github.com/xgoffin/jenkins-library@v1.154.0/cmd/detectExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type detectExecuteScanOptions struct { 25 Token string `json:"token,omitempty"` 26 CodeLocation string `json:"codeLocation,omitempty"` 27 ProjectName string `json:"projectName,omitempty"` 28 Scanners []string `json:"scanners,omitempty" validate:"possible-values=signature source"` 29 ScanPaths []string `json:"scanPaths,omitempty"` 30 DependencyPath string `json:"dependencyPath,omitempty"` 31 Unmap bool `json:"unmap,omitempty"` 32 ScanProperties []string `json:"scanProperties,omitempty"` 33 ServerURL string `json:"serverUrl,omitempty"` 34 Groups []string `json:"groups,omitempty"` 35 FailOn []string `json:"failOn,omitempty" validate:"possible-values=ALL BLOCKER CRITICAL MAJOR MINOR NONE"` 36 VersioningModel string `json:"versioningModel,omitempty" validate:"possible-values=major major-minor semantic full"` 37 Version string `json:"version,omitempty"` 38 CustomScanVersion string `json:"customScanVersion,omitempty"` 39 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 40 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 41 M2Path string `json:"m2Path,omitempty"` 42 InstallArtifacts bool `json:"installArtifacts,omitempty"` 43 IncludedPackageManagers []string `json:"includedPackageManagers,omitempty"` 44 ExcludedPackageManagers []string `json:"excludedPackageManagers,omitempty"` 45 MavenExcludedScopes []string `json:"mavenExcludedScopes,omitempty"` 46 DetectTools []string `json:"detectTools,omitempty"` 47 ScanOnChanges bool `json:"scanOnChanges,omitempty"` 48 CustomEnvironmentVariables []string `json:"customEnvironmentVariables,omitempty"` 49 GithubToken string `json:"githubToken,omitempty"` 50 CreateResultIssue bool `json:"createResultIssue,omitempty"` 51 GithubAPIURL string `json:"githubApiUrl,omitempty"` 52 Owner string `json:"owner,omitempty"` 53 Repository string `json:"repository,omitempty"` 54 Assignees []string `json:"assignees,omitempty"` 55 CustomTLSCertificateLinks []string `json:"customTlsCertificateLinks,omitempty"` 56 } 57 58 type detectExecuteScanInflux struct { 59 step_data struct { 60 fields struct { 61 detect bool 62 } 63 tags struct { 64 } 65 } 66 detect_data struct { 67 fields struct { 68 vulnerabilities int 69 major_vulnerabilities int 70 minor_vulnerabilities int 71 components int 72 policy_violations int 73 } 74 tags struct { 75 } 76 } 77 } 78 79 func (i *detectExecuteScanInflux) persist(path, resourceName string) { 80 measurementContent := []struct { 81 measurement string 82 valType string 83 name string 84 value interface{} 85 }{ 86 {valType: config.InfluxField, measurement: "step_data", name: "detect", value: i.step_data.fields.detect}, 87 {valType: config.InfluxField, measurement: "detect_data", name: "vulnerabilities", value: i.detect_data.fields.vulnerabilities}, 88 {valType: config.InfluxField, measurement: "detect_data", name: "major_vulnerabilities", value: i.detect_data.fields.major_vulnerabilities}, 89 {valType: config.InfluxField, measurement: "detect_data", name: "minor_vulnerabilities", value: i.detect_data.fields.minor_vulnerabilities}, 90 {valType: config.InfluxField, measurement: "detect_data", name: "components", value: i.detect_data.fields.components}, 91 {valType: config.InfluxField, measurement: "detect_data", name: "policy_violations", value: i.detect_data.fields.policy_violations}, 92 } 93 94 errCount := 0 95 for _, metric := range measurementContent { 96 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 97 if err != nil { 98 log.Entry().WithError(err).Error("Error persisting influx environment.") 99 errCount++ 100 } 101 } 102 if errCount > 0 { 103 log.Entry().Error("failed to persist Influx environment") 104 } 105 } 106 107 type detectExecuteScanReports struct { 108 } 109 110 func (p *detectExecuteScanReports) persist(stepConfig detectExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 111 if gcsBucketId == "" { 112 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 113 return 114 } 115 log.Entry().Info("Uploading reports to Google Cloud Storage...") 