github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/cmd/whitesourceExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type whitesourceExecuteScanOptions struct { 25 AgentDownloadURL string `json:"agentDownloadUrl,omitempty"` 26 AgentFileName string `json:"agentFileName,omitempty"` 27 AgentParameters []string `json:"agentParameters,omitempty"` 28 AgentURL string `json:"agentUrl,omitempty"` 29 AggregateVersionWideReport bool `json:"aggregateVersionWideReport,omitempty"` 30 AssessmentFile string `json:"assessmentFile,omitempty"` 31 BuildDescriptorExcludeList []string `json:"buildDescriptorExcludeList,omitempty"` 32 BuildDescriptorFile string `json:"buildDescriptorFile,omitempty"` 33 BuildTool string `json:"buildTool,omitempty"` 34 ConfigFilePath string `json:"configFilePath,omitempty"` 35 ContainerRegistryPassword string `json:"containerRegistryPassword,omitempty"` 36 ContainerRegistryUser string `json:"containerRegistryUser,omitempty"` 37 CreateProductFromPipeline bool `json:"createProductFromPipeline,omitempty"` 38 CustomScanVersion string `json:"customScanVersion,omitempty"` 39 CvssSeverityLimit string `json:"cvssSeverityLimit,omitempty"` 40 ScanPath string `json:"scanPath,omitempty"` 41 DockerConfigJSON string `json:"dockerConfigJSON,omitempty"` 42 EmailAddressesOfInitialProductAdmins []string `json:"emailAddressesOfInitialProductAdmins,omitempty"` 43 Excludes []string `json:"excludes,omitempty"` 44 FailOnSevereVulnerabilities bool `json:"failOnSevereVulnerabilities,omitempty"` 45 Includes []string `json:"includes,omitempty"` 46 InstallCommand string `json:"installCommand,omitempty"` 47 JreDownloadURL string `json:"jreDownloadUrl,omitempty"` 48 LicensingVulnerabilities bool `json:"licensingVulnerabilities,omitempty"` 49 OrgToken string `json:"orgToken,omitempty"` 50 ProductName string `json:"productName,omitempty"` 51 ProductToken string `json:"productToken,omitempty"` 52 Version string `json:"version,omitempty"` 53 ProjectName string `json:"projectName,omitempty"` 54 ProjectToken string `json:"projectToken,omitempty"` 55 Reporting bool `json:"reporting,omitempty"` 56 ScanImage string `json:"scanImage,omitempty"` 57 ScanImageRegistryURL string `json:"scanImageRegistryUrl,omitempty"` 58 SecurityVulnerabilities bool `json:"securityVulnerabilities,omitempty"` 59 ServiceURL string `json:"serviceUrl,omitempty"` 60 Timeout int `json:"timeout,omitempty"` 61 UserToken string `json:"userToken,omitempty"` 62 VersioningModel string `json:"versioningModel,omitempty"` 63 VulnerabilityReportFormat string `json:"vulnerabilityReportFormat,omitempty" validate:"possible-values=xlsx json xml"` 64 VulnerabilityReportTitle string `json:"vulnerabilityReportTitle,omitempty"` 65 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 66 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 67 M2Path string `json:"m2Path,omitempty"` 68 InstallArtifacts bool `json:"installArtifacts,omitempty"` 69 DefaultNpmRegistry string `json:"defaultNpmRegistry,omitempty"` 70 GithubToken string `json:"githubToken,omitempty"` 71 CreateResultIssue bool `json:"createResultIssue,omitempty"` 72 GithubAPIURL string `json:"githubApiUrl,omitempty"` 73 Owner string `json:"owner,omitempty"` 74 Repository string `json:"repository,omitempty"` 75 Assignees []string `json:"assignees,omitempty"` 76 CustomTLSCertificateLinks []string `json:"customTlsCertificateLinks,omitempty"` 77 PrivateModules string `json:"privateModules,omitempty"` 78 PrivateModulesGitToken string `json:"privateModulesGitToken,omitempty"` 79 } 80 81 type whitesourceExecuteScanCommonPipelineEnvironment struct { 82 custom struct { 83 whitesourceProjectNames []string 84 } 85 } 86 87 func (p *whitesourceExecuteScanCommonPipelineEnvironment) persist(path, resourceName string) { 88 content := []struct { 89 category string 90 name string 91 value interface{} 92 }{ 93 {category: "custom", name: "whitesourceProjectNames", value: p.custom.whitesourceProjectNames}, 94 } 95 96 errCount := 0 97 for _, param := range content { 98 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(param.category, param.name), param.value) 99 if err != nil { 100 log.Entry().WithError(err).Error("Error persisting piper environment.") 101 errCount++ 102 } 103 } 104 if errCount > 0 { 105 log.Entry().Error("failed to persist Piper environment") 106 } 107 } 108 109 type whitesourceExecuteScanInflux struct { 110 step_data struct { 111 fields struct { 112 whitesource bool 113 } 114 tags struct { 115 } 116 } 117 whitesource_data struct { 118 fields struct { 119 vulnerabilities int 120 major_vulnerabilities int 121 minor_vulnerabilities int 122 policy_violations int 123 } 124 tags struct { 125 } 126 } 127 } 128 129 func (i *whitesourceExecuteScanInflux) persist(path, resourceName string) { 130 measurementContent := []struct { 131 measurement string 132 valType string 133 name string 134 value interface{} 135 }{ 136 {valType: config.InfluxField, measurement: "step_data", name: "whitesource", value: i.step_data.fields.whitesource}, 137 {valType: config.InfluxField, measurement: "whitesource_data", name: "vulnerabilities", value: i.whitesource_data.fields.vulnerabilities}, 138 {valType: config.InfluxField, measurement: "whitesource_data", name: "major_vulnerabilities", value: i.whitesource_data.fields.major_vulnerabilities}, 139 {valType: config.InfluxField, measurement: "whitesource_data", name: "minor_vulnerabilities", value: i.whitesource_data.fields.minor_vulnerabilities}, 140 {valType: config.InfluxField, measurement: "whitesource_data", name: "policy_violations", value: i.whitesource_data.fields.policy_violations}, 141 } 142 143 errCount := 0 144 for _, metric := range measurementContent { 145 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 146 if err != nil { 147 log.Entry().WithError(err).Error("Error persisting influx environment.") 