}, 138 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksGap", value: i.fortify_data.fields.spotChecksGap}, 139 {valType: config.InfluxField, measurement: "fortify_data", name: "suspicious", value: i.fortify_data.fields.suspicious}, 140 {valType: config.InfluxField, measurement: "fortify_data", name: "exploitable", value: i.fortify_data.fields.exploitable}, 141 {valType: config.InfluxField, measurement: "fortify_data", name: "suppressed", value: i.fortify_data.fields.suppressed}, 142 } 143 144 errCount := 0 145 for _, metric := range measurementContent { 146 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 147 if err != nil { 148 log.Entry().WithError(err).Error("Error persisting influx environment.") 149 errCount++ 150 } 151 } 152 if errCount > 0 { 153 log.Entry().Error("failed to persist Influx environment") 154 } 155 } 156 157 type fortifyExecuteScanReports struct { 158 } 159 160 func (p *fortifyExecuteScanReports) persist(stepConfig fortifyExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 161 if gcsBucketId == "" { 162 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 163 return 164 } 165 log.Entry().Info("Uploading reports to Google Cloud Storage...") 166 content := []gcs.ReportOutputParam{ 167 {FilePattern: "**/*.PDF", ParamRef: "", StepResultType: "fortify"}, 168 {FilePattern: "**/*.fpr", ParamRef: "", StepResultType: "fortify"}, 169 {FilePattern: "**/fortify-scan.*", ParamRef: "", StepResultType: "fortify"}, 170 {FilePattern: "**/toolrun_fortify_*.json", ParamRef: "", StepResultType: "fortify"}, 171 {FilePattern: "**/piper_fortify_report.json", ParamRef: "", StepResultType: "fortify"}, 172 {FilePattern: "**/piper_fortify_report.html", ParamRef: "", StepResultType: "fortify"}, 173 } 174 envVars := []gcs.EnvVar{ 175 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 176 } 177 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 178 if err != nil { 179 log.Entry().Errorf("creation of GCS client failed: %v", err) 180 return 181 } 182 defer gcsClient.Close() 183 structVal := reflect.ValueOf(&stepConfig).Elem() 184 inputParameters := map[string]string{} 185 for i := 0; i < structVal.NumField(); i++ { 186 field := structVal.Type().Field(i) 187 if field.Type.String() == "string" { 188 paramName := strings.Split(field.Tag.Get("json"), ",") 189 paramValue, _ := structVal.Field(i).Interface().(string) 190 inputParameters[paramName[0]] = paramValue 191 } 192 } 193 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 194 log.Entry().Errorf("failed to persist reports: %v", err) 195 } 196 } 197 198 // FortifyExecuteScanCommand This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws. 199 func FortifyExecuteScanCommand() *cobra.Command { 200 const STEP_NAME = "fortifyExecuteScan" 201 202 metadata := fortifyExecuteScanMetadata() 203 var stepConfig fortifyExecuteScanOptions 204 var startTime time.Time 205 var influx fortifyExecuteScanInflux 206 var reports fortifyExecuteScanReports 207 var logCollector *log.CollectorHook 208 var splunkClient *splunk.Splunk 209 telemetryClient := &telemetry.Telemetry{} 210 211 var createFortifyExecuteScanCmd = &cobra.Command{ 212 Use: STEP_NAME, 213 Short: "This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.", 214 Long: `This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws. 215 216 The Fortify step triggers a scan locally on your Jenkins within a docker container so finally you have to supply a docker image with a Fortify SCA 217 and Java plus Maven / Gradle or alternatively Python installed into it for being able to perform any scans. 218 !!! hint "Scanning MTA projects" 219 Build type ` + "`" + `maven` + "`" + ` requires a so called aggregator pom which includes all modules to be scanned. If used in a mta-project which includes non-java submodules as maven dependency (e.g. node via frontend-maven-plugin), exclude those by specifying java path explicitly, e.g. ` + "`" + `java/**/src/main/java/**/*` + "`" + `. 220 221 Besides triggering a scan the step verifies the results after they have been uploaded and processed by the Fortify SSC. By default the following KPIs are enforced: 222 * All issues must be audited from the Corporate Security Requirements folder. 223 * All issues must be audited from the Audit All folder. 224 * At least one issue per category must be audited from the Spot Checks of Each Category folder. 225 * Nothing needs to be audited from the Optional folder.