116 content := []gcs.ReportOutputParam{ 117 {FilePattern: "**/*BlackDuck_RiskReport.pdf", ParamRef: "", StepResultType: "blackduck-ip"}, 118 {FilePattern: "blackduck-ip.json", ParamRef: "", StepResultType: "blackduck-ip"}, 119 {FilePattern: "**/toolrun_detectExecute_*.json", ParamRef: "", StepResultType: "blackduck-ip"}, 120 {FilePattern: "**/piper_detect_vulnerability_report.html", ParamRef: "", StepResultType: "blackduck-ip"}, 121 {FilePattern: "**/detectExecuteScan_oss_*.json", ParamRef: "", StepResultType: "blackduck-ip"}, 122 {FilePattern: "**/piper_detect_policy_violation_report.html", ParamRef: "", StepResultType: "blackduck-ip"}, 123 {FilePattern: "**/detectExecuteScan_policy_*.json", ParamRef: "", StepResultType: "blackduck-ip"}, 124 } 125 envVars := []gcs.EnvVar{ 126 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 127 } 128 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 129 if err != nil { 130 log.Entry().Errorf("creation of GCS client failed: %v", err) 131 return 132 } 133 defer gcsClient.Close() 134 structVal := reflect.ValueOf(&stepConfig).Elem() 135 inputParameters := map[string]string{} 136 for i := 0; i < structVal.NumField(); i++ { 137 field := structVal.Type().Field(i) 138 if field.Type.String() == "string" { 139 paramName := strings.Split(field.Tag.Get("json"), ",") 140 paramValue, _ := structVal.Field(i).Interface().(string) 141 inputParameters[paramName[0]] = paramValue 142 } 143 } 144 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 145 log.Entry().Errorf("failed to persist reports: %v", err) 146 } 147 } 148 149 // DetectExecuteScanCommand Executes Synopsys Detect scan 150 func DetectExecuteScanCommand() *cobra.Command { 151 const STEP_NAME = "detectExecuteScan" 152 153 metadata := detectExecuteScanMetadata() 154 var stepConfig detectExecuteScanOptions 155 var startTime time.Time 156 var influx detectExecuteScanInflux 157 var reports detectExecuteScanReports 158 var logCollector *log.CollectorHook 159 var splunkClient *splunk.Splunk 160 telemetryClient := &telemetry.Telemetry{} 161 162 var createDetectExecuteScanCmd = &cobra.Command{ 163 Use: STEP_NAME, 164 Short: "Executes Synopsys Detect scan", 165 Long: `This step executes [Synopsys Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans. 166 Synopsys Detect command line utlity can be used to run various scans including BlackDuck and Polaris scans. This step allows users to run BlackDuck scans by default. 167 Please configure your BlackDuck server Url using the serverUrl parameter and the API token of your user using the apiToken parameter for this step.`, 168 PreRunE: func(cmd *cobra.Command, _ []string) error { 169 startTime = time.Now() 170 log.SetStepName(STEP_NAME) 171 log.SetVerbose(GeneralConfig.Verbose) 172 173 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 174 175 path, _ := os.Getwd() 176 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 177 log.RegisterHook(fatalHook) 178 179 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 180 if err != nil { 181 log.SetErrorCategory(log.ErrorConfiguration) 182 return err 183 } 184 log.RegisterSecret(stepConfig.Token) 185 log.RegisterSecret(stepConfig.GithubToken) 186 187 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 188 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 189 log.RegisterHook(&sentryHook) 190 } 191 192 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 193 splunkClient = &splunk.Splunk{} 194 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 195 log.RegisterHook(logCollector) 196 } 197 198 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 199 if err != nil { 200 return err 201 } 202 if err = validation.ValidateStruct(stepConfig); err != nil { 203 log.SetErrorCategory(log.ErrorConfiguration) 204 return err 205 } 206 207 return nil 208 }, 209 Run: func(_ *cobra.Command, _ []string) { 210 stepTelemetryData := telemetry.CustomData{} 211 stepTelemetryData.ErrorCode = "1" 212 