148 errCount++ 149 } 150 } 151 if errCount > 0 { 152 log.Entry().Error("failed to persist Influx environment") 153 } 154 } 155 156 type whitesourceExecuteScanReports struct { 157 } 158 159 func (p *whitesourceExecuteScanReports) persist(stepConfig whitesourceExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 160 if gcsBucketId == "" { 161 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 162 return 163 } 164 log.Entry().Info("Uploading reports to Google Cloud Storage...") 165 content := []gcs.ReportOutputParam{ 166 {FilePattern: "**/whitesource-ip.json", ParamRef: "", StepResultType: "whitesource-ip"}, 167 {FilePattern: "**/*risk-report.pdf", ParamRef: "", StepResultType: "whitesource-ip"}, 168 {FilePattern: "**/toolrun_whitesource_*.json", ParamRef: "", StepResultType: "whitesource-ip"}, 169 {FilePattern: "**/piper_whitesource_vulnerability_report.html", ParamRef: "", StepResultType: "whitesource-security"}, 170 {FilePattern: "**/*risk-report.pdf", ParamRef: "", StepResultType: "whitesource-security"}, 171 {FilePattern: "**/toolrun_whitesource_*.json", ParamRef: "", StepResultType: "whitesource-security"}, 172 {FilePattern: "**/piper_whitesource_vulnerability.sarif", ParamRef: "", StepResultType: "whitesource-security"}, 173 {FilePattern: "**/piper_whitesource_sbom.xml", ParamRef: "", StepResultType: "whitesource-security"}, 174 } 175 envVars := []gcs.EnvVar{ 176 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 177 } 178 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 179 if err != nil { 180 log.Entry().Errorf("creation of GCS client failed: %v", err) 181 return 182 } 183 defer gcsClient.Close() 184 structVal := reflect.ValueOf(&stepConfig).Elem() 185 inputParameters := map[string]string{} 186 for i := 0; i < structVal.NumField(); i++ { 187 field := structVal.Type().Field(i) 188 if field.Type.String() == "string" { 189 paramName := strings.Split(field.Tag.Get("json"), ",") 190 paramValue, _ := structVal.Field(i).Interface().(string) 191 inputParameters[paramName[0]] = paramValue 192 } 193 } 194 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 195 log.Entry().Errorf("failed to persist reports: %v", err) 196 } 197 } 198 199 // WhitesourceExecuteScanCommand Execute a Mend (formerly known as WhiteSource) scan 200 func WhitesourceExecuteScanCommand() *cobra.Command { 201 const STEP_NAME = "whitesourceExecuteScan" 202 203 metadata := whitesourceExecuteScanMetadata() 204 var stepConfig whitesourceExecuteScanOptions 205 var startTime time.Time 206 var commonPipelineEnvironment whitesourceExecuteScanCommonPipelineEnvironment 207 var influx whitesourceExecuteScanInflux 208 var reports whitesourceExecuteScanReports 209 var logCollector *log.CollectorHook 210 var splunkClient *splunk.Splunk 211 telemetryClient := &telemetry.Telemetry{} 212 213 var createWhitesourceExecuteScanCmd = &cobra.Command{ 214 Use: STEP_NAME, 215 Short: "Execute a Mend (formerly known as WhiteSource) scan", 216 Long: `With this step [Mend](https://www.mend.io/) (formerly known as Whitesource) security and license compliance scans can be executed and assessed. 217 Mend is a Software as a Service offering based on a so called unified agent that locally determines the dependency 218 tree of a node.js, Java, Python, Ruby, or Scala based solution and sends it to the WhiteSource server for a policy based license compliance 219 check and additional Free and Open Source Software Publicly Known Vulnerabilities detection. 220 221 The step uses the so-called Mend Unified Agent. For details please refer to the [Mend Unified Agent Documentation](https://docs.mend.io/bundle/unified_agent/page/overview_of_the_unified_agent.html). 222 223 !!! note "Docker Images" 224 The underlying Docker images are public and specific to the solution's programming language(s) and therefore may have to be exchanged 225 to fit to and support the relevant scenario. The default Python environment used is i.e. Python 3 based.`, 226 PreRunE: func(cmd *cobra.Command, _ []string) error { 227 startTime = time.Now() 228 log.SetStepName(STEP_NAME) 229 log.SetVerbose(GeneralConfig.Verbose) 230 231 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 232 233 path, _ := os.Getwd() 234 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 235 log.RegisterHook(fatalHook) 236 237 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 238 if err != nil { 239 log.SetErrorCategory(log.ErrorConfiguration) 240 return err 241 } 242 log.RegisterSecret(stepConfig.ContainerRegistryPassword) 243 log.RegisterSecret(stepConfig.ContainerRegistryUser) 244 log.RegisterSecret(stepConfig.DockerConfigJSON) 245 log.RegisterSecret(stepConfig.OrgToken) 246 log.RegisterSecret(stepConfig.UserToken) 247 log.RegisterSecret(stepConfig.GithubToken) 248 log.RegisterSecret(stepConfig.PrivateModulesGitToken) 249 250 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 251 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 252 log.RegisterHook(&sentryHook) 253 } 254 255 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 256 splunkClient = &splunk.Splunk{} 257 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 258 log.RegisterHook(logCollector) 259 } 260 261 if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { 262 log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") 263 } 264 265 