`, 226 PreRunE: func(cmd *cobra.Command, _ []string) error { 227 startTime = time.Now() 228 log.SetStepName(STEP_NAME) 229 log.SetVerbose(GeneralConfig.Verbose) 230 231 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 232 233 path, _ := os.Getwd() 234 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 235 log.RegisterHook(fatalHook) 236 237 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 238 if err != nil { 239 log.SetErrorCategory(log.ErrorConfiguration) 240 return err 241 } 242 log.RegisterSecret(stepConfig.AuthToken) 243 log.RegisterSecret(stepConfig.GithubToken) 244 245 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 246 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 247 log.RegisterHook(&sentryHook) 248 } 249 250 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 251 splunkClient = &splunk.Splunk{} 252 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 253 log.RegisterHook(logCollector) 254 } 255 256 if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { 257 log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") 258 } 259 260 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 261 if err != nil { 262 return err 263 } 264 if err = validation.ValidateStruct(stepConfig); err != nil { 265 log.SetErrorCategory(log.ErrorConfiguration) 266 return err 267 } 268 269 return nil 270 }, 271 Run: func(_ *cobra.Command, _ []string) { 272 stepTelemetryData := telemetry.CustomData{} 273 stepTelemetryData.ErrorCode = "1" 274 handler := func() { 275 influx.persist(GeneralConfig.EnvRootPath, "influx") 276 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 277 config.RemoveVaultSecretFiles() 278 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 279 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 280 stepTelemetryData.PiperCommitHash = GitCommit 281 telemetryClient.SetData(&stepTelemetryData) 282 telemetryClient.Send() 283 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 284 splunkClient.Initialize(GeneralConfig.CorrelationID, 285 GeneralConfig.HookConfig.SplunkConfig.Dsn, 286 GeneralConfig.HookConfig.SplunkConfig.Token, 287 GeneralConfig.HookConfig.SplunkConfig.Index, 288 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 289 splunkClient.Send(telemetryClient.GetData(), logCollector) 290 } 291 if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 292 splunkClient.Initialize(GeneralConfig.CorrelationID, 293 GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, 294 GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, 295 GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, 296 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 297 splunkClient.Send(telemetryClient.GetData(), logCollector) 298 } 299 } 300 log.DeferExitHandler(handler) 301 defer handler() 302 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 303 fortifyExecuteScan(stepConfig, &stepTelemetryData, &influx) 304 stepTelemetryData.ErrorCode = "0" 305 log.Entry().Info("SUCCESS") 306 }, 307 } 308 309 addFortifyExecuteScanFlags(createFortifyExecuteScanCmd, &stepConfig) 310 return createFortifyExecuteScanCmd 311 } 312 313 func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteScanOptions) { 314 cmd.Flags().StringSliceVar(&stepConfig.AdditionalScanParameters, "additionalScanParameters", []string{}, "List of additional scan parameters to be used for Fortify sourceanalyzer command execution.") 315 cmd.Flags().StringSliceVar(&stepConfig.AdditionalMvnParameters, "additionalMvnParameters", []string{}, "List of additional maven parameters to be used for Fortify mvn command execution.") 316 cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.") 317 cmd.Flags().StringVar(&stepConfig.AuthToken, "authToken", os.Getenv("PIPER_authToken"), "The FortifyToken to use for authentication") 318 cmd.Flags().StringSliceVar(&stepConfig.BuildDescriptorExcludeList, "buildDescriptorExcludeList", []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, "List of build descriptors and therefore modules to exclude from the scan and assessment activities.") 319 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "Custom version of the Fortify project used as source.") 320 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 321 cmd.Flags().BoolVar(&stepConfig.AutoCreate, "autoCreate", false, "Whether Fortify project and project version shall be implicitly auto created in case they cannot be found in the backend") 322 cmd.Flags().StringVar(&stepConfig.ModulePath, "modulePath", `./`, "Allows providing the path for the module to scan") 323 cmd.Flags().StringVar(&stepConfig.PythonRequirementsFile, "pythonRequirementsFile", os.Getenv("PIPER_pythonRequirementsFile"), "The requirements file used in `buildTool: 'pip'` to populate the build environment with the necessary dependencies") 324 cmd.Flags().BoolVar(&stepConfig.AutodetectClasspath, "autodetectClasspath", true, "Whether the classpath is automatically determined via build tool i.e. maven or pip or not at all") 325 cmd.Flags().StringVar(&stepConfig.MustAuditIssueGroups, "mustAuditIssueGroups", `Corporate Security Requirements, Audit All`, "Comma separated list of issue groups that must be audited completely") 326 