handler := func() { 213 influx.persist(GeneralConfig.EnvRootPath, "influx") 214 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 215 config.RemoveVaultSecretFiles() 216 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 217 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 218 stepTelemetryData.PiperCommitHash = GitCommit 219 telemetryClient.SetData(&stepTelemetryData) 220 telemetryClient.Send() 221 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 222 splunkClient.Send(telemetryClient.GetData(), logCollector) 223 } 224 } 225 log.DeferExitHandler(handler) 226 defer handler() 227 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 228 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 229 splunkClient.Initialize(GeneralConfig.CorrelationID, 230 GeneralConfig.HookConfig.SplunkConfig.Dsn, 231 GeneralConfig.HookConfig.SplunkConfig.Token, 232 GeneralConfig.HookConfig.SplunkConfig.Index, 233 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 234 } 235 detectExecuteScan(stepConfig, &stepTelemetryData, &influx) 236 stepTelemetryData.ErrorCode = "0" 237 log.Entry().Info("SUCCESS") 238 }, 239 } 240 241 addDetectExecuteScanFlags(createDetectExecuteScanCmd, &stepConfig) 242 return createDetectExecuteScanCmd 243 } 244 245 func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScanOptions) { 246 cmd.Flags().StringVar(&stepConfig.Token, "token", os.Getenv("PIPER_token"), "Api token to be used for connectivity with Synopsis Detect server.") 247 cmd.Flags().StringVar(&stepConfig.CodeLocation, "codeLocation", os.Getenv("PIPER_codeLocation"), "An override for the name Detect will use for the scan file it creates.") 248 cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", os.Getenv("PIPER_projectName"), "Name of the Synopsis Detect (formerly BlackDuck) project.") 249 cmd.Flags().StringSliceVar(&stepConfig.Scanners, "scanners", []string{`signature`}, "List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.") 250 cmd.Flags().StringSliceVar(&stepConfig.ScanPaths, "scanPaths", []string{`.`}, "List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.") 251 cmd.Flags().StringVar(&stepConfig.DependencyPath, "dependencyPath", `.`, "Absolute Path of the dependency management file of the project. This path represents the folder which contains the pom file, package.json etc. If the project contains multiple pom files, provide the path to the parent pom file or the base folder of the project") 252 cmd.Flags().BoolVar(&stepConfig.Unmap, "unmap", false, "Unmap flag will unmap all previous code locations and keep only the current scan results in the specified project version. Set this parameter to true, when the project version needs to store only the latest scan results.") 253 cmd.Flags().StringSliceVar(&stepConfig.ScanProperties, "scanProperties", []string{`--blackduck.signature.scanner.memory=4096`, `--detect.timeout=6000`, `--blackduck.trust.cert=true`, `--logging.level.com.synopsys.integration=DEBUG`, `--detect.maven.excluded.scopes=test`}, "Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)") 254 cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Server URL to the Synopsis Detect (formerly BlackDuck) Server.") 255 cmd.Flags().StringSliceVar(&stepConfig.Groups, "groups", []string{}, "Users groups to be assigned for the Project") 256 cmd.Flags().StringSliceVar(&stepConfig.FailOn, "failOn", []string{`BLOCKER`}, "Mark the current build as fail based on the policy categories applied.") 257 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1") 258 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.") 259 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "A custom version used along with the uploaded scan results.") 260 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path or url to the mvn settings file that should be used as project settings file.") 261 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path or url to the mvn settings file that should be used as global settings file") 262 cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.") 