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 266 if err != nil { 267 return err 268 } 269 if err = validation.ValidateStruct(stepConfig); err != nil { 270 log.SetErrorCategory(log.ErrorConfiguration) 271 return err 272 } 273 274 return nil 275 }, 276 Run: func(_ *cobra.Command, _ []string) { 277 stepTelemetryData := telemetry.CustomData{} 278 stepTelemetryData.ErrorCode = "1" 279 handler := func() { 280 commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment") 281 influx.persist(GeneralConfig.EnvRootPath, "influx") 282 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 283 config.RemoveVaultSecretFiles() 284 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 285 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 286 stepTelemetryData.PiperCommitHash = GitCommit 287 telemetryClient.SetData(&stepTelemetryData) 288 telemetryClient.Send() 289 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 290 splunkClient.Initialize(GeneralConfig.CorrelationID, 291 GeneralConfig.HookConfig.SplunkConfig.Dsn, 292 GeneralConfig.HookConfig.SplunkConfig.Token, 293 GeneralConfig.HookConfig.SplunkConfig.Index, 294 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 295 splunkClient.Send(telemetryClient.GetData(), logCollector) 296 } 297 if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { 298 splunkClient.Initialize(GeneralConfig.CorrelationID, 299 GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, 300 GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, 301 GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, 302 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 303 splunkClient.Send(telemetryClient.GetData(), logCollector) 304 } 305 } 306 log.DeferExitHandler(handler) 307 defer handler() 308 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 309 whitesourceExecuteScan(stepConfig, &stepTelemetryData, &commonPipelineEnvironment, &influx) 310 stepTelemetryData.ErrorCode = "0" 311 log.Entry().Info("SUCCESS") 312 }, 313 } 314 315 addWhitesourceExecuteScanFlags(createWhitesourceExecuteScanCmd, &stepConfig) 316 return createWhitesourceExecuteScanCmd 317 } 318 319 func addWhitesourceExecuteScanFlags(cmd *cobra.Command, stepConfig *whitesourceExecuteScanOptions) { 320 cmd.Flags().StringVar(&stepConfig.AgentDownloadURL, "agentDownloadUrl", `https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar`, "URL used to download the latest version of the WhiteSource Unified Agent.") 321 cmd.Flags().StringVar(&stepConfig.AgentFileName, "agentFileName", `wss-unified-agent.jar`, "Locally used name for the Unified Agent jar file after download.") 322 cmd.Flags().StringSliceVar(&stepConfig.AgentParameters, "agentParameters", []string{}, "[NOT IMPLEMENTED] List of additional parameters passed to the Unified Agent command line.") 323 cmd.Flags().StringVar(&stepConfig.AgentURL, "agentUrl", `https://saas.whitesourcesoftware.com/agent`, "URL to the WhiteSource agent endpoint.") 324 cmd.Flags().BoolVar(&stepConfig.AggregateVersionWideReport, "aggregateVersionWideReport", false, "This does not run a scan, instead just generated a report for all projects with projectVersion = config.ProductVersion") 325 cmd.Flags().StringVar(&stepConfig.AssessmentFile, "assessmentFile", `hs-assessments.yaml`, "Explicit path to the assessment YAML file.") 326 cmd.Flags().StringSliceVar(&stepConfig.BuildDescriptorExcludeList, "buildDescriptorExcludeList", []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, "List of build descriptors and therefore modules to exclude from the scan and assessment activities.") 327 cmd.Flags().StringVar(&stepConfig.BuildDescriptorFile, "buildDescriptorFile", os.Getenv("PIPER_buildDescriptorFile"), "Explicit path to the build descriptor file.") 328 cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", os.Getenv("PIPER_buildTool"), "Defines the tool which is used for building the artifact.") 329 cmd.Flags().StringVar(&stepConfig.ConfigFilePath, "configFilePath", `./wss-unified-agent.config`, "Explicit path to the WhiteSource Unified Agent configuration file.") 330 cmd.Flags().StringVar(&stepConfig.ContainerRegistryPassword, "containerRegistryPassword", os.Getenv("PIPER_containerRegistryPassword"), "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment.") 331 cmd.Flags().StringVar(&stepConfig.ContainerRegistryUser, "containerRegistryUser", os.Getenv("PIPER_containerRegistryUser"), "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment.") 332 cmd.Flags().BoolVar(&stepConfig.CreateProductFromPipeline, "createProductFromPipeline", true, "Whether to create the related WhiteSource product on the fly based on the supplied pipeline configuration.") 333 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "Custom version of the WhiteSource project used as source.") 334 cmd.Flags().StringVar(&stepConfig.CvssSeverityLimit, "cvssSeverityLimit", `-1`, "Limit of tolerable CVSS v3 score upon assessment and in consequence fails the build.") 335 cmd.Flags().StringVar(&stepConfig.ScanPath, "scanPath", `.`, "Directory where to start WhiteSource scan.") 336 cmd.Flags().StringVar(&stepConfig.DockerConfigJSON, "dockerConfigJSON", os.Getenv("PIPER_dockerConfigJSON"), "Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).") 337 cmd.Flags().StringSliceVar(&stepConfig.EmailAddressesOfInitialProductAdmins, "emailAddressesOfInitialProductAdmins", []string{}, "The list of email addresses to assign as product admins for newly created WhiteSource products.") 