cmd.Flags().StringVar(&stepConfig.SpotAuditIssueGroups, "spotAuditIssueGroups", `Spot Checks of Each Category`, "Comma separated list of issue groups that are spot checked and for which `spotCheckMinimum` audited issues are enforced") 327 cmd.Flags().StringVar(&stepConfig.PythonRequirementsInstallSuffix, "pythonRequirementsInstallSuffix", os.Getenv("PIPER_pythonRequirementsInstallSuffix"), "The suffix for the command used to install the requirements file in `buildTool: 'pip'` to populate the build environment with the necessary dependencies") 328 cmd.Flags().StringVar(&stepConfig.PythonVersion, "pythonVersion", `python3`, "Python version to be used in `buildTool: 'pip'`") 329 cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", true, "Whether results shall be uploaded or not") 330 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Version used in conjunction with [`versioningModel`](#versioningModel) to identify the Fortify project to be created and used for results aggregation.") 331 cmd.Flags().StringVar(&stepConfig.BuildDescriptorFile, "buildDescriptorFile", `./pom.xml`, "Path to the build descriptor file addressing the module/folder to be scanned.") 332 cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "Set the Git commit ID for identifying artifacts throughout the scan.") 333 cmd.Flags().StringVar(&stepConfig.CommitMessage, "commitMessage", os.Getenv("PIPER_commitMessage"), "Set the Git commit message for identifying pull request merges throughout the scan.") 334 cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") 335 cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Set the GitHub organization.") 336 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Set the GitHub repository.") 337 cmd.Flags().StringVar(&stepConfig.Memory, "memory", `-Xmx4G -Xms512M`, "The amount of memory granted to the translate/scan executions") 338 cmd.Flags().BoolVar(&stepConfig.UpdateRulePack, "updateRulePack", true, "Whether the rule pack shall be updated and pulled from Fortify SSC before scanning or not") 339 cmd.Flags().StringVar(&stepConfig.ReportDownloadEndpoint, "reportDownloadEndpoint", `/transfer/reportDownload.html`, "Fortify SSC endpoint for Report downloads") 340 cmd.Flags().IntVar(&stepConfig.PollingMinutes, "pollingMinutes", 30, "The number of minutes for which an uploaded FPR artifact''s status is being polled to finish queuing/processing, if exceeded polling will be stopped and an error will be thrown") 341 cmd.Flags().BoolVar(&stepConfig.QuickScan, "quickScan", false, "Whether a quick scan should be performed, please consult the related Fortify documentation on JAM on the impact of this setting") 342 cmd.Flags().StringVar(&stepConfig.Translate, "translate", os.Getenv("PIPER_translate"), "Options for translate phase of Fortify. Most likely, you do not need to set this parameter. See src, exclude. If `'src'` and `'exclude'` are set they are automatically used. Technical details: It has to be a JSON string of list of maps with required key `'src'`, and optional keys `'exclude'`, `'libDirs'`, `'aspnetcore'`, and `'dotNetCoreVersion'`") 343 cmd.Flags().StringSliceVar(&stepConfig.Src, "src", []string{}, "A list of source directories to scan. Wildcards can be used, e.g., `'src/main/java/**/*'`. If `'translate'` is set, this will ignored. The default value for `buildTool: 'maven'` is `['**/*.xml', '**/*.html', '**/*.jsp', '**/*.js', '**/src/main/resources/**/*', '**/src/main/java/**/*', '**/src/gen/java/cds/**/*', '**/target/main/java/**/*', '**/target/main/resources/**/*', '**/target/generated-sources/**/*']`, for `buildTool: 'pip'` it is `['./**/*']`.") 344 cmd.Flags().StringSliceVar(&stepConfig.Exclude, "exclude", []string{}, "A list of directories/files to be excluded from the scan. Wildcards can be used, e.g., `'**/Test.java'`. If `translate` is set, this will ignored. The default value for `buildTool: 'maven'` is `['**/src/test/**/*']`, for `buildTool: 'pip'` it is `['./**/tests/**/*', './**/setup.py']`.") 345 cmd.Flags().StringVar(&stepConfig.APIEndpoint, "apiEndpoint", `/api/v1`, "Fortify SSC endpoint used for uploading the scan results and checking the audit state") 346 cmd.Flags().StringVar(&stepConfig.ReportType, "reportType", `PDF`, "The type of report to be generated") 347 cmd.Flags().StringSliceVar(&stepConfig.PythonAdditionalPath, "pythonAdditionalPath", []string{`./lib`, `.`}, "A list of additional paths which can be used in `buildTool: 'pip'` for customization purposes") 348 cmd.Flags().StringVar(&stepConfig.ArtifactURL, "artifactUrl", os.Getenv("PIPER_artifactUrl"), "Path/URL pointing to an additional artifact repository for resolution of additional artifacts during the build") 349 cmd.Flags().BoolVar(&stepConfig.ConsiderSuspicious, "considerSuspicious", true, "Whether suspicious issues should trigger the check to fail or not") 350 cmd.Flags().BoolVar(&stepConfig.ConvertToSarif, "convertToSarif", true, "Convert the proprietary format of Fortify scan results to the open SARIF standard.") 