263 cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running detect. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.") 264 cmd.Flags().StringSliceVar(&stepConfig.IncludedPackageManagers, "includedPackageManagers", []string{}, "The package managers that need to be included for this scan. Providing the package manager names with this parameter will ensure that the build descriptor file of that package manager will be searched in the scan folder For the complete list of possible values for this parameter, please refer [Synopsys detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631407160/Configuring+Detect+General+Properties#Detector-types-included-(Advanced))") 265 cmd.Flags().StringSliceVar(&stepConfig.ExcludedPackageManagers, "excludedPackageManagers", []string{}, "The package managers that need to be excluded for this scan. Providing the package manager names with this parameter will ensure that the build descriptor file of that package manager will be ignored in the scan folder For the complete list of possible values for this parameter, please refer [Synopsys detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631407160/Configuring+Detect+General+Properties#%5BhardBreak%5DDetector-types-excluded-(Advanced))") 266 cmd.Flags().StringSliceVar(&stepConfig.MavenExcludedScopes, "mavenExcludedScopes", []string{}, "The maven scopes that need to be excluded from the scan. For example, setting the value 'test' will exclude all components which are defined with a test scope in maven") 267 cmd.Flags().StringSliceVar(&stepConfig.DetectTools, "detectTools", []string{}, "The type of BlackDuck scanners to include while running the BlackDuck scan. By default All scanners are included. For the complete list of possible values, Please refer [Synopsys detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631407160/Configuring+Detect+General+Properties#Detect-tools-included)") 268 cmd.Flags().BoolVar(&stepConfig.ScanOnChanges, "scanOnChanges", false, "This flag determines if the scan is submitted to the server. If set to true, then the scan request is submitted to the server only when changes are detected in the Open Source Bill of Materials If the flag is set to false, then the scan request is submitted to server regardless of any changes. For more details please refer to the [documentation](https://github.com/blackducksoftware/detect_rescan/blob/master/README.md)") 269 cmd.Flags().StringSliceVar(&stepConfig.CustomEnvironmentVariables, "customEnvironmentVariables", []string{}, "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan. This includes a list of environment variables defined by Synopsys. The full list can be found [here](https://synopsys.atlassian.net/wiki/spaces/IA/pages/1562214619/Shell+Script+Reference+6.9.0) This list affects the detect script downloaded while running the scan. By default detect7.sh will be used. To continue using detect6, please use DETECT_LATEST_RELEASE_VERSION and set it to a valid value defined [here](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=releasenotes.html&_LANG=enus)") 270 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 271 cmd.Flags().BoolVar(&stepConfig.CreateResultIssue, "createResultIssue", false, "Whether the step creates a GitHub issue containing the scan results in the originating repo. Since optimized pipelines are headless the creation is implicitly activated for scheduled runs.") 272 cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") 273 cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Set the GitHub organization.") 274 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Set the GitHub repository.") 275 cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.") 