338 cmd.Flags().StringSliceVar(&stepConfig.Excludes, "excludes", []string{}, "List of file path patterns to exclude in the scan.") 339 cmd.Flags().BoolVar(&stepConfig.FailOnSevereVulnerabilities, "failOnSevereVulnerabilities", true, "Whether to fail the step on severe vulnerabilties or not") 340 cmd.Flags().StringSliceVar(&stepConfig.Includes, "includes", []string{}, "List of file path patterns to include in the scan.") 341 cmd.Flags().StringVar(&stepConfig.InstallCommand, "installCommand", os.Getenv("PIPER_installCommand"), "Install command that can be used to populate the default docker image for some scenarios.") 342 cmd.Flags().StringVar(&stepConfig.JreDownloadURL, "jreDownloadUrl", `https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.2/sapmachine-jre-11.0.2_linux-x64_bin.tar.gz`, "URL used for downloading the Java Runtime Environment (JRE) required to run the WhiteSource Unified Agent.") 343 cmd.Flags().BoolVar(&stepConfig.LicensingVulnerabilities, "licensingVulnerabilities", true, "[NOT IMPLEMENTED] Whether license compliance is considered and reported as part of the assessment.") 344 cmd.Flags().StringVar(&stepConfig.OrgToken, "orgToken", os.Getenv("PIPER_orgToken"), "WhiteSource token identifying your organization.") 345 cmd.Flags().StringVar(&stepConfig.ProductName, "productName", os.Getenv("PIPER_productName"), "Name of the WhiteSource product used for results aggregation. This parameter is mandatory if the parameter `createProductFromPipeline` is set to `true` and the WhiteSource product does not yet exist. It is also mandatory if the parameter `productToken` is not provided.") 346 cmd.Flags().StringVar(&stepConfig.ProductToken, "productToken", os.Getenv("PIPER_productToken"), "Token of the WhiteSource product to be created and used for results aggregation, usually determined automatically. Can optionally be provided as an alternative to `productName`.") 347 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Version of the WhiteSource product to be created and used for results aggregation.") 348 cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", os.Getenv("PIPER_projectName"), "The project name used for reporting results in WhiteSource. When provided, all source modules will be scanned into one aggregated WhiteSource project. For scan types `maven`, `mta`, `npm`, the default is to generate one WhiteSource project per module, whereas the project name is derived from the module's build descriptor. For NPM modules, project aggregation is not supported, the last scanned NPM module will override all previously aggregated scan results!") 349 cmd.Flags().StringVar(&stepConfig.ProjectToken, "projectToken", os.Getenv("PIPER_projectToken"), "Project token to execute scan on. Ignored for scan types `maven`, `mta` and `npm`. Used for project aggregation when scanning with the Unified Agent and can be provided as an alternative to `projectName`.") 350 cmd.Flags().BoolVar(&stepConfig.Reporting, "reporting", true, "Whether assessment is being done at all, defaults to `true`") 351 cmd.Flags().StringVar(&stepConfig.ScanImage, "scanImage", os.Getenv("PIPER_scanImage"), "For `buildTool: docker`: Defines the docker image which should be scanned.") 352 cmd.Flags().StringVar(&stepConfig.ScanImageRegistryURL, "scanImageRegistryUrl", os.Getenv("PIPER_scanImageRegistryUrl"), "For `buildTool: docker`: Defines the registry where the scanImage is located.") 353 cmd.Flags().BoolVar(&stepConfig.SecurityVulnerabilities, "securityVulnerabilities", true, "Whether security compliance is considered and reported as part of the assessment.") 354 cmd.Flags().StringVar(&stepConfig.ServiceURL, "serviceUrl", `https://saas.whitesourcesoftware.com/api`, "URL to the WhiteSource API endpoint.") 355 cmd.Flags().IntVar(&stepConfig.Timeout, "timeout", 900, "Timeout in seconds until an HTTP call is forcefully terminated.") 356 cmd.Flags().StringVar(&stepConfig.UserToken, "userToken", os.Getenv("PIPER_userToken"), "User token to access WhiteSource. In Jenkins use case this is automatically filled through the credentials.") 357 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The default project versioning model used in case `projectVersion` parameter is empty for creating the version based on the build descriptor version to report results in Whitesource, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`") 358 cmd.Flags().StringVar(&stepConfig.VulnerabilityReportFormat, "vulnerabilityReportFormat", `xlsx`, "Format of the file the vulnerability report is written to.") 359 cmd.Flags().StringVar(&stepConfig.VulnerabilityReportTitle, "vulnerabilityReportTitle", `WhiteSource Security Vulnerability Report`, "Title of vulnerability report written during the assessment phase.") 360 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.") 361 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.") 362 cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.") 363 cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running whitesource. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.") 364 cmd.Flags().StringVar(&stepConfig.DefaultNpmRegistry, "defaultNpmRegistry", os.Getenv("PIPER_defaultNpmRegistry"), "URL of the npm registry to use. Defaults to https://registry.npmjs.org/") 365 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 366 cmd.Flags().BoolVar(&stepConfig.CreateResultIssue, "createResultIssue", false, "Activate creation of a result issue in GitHub.") 367 cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") 368 cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Set the GitHub organization.") 369 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Set the GitHub repository.") 370 cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.") 