351 cmd.Flags().StringVar(&stepConfig.FprUploadEndpoint, "fprUploadEndpoint", `/upload/resultFileUpload.html`, "Fortify SSC endpoint for FPR uploads") 352 cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", `{{list .GroupID .ArtifactID | join "-" | trimAll "-"}}`, "The project used for reporting results in SSC") 353 cmd.Flags().BoolVar(&stepConfig.Reporting, "reporting", false, "Influences whether a report is generated or not") 354 cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Fortify SSC Url to be used for accessing the APIs") 355 cmd.Flags().IntVar(&stepConfig.PullRequestMessageRegexGroup, "pullRequestMessageRegexGroup", 1, "The group number for extracting the pull request id in `'pullRequestMessageRegex'`") 356 cmd.Flags().IntVar(&stepConfig.DeltaMinutes, "deltaMinutes", 5, "The number of minutes for which an uploaded FPR artifact is considered to be recent and healthy, if exceeded an error will be thrown") 357 cmd.Flags().IntVar(&stepConfig.SpotCheckMinimum, "spotCheckMinimum", 1, "The minimum number/percentage of issues that must be audited per category in the `Spot Checks of each Category` folder to avoid an error being thrown") 358 cmd.Flags().StringVar(&stepConfig.SpotCheckMinimumUnit, "spotCheckMinimumUnit", `number`, "The unit for the spotCheckMinimum to apply.") 359 cmd.Flags().IntVar(&stepConfig.SpotCheckMaximum, "spotCheckMaximum", 0, "The maximum number of issues that must be audited per category in the `Spot Checks of each Category` folder to avoid an error being thrown. Note that this flag depends on the result of spotCheckMinimum. For example if spotCheckMinimum percentage value exceeds spotCheckMaximum then spotCheckMaximum will be considerd else spotCheckMinimum is considered. If value is less than one, this flag will be ignored.") 360 cmd.Flags().StringVar(&stepConfig.FprDownloadEndpoint, "fprDownloadEndpoint", `/download/currentStateFprDownload.html`, "Fortify SSC endpoint for FPR downloads") 361 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`") 362 cmd.Flags().StringVar(&stepConfig.PythonInstallCommand, "pythonInstallCommand", `{{.Pip}} install --user .`, "Additional install command that can be run when `buildTool: 'pip'` is used which allows further customizing the execution environment of the scan") 363 cmd.Flags().IntVar(&stepConfig.ReportTemplateID, "reportTemplateId", 18, "Report template ID to be used for generating the Fortify report") 364 cmd.Flags().StringVar(&stepConfig.FilterSetTitle, "filterSetTitle", `SAP`, "Title of the filter set to use for analysing the results") 365 cmd.Flags().StringVar(&stepConfig.PullRequestName, "pullRequestName", os.Getenv("PIPER_pullRequestName"), "The name of the pull request branch which will trigger creation of a new version in Fortify SSC based on the master branch version") 366 cmd.Flags().StringVar(&stepConfig.PullRequestMessageRegex, "pullRequestMessageRegex", `.*Merge pull request #(\\d+) from.*`, "Regex used to identify the PR-XXX reference within the merge commit message") 367 cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Scan type used for the step which can be `'maven'`, `'pip'` or `'gradle'`") 368 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.") 369 cmd.Flags().StringVar(&stepConfig.Proxy, "proxy", os.Getenv("PIPER_proxy"), "Proxy URL to be used for communication with the Fortify instance.") 370 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.") 371 cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.") 372 cmd.Flags().BoolVar(&stepConfig.VerifyOnly, "verifyOnly", false, "Whether the step shall only apply verification checks or whether it does a full scan and check cycle") 373 cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running Fortify. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.") 374 cmd.Flags().BoolVar(&stepConfig.CreateResultIssue, "createResultIssue", false, "Activate creation of a result issue in GitHub.") 375 376 cmd.MarkFlagRequired("authToken") 377 cmd.Flags().MarkDeprecated("pythonAdditionalPath", "this is deprecated") 378 cmd.MarkFlagRequired("serverUrl") 379 } 380 381 // retrieve step metadata 382 func fortifyExecuteScanMetadata() config.StepData { 383 var theMetaData = config.StepData{ 384 Metadata: config.StepMetadata{ 385 Name: "fortifyExecuteScan", 386 Aliases: []config.Alias{}, 387 Description: "This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.", 388 }, 389 Spec: config.StepSpec{ 390 Inputs: config.StepInputs{ 391 Secrets: []config.StepSecrets{ 392 {Name: "fortifyCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to Fortify SSC.", Type: "jenkins"}, 393 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 