github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/documentation/docs/steps/detectExecuteScan.md

github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/documentation/docs/steps/detectExecuteScan.md (about)

     1  # ${docGenStepName}
     2  
     3  ## ${docGenDescription}
     4  
     5  ## Prerequisites
     6  
     7  You need to store the API token for the Detect service as _'Secret text'_ credential in your Jenkins system.
     8  
     9  ## ${docJenkinsPluginDependencies}
    10  
    11  ## ${docGenParameters}
    12  
    13  ## ${docGenConfiguration}
    14  
    15  ## Rapid scan
    16  
    17  In addition to the full scan, Black Duck also offers a faster and easier scan option, called <a href="https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=downloadingandrunning%2Frapidscan.html&_LANG=enus" target="_blank">Rapid Scan</a>.
    18  Its main advantage is speed. In most cases, the scan is completed in less than 30 seconds. It doesn't save any information on the Black Duck side.
    19  The result can be found in the pipeline console.
    20  
    21  - **Note**
    22    By default, Black Duck scans run in 'FULL' mode. Although rapid scans do appropriate security checks for early detection of issues during daily developments, they are not sufficient for production deployment and releases: Only use 'FULL' scans for production deployment and releases.
    23  
    24  ### Running rapid scans on pull requests
    25  
    26  If you have configured your orchestrator to detect pull requests, then the `detecExecuationScan` step in the Piper pipeline can recognize this and change the Black Duck scan mode from 'FULL' to 'RAPID'. This does not affect the usual branch scans.
    27  
    28  - **Note**
    29    * This functionality is not applicable to the GPP (General Purpose Pipeline)
    30    * This can only be used for custom pipelines based on the Jenkins piper library
    31  
    32  #### How to run rapid scans
    33  
    34  1. Specify all the required parameters for the detectExecution step in .pipeline/config.yml
    35     Optionally you can specify `githubApi` and `githubToken` in the detectExecution step to get the result in the pull request comment.
    36     For example:
    37  
    38      ```
    39      ...
    40      steps:
    41        ...
    42        detectExecuteScan:
    43          serverUrl: 'https://sap-staging.app.blackduck.com/'
    44          detectTokenCredentialsId: 'JenkinsCredentialsIdForBlackDuckToken'
    45          projectName: 'projectNameInBlackDuckUI'
    46          version: 'v1.0'
    47          githubApiUrl: 'https://github.wdf.sap.corp/api/v3'
    48          githubToken: 'JenkinsCredentialsIdForGithub'
    49        ...
    50      ...
    51      ```
    52  
    53  2. Enable detecExecuationScan in the orchestrator.
    54    For example:
    55  
    56      ```
    57      @Library('piper-lib') _
    58      @Library('piper-lib-os') __
    59  
    60      node {
    61        stage('Init') {
    62          checkout scm
    63          setupPipelineEnvironment script: this
    64        }
    65        stage('detectExecuteScan') {
    66           detectExecuteScan script: this
    67        }
    68        ...
    69      }
    70      ```
    71  
    72  3. To run the rapid scan, open a pull request with your changes to the main branch.
    73  
    74  #### Result of the rapid scan
    75  
    76  If you provide `githubApi` and `githubToken`, then the pipeline adds the scan result to the comment of the opened pull request.
    77  
    78  ![blackDuckPullRequestComment](../images/BDRapidScanPrs.png)