371 cmd.Flags().StringSliceVar(&stepConfig.CustomTLSCertificateLinks, "customTlsCertificateLinks", []string{}, "List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with repositories (like nexus) when publish flag is set to true.") 372 cmd.Flags().StringVar(&stepConfig.PrivateModules, "privateModules", os.Getenv("PIPER_privateModules"), "Tells go which modules shall be considered to be private (by setting [GOPRIVATE](https://pkg.go.dev/cmd/go#hdr-Configuration_for_downloading_non_public_code)).") 373 cmd.Flags().StringVar(&stepConfig.PrivateModulesGitToken, "privateModulesGitToken", os.Getenv("PIPER_privateModulesGitToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.") 374 375 cmd.MarkFlagRequired("buildTool") 376 cmd.MarkFlagRequired("orgToken") 377 cmd.MarkFlagRequired("userToken") 378 } 379 380 // retrieve step metadata 381 func whitesourceExecuteScanMetadata() config.StepData { 382 var theMetaData = config.StepData{ 383 Metadata: config.StepMetadata{ 384 Name: "whitesourceExecuteScan", 385 Aliases: []config.Alias{}, 386 Description: "Execute a Mend (formerly known as WhiteSource) scan", 387 }, 388 Spec: config.StepSpec{ 389 Inputs: config.StepInputs{ 390 Secrets: []config.StepSecrets{ 391 {Name: "userTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing Whitesource user token.", Type: "jenkins", Aliases: []config.Alias{{Name: "whitesourceUserTokenCredentialsId", Deprecated: false}, {Name: "whitesource/userTokenCredentialsId", Deprecated: true}}}, 392 {Name: "orgAdminUserTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing Whitesource org admin token.", Type: "jenkins", Aliases: []config.Alias{{Name: "whitesourceOrgAdminUserTokenCredentialsId", Deprecated: false}, {Name: "whitesource/orgAdminUserTokenCredentialsId", Deprecated: true}}}, 393 {Name: "dockerConfigJsonCredentialsId", Description: "Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).", Type: "jenkins", Aliases: []config.Alias{{Name: "dockerCredentialsId", Deprecated: true}}}, 394 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 395 {Name: "golangPrivateModulesGitTokenCredentialsId", Description: "Jenkins 'Username with password' credentials ID containing username/password for http access to your git repos where your go private modules are stored.", Type: "jenkins"}, 396 }, 397 Resources: []config.StepResources{ 398 {Name: "buildDescriptor", Type: "stash"}, 399 {Name: "opensourceConfiguration", Type: "stash"}, 400 {Name: "checkmarx", Type: "stash"}, 401 {Name: "checkmarxOne", Type: "stash"}, 402 }, 403 Parameters: []config.StepParameters{ 404 { 405 Name: "agentDownloadUrl", 406 ResourceRef: []config.ResourceReference{}, 407 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 408 Type: "string", 409 Mandatory: false, 410 Aliases: []config.Alias{}, 411 Default: `https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar`, 412 }, 413 { 414 Name: "agentFileName", 415 ResourceRef: []config.ResourceReference{}, 416 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 417 Type: "string", 418 Mandatory: false, 419 Aliases: []config.Alias{}, 420 Default: `wss-unified-agent.jar`, 421 }, 422 { 423 Name: "agentParameters", 424 ResourceRef: []config.ResourceReference{}, 425 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 426 Type: "[]string", 427 Mandatory: false, 428 Aliases: []config.Alias{}, 429 Default: []string{}, 430 }, 431 { 432 Name: "agentUrl", 433 ResourceRef: []config.ResourceReference{}, 434 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 435 Type: "string", 436 Mandatory: false, 437 Aliases: []config.Alias{{Name: "whitesourceAgentUrl"}}, 438 Default: `https://saas.whitesourcesoftware.com/agent`, 439 }, 440 { 441 Name: "aggregateVersionWideReport", 442 ResourceRef: []config.ResourceReference{}, 443 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 444 Type: "bool", 445 Mandatory: false, 446 Aliases: []config.Alias{}, 447 Default: false, 448 }, 449 { 450 Name: "assessmentFile", 451 ResourceRef: []config.ResourceReference{}, 452 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 453 Type: "string", 454 Mandatory: false, 455 Aliases: []config.Alias{}, 456 Default: `hs-assessments.yaml`, 457 }, 458 { 459 Name: "buildDescriptorExcludeList", 460 ResourceRef: []config.ResourceReference{}, 461 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 462 Type: "[]string", 463 Mandatory: false, 464 Aliases: []config.Alias{}, 465 Default: []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, 466 }, 467 { 468 Name: "buildDescriptorFile", 469 ResourceRef: []config.ResourceReference{}, 470 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 471 Type: "string", 472 Mandatory: false, 473 Aliases: []config.Alias{}, 474 Default: os.Getenv("PIPER_buildDescriptorFile"), 475 }, 476 { 477 Name: "buildTool", 478 ResourceRef: []config.ResourceReference{ 479 { 480 Name: "commonPipelineEnvironment", 481 Param: "buildTool", 482 }, 483 }, 484 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 485 Type: "string", 486 Mandatory: true, 487 Aliases: []config.Alias{}, 488 Default: os.Getenv("PIPER_buildTool"), 489 }, 490 { 491 Name: "configFilePath", 492 ResourceRef: []config.ResourceReference{}, 493 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 494 Type: "string", 495 Mandatory: false, 496 Aliases: []config.Alias{}, 497 Default: `./wss-unified-agent.config`, 498 }, 499 { 500 Name: "containerRegistryPassword", 501 ResourceRef: []config.ResourceReference{ 502 { 503 Name: "commonPipelineEnvironment", 504 Param: "container/repositoryPassword", 505 }, 506 507 { 