394 }, 395 Resources: []config.StepResources{ 396 {Name: "commonPipelineEnvironment"}, 397 {Name: "buildDescriptor", Type: "stash"}, 398 {Name: "deployDescriptor", Type: "stash"}, 399 {Name: "tests", Type: "stash"}, 400 {Name: "opensourceConfiguration", Type: "stash"}, 401 }, 402 Parameters: []config.StepParameters{ 403 { 404 Name: "additionalScanParameters", 405 ResourceRef: []config.ResourceReference{}, 406 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 407 Type: "[]string", 408 Mandatory: false, 409 Aliases: []config.Alias{}, 410 Default: []string{}, 411 }, 412 { 413 Name: "additionalMvnParameters", 414 ResourceRef: []config.ResourceReference{}, 415 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 416 Type: "[]string", 417 Mandatory: false, 418 Aliases: []config.Alias{}, 419 Default: []string{}, 420 }, 421 { 422 Name: "assignees", 423 ResourceRef: []config.ResourceReference{}, 424 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 425 Type: "[]string", 426 Mandatory: false, 427 Aliases: []config.Alias{}, 428 Default: []string{``}, 429 }, 430 { 431 Name: "authToken", 432 ResourceRef: []config.ResourceReference{ 433 { 434 Name: "fortifyCredentialsId", 435 Type: "secret", 436 }, 437 438 { 439 Name: "fortifyVaultSecretName", 440 Type: "vaultSecret", 441 Default: "fortify", 442 }, 443 }, 444 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 445 Type: "string", 446 Mandatory: true, 447 Aliases: []config.Alias{}, 448 Default: os.Getenv("PIPER_authToken"), 449 }, 450 { 451 Name: "buildDescriptorExcludeList", 452 ResourceRef: []config.ResourceReference{}, 453 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 454 Type: "[]string", 455 Mandatory: false, 456 Aliases: []config.Alias{}, 457 Default: []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, 458 }, 459 { 460 Name: "customScanVersion", 461 ResourceRef: []config.ResourceReference{}, 462 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 463 Type: "string", 464 Mandatory: false, 465 Aliases: []config.Alias{}, 466 Default: os.Getenv("PIPER_customScanVersion"), 467 }, 468 { 469 Name: "githubToken", 470 ResourceRef: []config.ResourceReference{ 471 { 472 Name: "githubTokenCredentialsId", 473 Type: "secret", 474 }, 475 476 { 477 Name: "githubVaultSecretName", 478 Type: "vaultSecret", 479 Default: "github", 480 }, 481 }, 482 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 483 Type: "string", 484 Mandatory: false, 485 Aliases: []config.Alias{{Name: "access_token"}}, 486 Default: os.Getenv("PIPER_githubToken"), 487 }, 488 { 489 Name: "autoCreate", 490 ResourceRef: []config.ResourceReference{}, 491 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 492 Type: "bool", 493 Mandatory: false, 494 Aliases: []config.Alias{}, 495 Default: false, 496 }, 497 { 498 Name: "modulePath", 499 ResourceRef: []config.ResourceReference{}, 500 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 501 Type: "string", 502 Mandatory: false, 503 Aliases: []config.Alias{}, 504 Default: `./`, 505 }, 506 { 507 Name: "pythonRequirementsFile", 508 ResourceRef: []config.ResourceReference{}, 509 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 510 Type: "string", 511 Mandatory: false, 512 Aliases: []config.Alias{}, 513 Default: os.Getenv("PIPER_pythonRequirementsFile"), 514 }, 515 { 516 Name: "autodetectClasspath", 517 ResourceRef: []config.ResourceReference{}, 518 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 519 Type: "bool", 520 Mandatory: false, 521 Aliases: []config.Alias{}, 522 Default: true, 523 }, 524 { 525 Name: "mustAuditIssueGroups", 526 ResourceRef: []config.ResourceReference{}, 527 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 528 Type: "string", 529 Mandatory: false, 530 Aliases: []config.Alias{}, 531 Default: `Corporate Security Requirements, Audit All`, 532 }, 533 { 534 Name: "spotAuditIssueGroups", 535 ResourceRef: []config.ResourceReference{}, 536 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 537 Type: "string", 538 Mandatory: false, 539 Aliases: []config.Alias{}, 540 Default: `Spot Checks of Each Category`, 541 }, 542 { 543 Name: "pythonRequirementsInstallSuffix", 544 ResourceRef: []config.ResourceReference{}, 545 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 546 Type: "string", 547 Mandatory: false, 548 Aliases: []config.Alias{}, 549 Default: os.Getenv("PIPER_pythonRequirementsInstallSuffix"), 550 }, 551 { 552 Name: "pythonVersion", 553 ResourceRef: []config.ResourceReference{}, 554 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 555 Type: "string", 556 Mandatory: false, 557 Aliases: []config.Alias{}, 558 Default: `python3`, 559 }, 560 { 561 Name: "uploadResults", 562 ResourceRef: []config.ResourceReference{}, 563 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 564 Type: "bool", 565 Mandatory: false, 566 Aliases: []config.Alias{}, 567 Default: true, 568 }, 569 { 570 Name: "version", 571 ResourceRef: []config.ResourceReference{ 572 { 573 Name: "commonPipelineEnvironment", 574 Param: "artifactVersion", 575 }, 576 }, 577 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 578 Type: "string", 579 Mandatory: false, 580 Aliases: []config.Alias{{Name: "fortifyProjectVersion", Deprecated: true}}, 581 Default: os.Getenv("PIPER_version"), 582 }, 583 { 584 Name: "buildDescriptorFile", 585 ResourceRef: []config.ResourceReference{}, 586 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 587 Type: "string", 588 Mandatory: false, 589 Aliases: []config.Alias{}, 590 Default: `./pom.xml`, 591 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "maven"}}}}, 592 }, 593 { 594 Name: "buildDescriptorFile", 595 ResourceRef: []config.ResourceReference{}, 596 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 597 Type: "string", 598 Mandatory: false, 599 Aliases: []config.Alias{}, 600 Default: `./setup.py`, 601 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "pip"}}}}, 602 }, 603 { 604 Name: "buildDescriptorFile", 605 ResourceRef: []config.ResourceReference{}, 606 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 607 Type: "string", 608 Mandatory: false, 609 Aliases: []config.Alias{}, 610 Default: `./build.gradle`, 611 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "gradle"}}}}, 612 }, 613 { 614 Name: "commitId", 615 ResourceRef: []config.ResourceReference{ 616 { 617 Name: "commonPipelineEnvironment", 618 Param: "git/commitId", 619 }, 620 }, 621 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 622 Type: "string", 623 Mandatory: false, 624 Aliases: []config.Alias{}, 625 Default: os.Getenv("PIPER_commitId"), 626 }, 627 { 628 Name: "commitMessage", 629 ResourceRef: []config.ResourceReference{ 630 { 631 Name: "commonPipelineEnvironment", 632 Param: "git/commitMessage", 633 }, 634 }, 635 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 636 Type: "string", 637 Mandatory: false, 638 Aliases: []config.Alias{}, 639 Default: os.Getenv("PIPER_commitMessage"), 640 }, 641 { 642 Name: "githubApiUrl", 643 ResourceRef: []config.ResourceReference{}, 644 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 645 Type: "string", 646 Mandatory: false, 647 Aliases: []config.Alias{}, 648 Default: `https://api.github.com`, 649 }, 650 { 651 Name: "owner", 652 ResourceRef: []config.ResourceReference{ 653 { 654 Name: "commonPipelineEnvironment", 655 Param: "github/owner", 656 }, 657 }, 658 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 659 Type: "string", 660 Mandatory: false, 661 Aliases: []config.Alias{{Name: "githubOrg"}}, 662 Default: os.Getenv("PIPER_owner"), 663 }, 664 { 665 Name: "repository", 666 ResourceRef: []config.ResourceReference{ 667 { 668 Name: "commonPipelineEnvironment", 669 Param: "github/repository", 670 }, 671 }, 672 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 673 Type: "string", 674 Mandatory: false, 675 Aliases: []config.Alias{{Name: "githubRepo"}}, 676 Default: os.Getenv("PIPER_repository"), 677 }, 678 { 679 Name: "memory", 680 ResourceRef: []config.ResourceReference{}, 681 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 682 Type: "string", 683 Mandatory: false, 684 Aliases: []config.Alias{}, 685 Default: `-Xmx4G -Xms512M`, 686 }, 687 { 688 Name: "updateRulePack", 689 ResourceRef: []config.ResourceReference{}, 690 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 691 Type: "bool", 692 Mandatory: false, 693 Aliases: []config.Alias{}, 694 Default: true, 695 }, 696 { 697 Name: "reportDownloadEndpoint", 698 ResourceRef: []config.ResourceReference{}, 699 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 700 Type: "string", 701 Mandatory: false, 702 Aliases: []config.Alias{{Name: "fortifyReportDownloadEndpoint"}}, 703 Default: `/transfer/reportDownload.html`, 704 }, 705 { 706 Name: "pollingMinutes", 707 ResourceRef: []config.ResourceReference{}, 708 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 709 Type: "int", 710 Mandatory: false, 711 Aliases: []config.Alias{}, 712 Default: 30, 713 }, 714 { 715 Name: "quickScan", 716 ResourceRef: []config.ResourceReference{}, 717 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 718 Type: "bool", 719 Mandatory: false, 720 Aliases: []config.Alias{}, 721 Default: false, 722 }, 723 { 724 Name: "translate", 725 ResourceRef: []config.ResourceReference{}, 726 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 727 Type: "string", 728 Mandatory: false, 729 Aliases: []config.Alias{}, 730 Default: os.Getenv("PIPER_translate"), 731 }, 732 { 733 Name: "src", 734 ResourceRef: []config.ResourceReference{}, 735 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 736 Type: "[]string", 737 Mandatory: false, 738 Aliases: []config.Alias{}, 739 Default: []string{}, 740 }, 741 { 742 Name: "exclude", 743 ResourceRef: []config.ResourceReference{}, 744 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 745 Type: "[]string", 746 Mandatory: false, 747 Aliases: []config.Alias{}, 748 Default: []string{}, 749 }, 750 { 751 Name: "apiEndpoint", 752 ResourceRef: []config.ResourceReference{}, 753 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 754 Type: "string", 755 Mandatory: false, 756 Aliases: []config.Alias{{Name: "fortifyApiEndpoint"}}, 757 Default: `/api/v1`, 758 }, 759 { 760 Name: "reportType", 761 ResourceRef: []config.ResourceReference{}, 762 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 763 Type: "string", 764 Mandatory: false, 765 Aliases: []config.Alias{}, 766 Default: `PDF`, 767 }, 768 { 769 Name: "pythonAdditionalPath", 770 ResourceRef: []config.ResourceReference{}, 771 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 772 Type: "[]string", 773 Mandatory: false, 774 Aliases: []config.Alias{}, 775 Default: []string{`./lib`, `.`}, 776 DeprecationMessage: "this is deprecated", 777 }, 778 { 779 Name: "artifactUrl", 780 ResourceRef: []config.ResourceReference{}, 781 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 782 Type: "string", 783 Mandatory: false, 784 Aliases: []config.Alias{}, 785 Default: os.Getenv("PIPER_artifactUrl"), 786 }, 787 { 788 Name: "considerSuspicious", 789 ResourceRef: []config.ResourceReference{}, 790 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 791 Type: "bool", 792 Mandatory: false, 793 Aliases: []config.Alias{}, 794 Default: true, 795 }, 796 { 797 Name: "convertToSarif", 798 ResourceRef: []config.ResourceReference{}, 799 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 800 Type: "bool", 801 Mandatory: false, 802 Aliases: []config.Alias{}, 803 Default: true, 804 }, 805 { 806 Name: "fprUploadEndpoint", 807 ResourceRef: []config.ResourceReference{}, 808 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 809 Type: "string", 810 Mandatory: false, 811 Aliases: []config.Alias{{Name: "fortifyFprUploadEndpoint"}}, 812 Default: `/upload/resultFileUpload.html`, 813 }, 814 { 815 Name: "projectName", 816 ResourceRef: []config.ResourceReference{}, 817 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 818 Type: "string", 819 Mandatory: false, 820 Aliases: []config.Alias{{Name: "fortifyProjectName"}}, 821 Default: `{{list .GroupID .ArtifactID | join "-" | trimAll "-"}}`, 822 }, 823 { 824 Name: "reporting", 825 ResourceRef: []config.ResourceReference{}, 826 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 827 Type: "bool", 828 Mandatory: false, 829 Aliases: []config.Alias{}, 830 Default: false, 831 }, 832 { 833 Name: "serverUrl", 834 ResourceRef: []config.ResourceReference{}, 835 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 836 Type: "string", 837 Mandatory: true, 838 Aliases: []config.Alias{{Name: "fortifyServerUrl"}, {Name: "sscUrl", Deprecated: true}}, 839 Default: os.Getenv("PIPER_serverUrl"), 840 }, 841 { 842 Name: "pullRequestMessageRegexGroup", 843 ResourceRef: []config.ResourceReference{}, 844 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 845 Type: "int", 846 Mandatory: false, 847 Aliases: []config.Alias{}, 848 Default: 1, 849 }, 850 { 851 Name: "deltaMinutes", 852 ResourceRef: []config.ResourceReference{}, 853 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 854 Type: "int", 855 Mandatory: false, 856 Aliases: []config.Alias{}, 857 Default: 5, 858 }, 859 { 860 Name: "spotCheckMinimum", 861 ResourceRef: []config.ResourceReference{}, 862 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 863 Type: "int", 864 Mandatory: false, 865 Aliases: []config.Alias{}, 866 Default: 1, 867 }, 868 { 869 Name: "spotCheckMinimumUnit", 870 ResourceRef: []config.ResourceReference{}, 871 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 872 Type: "string", 873 Mandatory: false, 874 Aliases: []config.Alias{}, 875 Default: `number`, 876 }, 877 { 878 Name: "spotCheckMaximum", 879 ResourceRef: []config.ResourceReference{}, 880 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 881 Type: "int", 882 Mandatory: false, 883 Aliases: []config.Alias{}, 884 Default: 0, 885 }, 886 { 887 Name: "fprDownloadEndpoint", 888 ResourceRef: []config.ResourceReference{}, 889 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 890 Type: "string", 891 Mandatory: false, 892 Aliases: []config.Alias{{Name: "fortifyFprDownloadEndpoint"}}, 893 Default: `/download/currentStateFprDownload.html`, 894 }, 895 { 896 Name: "versioningModel", 897 ResourceRef: []config.ResourceReference{}, 898 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 899 Type: "string", 900 Mandatory: false, 901 Aliases: []config.Alias{{Name: "defaultVersioningModel", Deprecated: true}}, 902 Default: `major`, 903 }, 904 { 905 Name: "pythonInstallCommand", 906 ResourceRef: []config.ResourceReference{}, 907 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 908 Type: "string", 909 Mandatory: false, 910 Aliases: []config.Alias{}, 911 Default: `{{.Pip}} install --user .