508 Name: "commonPipelineEnvironment", 509 Param: "custom/repositoryPassword", 510 }, 511 }, 512 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 513 Type: "string", 514 Mandatory: false, 515 Aliases: []config.Alias{}, 516 Default: os.Getenv("PIPER_containerRegistryPassword"), 517 }, 518 { 519 Name: "containerRegistryUser", 520 ResourceRef: []config.ResourceReference{ 521 { 522 Name: "commonPipelineEnvironment", 523 Param: "container/repositoryUsername", 524 }, 525 526 { 527 Name: "commonPipelineEnvironment", 528 Param: "custom/repositoryUsername", 529 }, 530 }, 531 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 532 Type: "string", 533 Mandatory: false, 534 Aliases: []config.Alias{}, 535 Default: os.Getenv("PIPER_containerRegistryUser"), 536 }, 537 { 538 Name: "createProductFromPipeline", 539 ResourceRef: []config.ResourceReference{}, 540 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 541 Type: "bool", 542 Mandatory: false, 543 Aliases: []config.Alias{}, 544 Default: true, 545 }, 546 { 547 Name: "customScanVersion", 548 ResourceRef: []config.ResourceReference{}, 549 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 550 Type: "string", 551 Mandatory: false, 552 Aliases: []config.Alias{}, 553 Default: os.Getenv("PIPER_customScanVersion"), 554 }, 555 { 556 Name: "cvssSeverityLimit", 557 ResourceRef: []config.ResourceReference{}, 558 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 559 Type: "string", 560 Mandatory: false, 561 Aliases: []config.Alias{}, 562 Default: `-1`, 563 }, 564 { 565 Name: "scanPath", 566 ResourceRef: []config.ResourceReference{}, 567 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 568 Type: "string", 569 Mandatory: false, 570 Aliases: []config.Alias{}, 571 Default: `.`, 572 }, 573 { 574 Name: "dockerConfigJSON", 575 ResourceRef: []config.ResourceReference{ 576 { 577 Name: "commonPipelineEnvironment", 578 Param: "custom/dockerConfigJSON", 579 }, 580 581 { 582 Name: "dockerConfigJsonCredentialsId", 583 Type: "secret", 584 }, 585 586 { 587 Name: "dockerConfigFileVaultSecretName", 588 Type: "vaultSecretFile", 589 Default: "docker-config", 590 }, 591 }, 592 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 593 Type: "string", 594 Mandatory: false, 595 Aliases: []config.Alias{}, 596 Default: os.Getenv("PIPER_dockerConfigJSON"), 597 }, 598 { 599 Name: "emailAddressesOfInitialProductAdmins", 600 ResourceRef: []config.ResourceReference{}, 601 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 602 Type: "[]string", 603 Mandatory: false, 604 Aliases: []config.Alias{}, 605 Default: []string{}, 606 }, 607 { 608 Name: "excludes", 609 ResourceRef: []config.ResourceReference{}, 610 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 611 Type: "[]string", 612 Mandatory: false, 613 Aliases: []config.Alias{}, 614 Default: []string{}, 615 }, 616 { 617 Name: "failOnSevereVulnerabilities", 618 ResourceRef: []config.ResourceReference{}, 619 Scope: []string{"PARAMETERS"}, 620 Type: "bool", 621 Mandatory: false, 622 Aliases: []config.Alias{}, 623 Default: true, 624 }, 625 { 626 Name: "includes", 627 ResourceRef: []config.ResourceReference{}, 628 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 629 Type: "[]string", 630 Mandatory: false, 631 Aliases: []config.Alias{}, 632 Default: []string{}, 633 }, 634 { 635 Name: "installCommand", 636 ResourceRef: []config.ResourceReference{}, 637 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 638 Type: "string", 639 Mandatory: false, 640 Aliases: []config.Alias{}, 641 Default: os.Getenv("PIPER_installCommand"), 642 }, 643 { 644 Name: "jreDownloadUrl", 645 ResourceRef: []config.ResourceReference{}, 646 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 647 Type: "string", 648 Mandatory: false, 649 Aliases: []config.Alias{{Name: "whitesource/jreDownloadUrl", Deprecated: true}}, 650 Default: `https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.2/sapmachine-jre-11.0.2_linux-x64_bin.tar.gz`, 651 }, 652 { 653 Name: "licensingVulnerabilities", 654 ResourceRef: []config.ResourceReference{}, 655 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 656 Type: "bool", 657 Mandatory: false, 658 Aliases: []config.Alias{}, 659 Default: true, 660 }, 661 { 662 Name: "orgToken", 663 ResourceRef: []config.ResourceReference{ 664 { 665 Name: "orgAdminUserTokenCredentialsId", 666 Type: "secret", 667 }, 668 669 { 670 Name: "whitesourceVaultSecret", 671 Type: "vaultSecret", 672 Default: "whitesource", 673 }, 674 }, 675 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 676 Type: "string", 677 Mandatory: true, 678 Aliases: []config.Alias{{Name: "whitesourceOrgToken"}, {Name: "whitesource/orgToken", Deprecated: true}}, 679 Default: os.Getenv("PIPER_orgToken"), 680 }, 681 { 682 Name: "productName", 683 ResourceRef: []config.ResourceReference{}, 684 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 685 Type: "string", 686 Mandatory: false, 687 Aliases: []config.Alias{{Name: "whitesourceProductName"}, {Name: "whitesource/productName", Deprecated: true}}, 688 Default: os.Getenv("PIPER_productName"), 689 }, 690 { 691 Name: "productToken", 692 ResourceRef: []config.ResourceReference{}, 693 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 694 Type: "string", 695 Mandatory: false, 696 Aliases: []config.Alias{{Name: "whitesourceProductToken"}, {Name: "whitesource/productToken", Deprecated: true}}, 697 Default: os.Getenv("PIPER_productToken"), 698 }, 699 { 700 Name: "version", 701 ResourceRef: []config.ResourceReference{ 702 { 703 Name: "commonPipelineEnvironment", 704 Param: "artifactVersion", 705 }, 706 }, 707 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 708 Type: "string", 709 Mandatory: false, 710 Aliases: []config.Alias{{Name: "productVersion"}, {Name: "whitesourceProductVersion"}, {Name: "whitesource/productVersion", Deprecated: true}}, 711 Default: os.Getenv("PIPER_version"), 712 }, 713 { 714 Name: "projectName", 715 ResourceRef: []config.ResourceReference{}, 716 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 717 Type: "string", 718 Mandatory: false, 719 Aliases: []config.Alias{{Name: "whitesourceProjectName"}}, 720 Default: os.Getenv("PIPER_projectName"), 721 }, 722 { 723 Name: "projectToken", 724 ResourceRef: []config.ResourceReference{}, 725 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 726 Type: "string", 727 Mandatory: false, 728 Aliases: []config.Alias{}, 729 Default: os.Getenv("PIPER_projectToken"), 730 }, 731 { 732 Name: "reporting", 733 ResourceRef: []config.ResourceReference{}, 734 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 735 Type: "bool", 736 Mandatory: false, 737 Aliases: []config.Alias{}, 738 Default: true, 739 }, 740 { 741 Name: "scanImage", 742 ResourceRef: []config.ResourceReference{ 743 { 744 Name: "commonPipelineEnvironment", 745 Param: "container/imageNameTag", 746 }, 747 }, 748 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 749 Type: "string", 750 Mandatory: false, 751 Aliases: []config.Alias{}, 752 Default: os.Getenv("PIPER_scanImage"), 753 }, 754 { 755 Name: "scanImageRegistryUrl", 756 ResourceRef: []config.ResourceReference{ 757 { 758 Name: "commonPipelineEnvironment", 759 Param: "container/registryUrl", 760 }, 761 }, 762 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 763 Type: "string", 764 Mandatory: false, 765 Aliases: []config.Alias{}, 766 Default: os.Getenv("PIPER_scanImageRegistryUrl"), 767 }, 768 { 769 Name: "securityVulnerabilities", 770 ResourceRef: []config.ResourceReference{}, 771 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 772 Type: "bool", 773 Mandatory: false, 774 Aliases: []config.Alias{}, 775 Default: true, 776 }, 777 { 778 Name: "serviceUrl", 779 ResourceRef: []config.ResourceReference{}, 780 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 781 Type: "string", 782 Mandatory: false, 783 Aliases: []config.Alias{{Name: "whitesourceServiceUrl"}, {Name: "whitesource/serviceUrl", Deprecated: true}}, 784 Default: `https://saas.whitesourcesoftware.com/api`, 785 }, 786 { 787 Name: "timeout", 788 ResourceRef: []config.ResourceReference{}, 789 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 790 Type: "int", 791 Mandatory: false, 792 Aliases: []config.Alias{}, 793 Default: 900, 794 }, 795 { 796 Name: "userToken", 797 ResourceRef: []config.ResourceReference{ 798 { 799 Name: "userTokenCredentialsId", 800 Type: "secret", 801 }, 802 803 { 804 Name: "whitesourceVaultSecret", 805 Type: "vaultSecret", 806 Default: "whitesource", 807 }, 808 }, 809 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 810 Type: "string", 811 Mandatory: true, 812 Aliases: []config.Alias{}, 813 Default: os.Getenv("PIPER_userToken"), 814 }, 815 { 816 Name: "versioningModel", 817 ResourceRef: []config.ResourceReference{}, 818 Scope: []string{"PARAMETERS", "STAGES", "STEPS", "GENERAL"}, 819 Type: "string", 820 Mandatory: false, 821 Aliases: []config.Alias{{Name: "defaultVersioningModel"}}, 822 Default: `major`, 823 }, 824 { 825 Name: "vulnerabilityReportFormat", 826 ResourceRef: []config.ResourceReference{}, 827 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 828 Type: "string", 829 Mandatory: false, 830 Aliases: []config.Alias{}, 831 Default: `xlsx`, 832 }, 833 { 834 Name: "vulnerabilityReportTitle", 835 ResourceRef: []config.ResourceReference{}, 836 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 837 Type: "string", 838 Mandatory: false, 839 Aliases: []config.Alias{}, 840 Default: `WhiteSource Security Vulnerability Report`, 841 }, 842 { 843 Name: "projectSettingsFile", 844 ResourceRef: []config.ResourceReference{}, 845 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 846 Type: "string", 847 Mandatory: false, 848 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 849 Default: os.Getenv("PIPER_projectSettingsFile"), 850 }, 851 { 852 Name: "globalSettingsFile", 853 ResourceRef: []config.ResourceReference{}, 854 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 855 Type: "string", 856 Mandatory: false, 857 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 858 Default: os.Getenv("PIPER_globalSettingsFile"), 859 }, 860 { 861 Name: "m2Path", 862 ResourceRef: []config.ResourceReference{}, 863 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 864 Type: "string", 865 Mandatory: false, 866 Aliases: []config.Alias{{Name: "maven/m2Path"}}, 867 Default: os.Getenv("PIPER_m2Path"), 868 }, 869 { 870 Name: "installArtifacts", 871 ResourceRef: []config.ResourceReference{}, 872 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 873 Type: "bool", 874 Mandatory: false, 875 Aliases: []config.Alias{}, 876 Default: false, 877 }, 878 { 879 Name: "defaultNpmRegistry", 880 ResourceRef: []config.ResourceReference{}, 881 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 882 Type: "string", 883 Mandatory: false, 884 Aliases: []config.Alias{{Name: "npm/defaultNpmRegistry"}}, 885 Default: os.Getenv("PIPER_defaultNpmRegistry"), 886 }, 887 { 888 Name: "githubToken", 889 ResourceRef: []config.ResourceReference{ 890 { 891 Name: "githubTokenCredentialsId", 892 Type: "secret", 893 }, 894 895 { 896 Name: "githubVaultSecretName", 897 Type: "vaultSecret", 898 Default: "github", 899 }, 900 }, 901 