`, 912 }, 913 { 914 Name: "reportTemplateId", 915 ResourceRef: []config.ResourceReference{}, 916 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 917 Type: "int", 918 Mandatory: false, 919 Aliases: []config.Alias{}, 920 Default: 18, 921 }, 922 { 923 Name: "filterSetTitle", 924 ResourceRef: []config.ResourceReference{}, 925 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 926 Type: "string", 927 Mandatory: false, 928 Aliases: []config.Alias{}, 929 Default: `SAP`, 930 }, 931 { 932 Name: "pullRequestName", 933 ResourceRef: []config.ResourceReference{}, 934 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 935 Type: "string", 936 Mandatory: false, 937 Aliases: []config.Alias{}, 938 Default: os.Getenv("PIPER_pullRequestName"), 939 }, 940 { 941 Name: "pullRequestMessageRegex", 942 ResourceRef: []config.ResourceReference{}, 943 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 944 Type: "string", 945 Mandatory: false, 946 Aliases: []config.Alias{}, 947 Default: `.*Merge pull request #(\\d+) from.*`, 948 }, 949 { 950 Name: "buildTool", 951 ResourceRef: []config.ResourceReference{}, 952 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 953 Type: "string", 954 Mandatory: false, 955 Aliases: []config.Alias{}, 956 Default: `maven`, 957 }, 958 { 959 Name: "projectSettingsFile", 960 ResourceRef: []config.ResourceReference{}, 961 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 962 Type: "string", 963 Mandatory: false, 964 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 965 Default: os.Getenv("PIPER_projectSettingsFile"), 966 }, 967 { 968 Name: "proxy", 969 ResourceRef: []config.ResourceReference{}, 970 Scope: []string{"STEPS", "STAGES", "PARAMETERS"}, 971 Type: "string", 972 Mandatory: false, 973 Aliases: []config.Alias{}, 974 Default: os.Getenv("PIPER_proxy"), 975 }, 976 { 977 Name: "globalSettingsFile", 978 ResourceRef: []config.ResourceReference{}, 979 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 980 Type: "string", 981 Mandatory: false, 982 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 983 Default: os.Getenv("PIPER_globalSettingsFile"), 984 }, 985 { 986 Name: "m2Path", 987 ResourceRef: []config.ResourceReference{}, 988 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 989 Type: "string", 990 Mandatory: false, 991 Aliases: []config.Alias{{Name: "maven/m2Path"}}, 992 Default: os.Getenv("PIPER_m2Path"), 993 }, 994 { 995 Name: "verifyOnly", 996 ResourceRef: []config.ResourceReference{}, 997 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 998 Type: "bool", 999 Mandatory: false, 1000 Aliases: []config.Alias{}, 1001 Default: false, 1002 }, 1003 { 1004 Name: "installArtifacts", 1005 ResourceRef: []config.ResourceReference{}, 1006 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 1007 Type: "bool", 1008 Mandatory: false, 1009 Aliases: []config.Alias{}, 1010 Default: false, 1011 }, 1012 { 1013 Name: "createResultIssue", 1014 ResourceRef: []config.ResourceReference{ 1015 { 1016 Name: "commonPipelineEnvironment", 1017 Param: "custom/isOptimizedAndScheduled", 1018 }, 1019 }, 1020 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 1021 Type: "bool", 1022 Mandatory: false, 1023 Aliases: []config.Alias{}, 1024 Default: false, 1025 }, 1026 }, 1027 }, 1028 Containers: []config.Container{ 1029 {}, 1030 }, 1031 Outputs: config.StepOutputs{ 1032 Resources: []config.StepResources{ 1033 { 1034 Name: "influx", 1035 Type: "influx", 1036 Parameters: []map[string]interface{}{ 1037 {"name": "step_data", "fields": []map[string]string{{"name": "fortify"}}}, 1038 {"name": "fortify_data", "fields": []map[string]string{{"name": "projectID"}, {"name": "projectName"}, {"name": "projectVersion"}, {"name": "projectVersionId"}, {"name": "violations"}, {"name": "corporateTotal"}, {"name": "corporateAudited"}, {"name": "auditAllTotal"}, {"name": "auditAllAudited"}, {"name": "spotChecksTotal"}, {"name": "spotChecksAudited"}, {"name": "spotChecksGap"}, {"name": "suspicious"}, {"name": "exploitable"}, {"name": "suppressed"}}}, 1039 }, 1040 }, 1041 { 1042 Name: "reports", 1043 Type: "reports", 1044 Parameters: []map[string]interface{}{ 1045 {"filePattern": "**/*.PDF", "type": "fortify"}, 1046 {"filePattern": "**/*.fpr", "type": "fortify"}, 1047 {"filePattern": "**/fortify-scan.*", "type": "fortify"}, 1048 {"filePattern": "**/toolrun_fortify_*.json", "type": "fortify"}, 1049 {"filePattern": "**/piper_fortify_report.json", "type": "fortify"}, 1050 {"filePattern": "**/piper_fortify_report.html", "type": "fortify"}, 1051 }, 1052 }, 1053 }, 1054 }, 1055 }, 1056 } 1057 return theMetaData 1058 }