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 902 Type: "string", 903 Mandatory: false, 904 Aliases: []config.Alias{{Name: "access_token"}}, 905 Default: os.Getenv("PIPER_githubToken"), 906 }, 907 { 908 Name: "createResultIssue", 909 ResourceRef: []config.ResourceReference{ 910 { 911 Name: "commonPipelineEnvironment", 912 Param: "custom/isOptimizedAndScheduled", 913 }, 914 }, 915 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 916 Type: "bool", 917 Mandatory: false, 918 Aliases: []config.Alias{}, 919 Default: false, 920 }, 921 { 922 Name: "githubApiUrl", 923 ResourceRef: []config.ResourceReference{}, 924 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 925 Type: "string", 926 Mandatory: false, 927 Aliases: []config.Alias{}, 928 Default: `https://api.github.com`, 929 }, 930 { 931 Name: "owner", 932 ResourceRef: []config.ResourceReference{ 933 { 934 Name: "commonPipelineEnvironment", 935 Param: "github/owner", 936 }, 937 }, 938 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 939 Type: "string", 940 Mandatory: false, 941 Aliases: []config.Alias{{Name: "githubOrg"}}, 942 Default: os.Getenv("PIPER_owner"), 943 }, 944 { 945 Name: "repository", 946 ResourceRef: []config.ResourceReference{ 947 { 948 Name: "commonPipelineEnvironment", 949 Param: "github/repository", 950 }, 951 }, 952 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 953 Type: "string", 954 Mandatory: false, 955 Aliases: []config.Alias{{Name: "githubRepo"}}, 956 Default: os.Getenv("PIPER_repository"), 957 }, 958 { 959 Name: "assignees", 960 ResourceRef: []config.ResourceReference{}, 961 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 962 Type: "[]string", 963 Mandatory: false, 964 Aliases: []config.Alias{}, 965 Default: []string{``}, 966 }, 967 { 968 Name: "customTlsCertificateLinks", 969 ResourceRef: []config.ResourceReference{}, 970 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 971 Type: "[]string", 972 Mandatory: false, 973 Aliases: []config.Alias{}, 974 Default: []string{}, 975 }, 976 { 977 Name: "privateModules", 978 ResourceRef: []config.ResourceReference{}, 979 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 980 Type: "string", 981 Mandatory: false, 982 Aliases: []config.Alias{}, 983 Default: os.Getenv("PIPER_privateModules"), 984 }, 985 { 986 Name: "privateModulesGitToken", 987 ResourceRef: []config.ResourceReference{ 988 { 989 Name: "golangPrivateModulesGitTokenCredentialsId", 990 Param: "password", 991 Type: "secret", 992 }, 993 994 { 995 Name: "golangPrivateModulesGitTokenVaultSecret", 996 Type: "vaultSecret", 997 Default: "golang", 998 }, 999 }, 1000 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 1001 Type: "string", 1002 Mandatory: false, 1003 Aliases: []config.Alias{}, 1004 Default: os.Getenv("PIPER_privateModulesGitToken"), 1005 }, 1006 }, 1007 }, 1008 Containers: []config.Container{ 1009 {Image: "buildpack-deps:stretch-curl", WorkingDir: "/tmp", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "dub"}, {Name: "buildTool", Value: "docker"}}}}}, 1010 {Image: "devxci/mbtci-java11-node14", WorkingDir: "/home/mta", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "mta"}}}}}, 1011 {Image: "golang:1", WorkingDir: "/go", Options: []config.Option{{Name: "-u", Value: "0"}}, Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "golang"}}}}}, 1012 {Image: "gradle", WorkingDir: "/home/gradle", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "gradle"}}}}}, 1013 {Image: "hseeberger/scala-sbt:8u181_2.12.8_1.2.8", WorkingDir: "/tmp", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "sbt"}}}}}, 1014 {Image: "maven:3.5-jdk-8", WorkingDir: "/tmp", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "maven"}}}}}, 1015 {Image: "node:lts-buster", WorkingDir: "/home/node", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "npm"}}}}}, 1016 {Image: "python:3.6-stretch", WorkingDir: "/tmp", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "pip"}}}}}, 1017 {Image: "node:lts-buster", WorkingDir: "/home/node", Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "yarn"}}}}}, 1018 }, 1019 Outputs: config.StepOutputs{ 1020 Resources: []config.StepResources{ 1021 { 1022 Name: "commonPipelineEnvironment", 1023 Type: "piperEnvironment", 1024 Parameters: []map[string]interface{}{ 1025 {"name": "custom/whitesourceProjectNames", "type": "[]string"}, 1026 }, 1027 }, 1028 { 1029 Name: "influx", 1030 Type: "influx", 1031 Parameters: []map[string]interface{}{ 1032 {"name": "step_data", "fields": []map[string]string{{"name": "whitesource"}}}, 1033 {"name": "whitesource_data", "fields": []map[string]string{{"name": "vulnerabilities"}, {"name": "major_vulnerabilities"}, {"name": "minor_vulnerabilities"}, {"name": "policy_violations"}}}, 1034 }, 1035 }, 1036 { 1037 Name: "reports", 1038 Type: "reports", 1039 Parameters: []map[string]interface{}{ 1040 {"filePattern": "**/whitesource-ip.json", "type": "whitesource-ip"}, 1041 {"filePattern": "**/*risk-report.pdf", "type": "whitesource-ip"}, 1042 {"filePattern": "**/toolrun_whitesource_*.json", "type": "whitesource-ip"}, 1043 {"filePattern": "**/piper_whitesource_vulnerability_report.html", "type": "whitesource-security"}, 1044 {"filePattern": "**/*risk-report.pdf", "type": "whitesource-security"}, 1045 {"filePattern": "**/toolrun_whitesource_*.json", "type": "whitesource-security"}, 1046 {"filePattern": "**/piper_whitesource_vulnerability.sarif", "type": "whitesource-security"}, 1047 {"filePattern": "**/piper_whitesource_sbom.xml", "type": "whitesource-security"}, 1048 }, 1049 }, 1050 }, 1051 }, 1052 }, 1053 } 1054 return theMetaData 1055 }