276 cmd.Flags().StringSliceVar(&stepConfig.CustomTLSCertificateLinks, "customTlsCertificateLinks", []string{}, "List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with repositories (like nexus) when publish flag is set to true.") 277 278 cmd.MarkFlagRequired("token") 279 cmd.MarkFlagRequired("projectName") 280 cmd.MarkFlagRequired("serverUrl") 281 } 282 283 // retrieve step metadata 284 func detectExecuteScanMetadata() config.StepData { 285 var theMetaData = config.StepData{ 286 Metadata: config.StepMetadata{ 287 Name: "detectExecuteScan", 288 Aliases: []config.Alias{}, 289 Description: "Executes Synopsys Detect scan", 290 }, 291 Spec: config.StepSpec{ 292 Inputs: config.StepInputs{ 293 Secrets: []config.StepSecrets{ 294 {Name: "detectTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing the API token used to authenticate with the Synopsis Detect (formerly BlackDuck) Server.", Type: "jenkins", Aliases: []config.Alias{{Name: "apiTokenCredentialsId", Deprecated: false}}}, 295 }, 296 Resources: []config.StepResources{ 297 {Name: "buildDescriptor", Type: "stash"}, 298 {Name: "checkmarx", Type: "stash"}, 299 }, 300 Parameters: []config.StepParameters{ 301 { 302 Name: "token", 303 ResourceRef: []config.ResourceReference{ 304 { 305 Name: "detectTokenCredentialsId", 306 Type: "secret", 307 }, 308 309 { 310 Name: "detectVaultSecretName", 311 Type: "vaultSecret", 312 Default: "detect", 313 }, 314 }, 315 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 316 Type: "string", 317 Mandatory: true, 318 Aliases: []config.Alias{{Name: "blackduckToken"}, {Name: "detectToken"}, {Name: "apiToken", Deprecated: true}, {Name: "detect/apiToken", Deprecated: true}}, 319 Default: os.Getenv("PIPER_token"), 320 }, 321 { 322 Name: "codeLocation", 323 ResourceRef: []config.ResourceReference{}, 324 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 325 Type: "string", 326 Mandatory: false, 327 Aliases: []config.Alias{}, 328 Default: os.Getenv("PIPER_codeLocation"), 329 }, 330 { 331 Name: "projectName", 332 ResourceRef: []config.ResourceReference{}, 333 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 334 Type: "string", 335 Mandatory: true, 336 Aliases: []config.Alias{{Name: "detect/projectName"}}, 337 Default: os.Getenv("PIPER_projectName"), 338 }, 339 { 340 Name: "scanners", 341 ResourceRef: []config.ResourceReference{}, 342 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 343 Type: "[]string", 344 Mandatory: false, 345 Aliases: []config.Alias{{Name: "detect/scanners"}}, 346 Default: []string{`signature`}, 347 }, 348 { 349 Name: "scanPaths", 350 ResourceRef: []config.ResourceReference{}, 351 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 352 Type: "[]string", 353 Mandatory: false, 354 Aliases: []config.Alias{{Name: "detect/scanPaths"}}, 355 Default: []string{`.`}, 356 }, 357 { 358 Name: "dependencyPath", 359 ResourceRef: []config.ResourceReference{}, 360 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 361 Type: "string", 362 Mandatory: false, 363 Aliases: []config.Alias{{Name: "detect/dependencyPath"}}, 364 Default: `.`, 365 }, 366 { 367 Name: "unmap", 368 ResourceRef: []config.ResourceReference{}, 369 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 370 Type: "bool", 371 Mandatory: false, 372 Aliases: []config.Alias{{Name: "detect/unmap"}}, 373 Default: false, 374 }, 375 { 376 Name: "scanProperties", 377 ResourceRef: []config.ResourceReference{}, 378 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 379 Type: "[]string", 380 Mandatory: false, 381 Aliases: []config.Alias{{Name: "detect/scanProperties"}}, 382 Default: []string{`--blackduck.signature.scanner.memory=4096`, `--detect.timeout=6000`, `--blackduck.trust.cert=true`, `--logging.level.com.synopsys.integration=DEBUG`, `--detect.maven.excluded.scopes=test`}, 383 }, 384 { 385 Name: "serverUrl", 386 ResourceRef: []config.ResourceReference{}, 387 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 388 Type: "string", 389 Mandatory: true, 390 Aliases: []config.Alias{{Name: "detect/serverUrl"}}, 391 Default: os.Getenv("PIPER_serverUrl"), 392 }, 393 { 394 Name: "groups", 395 ResourceRef: []config.ResourceReference{}, 396 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 397 Type: "[]string", 398 Mandatory: false, 399 Aliases: []config.Alias{{Name: "detect/groups"}}, 400 Default: []string{}, 401 }, 402 { 403 Name: "failOn", 404 ResourceRef: []config.ResourceReference{}, 405 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 406 Type: "[]string", 407 Mandatory: false, 408 Aliases: []config.Alias{{Name: "detect/failOn"}}, 409 Default: []string{`BLOCKER`}, 410 }, 411 { 412 Name: "versioningModel", 413 ResourceRef: []config.ResourceReference{}, 414 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 415 Type: "string", 416 Mandatory: false, 417 Aliases: []config.Alias{}, 418 Default: `major`, 419 }, 420 { 421 Name: "version", 422 ResourceRef: []config.ResourceReference{ 423 { 424 Name: "commonPipelineEnvironment", 425 Param: "artifactVersion", 426 }, 427 }, 428 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 429 Type: "string", 430 Mandatory: false, 431 Aliases: []config.Alias{{Name: "projectVersion"}, {Name: "detect/projectVersion"}}, 432 Default: os.Getenv("PIPER_version"), 433 }, 434 { 435 Name: "customScanVersion", 436 ResourceRef: []config.ResourceReference{}, 437 Scope: []string{"GENERAL", "STAGES", "STEPS", "PARAMETERS"}, 438 Type: "string", 439 Mandatory: false, 440 Aliases: []config.Alias{}, 441 Default: os.Getenv("PIPER_customScanVersion"), 442 }, 443 { 444 Name: "projectSettingsFile", 445 ResourceRef: []config.ResourceReference{}, 446 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 447 Type: "string", 448 Mandatory: false, 449 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 450 Default: os.Getenv("PIPER_projectSettingsFile"), 451 }, 452 { 453 Name: "globalSettingsFile", 454 ResourceRef: []config.ResourceReference{}, 455 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 456 Type: "string", 457 Mandatory: false, 458 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 459 Default: os.Getenv("PIPER_globalSettingsFile"), 460 }, 461 { 462 Name: "m2Path", 463 ResourceRef: []config.ResourceReference{}, 464 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 465 Type: "string", 466 Mandatory: false, 467 Aliases: []config.Alias{{Name: "maven/m2Path"}}, 468 Default: os.Getenv("PIPER_m2Path"), 469 }, 470 { 471 Name: "installArtifacts", 472 ResourceRef: []config.ResourceReference{}, 473 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 474 Type: "bool", 475 Mandatory: false, 476 Aliases: []config.Alias{}, 477 Default: false, 478 }, 479 { 480 Name: "includedPackageManagers", 481 ResourceRef: []config.ResourceReference{}, 482 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 483 Type: "[]string", 484 Mandatory: false, 485 Aliases: []config.Alias{{Name: "detect/includedPackageManagers"}}, 486 Default: []string{}, 487 }, 488 { 489 Name: "excludedPackageManagers", 490 ResourceRef: []config.ResourceReference{}, 491 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 492 Type: "[]string", 493 Mandatory: false, 494 Aliases: []config.Alias{{Name: "detect/excludedPackageManagers"}}, 495 Default: []string{}, 496 }, 497 { 498 Name: "mavenExcludedScopes", 499 ResourceRef: []config.ResourceReference{}, 500 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 501 Type: "[]string", 502 Mandatory: false, 503 Aliases: []config.Alias{{Name: "detect/mavenExcludedScopes"}}, 504 Default: []string{}, 505 }, 506 { 507 Name: "detectTools", 508 ResourceRef: []config.ResourceReference{}, 509 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 510 Type: "[]string", 511 Mandatory: false, 512 Aliases: []config.Alias{{Name: "detect/detectTools"}}, 513 Default: []string{}, 514 }, 515 { 516 Name: "scanOnChanges", 517 ResourceRef: []config.ResourceReference{}, 518 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 519 Type: "bool", 520 Mandatory: false, 521 Aliases: []config.Alias{}, 522 Default: false, 523 }, 524 { 525 Name: "customEnvironmentVariables", 526 ResourceRef: []config.ResourceReference{}, 527 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 528 Type: "[]string", 529 Mandatory: false, 530 Aliases: []config.Alias{}, 531 Default: []string{}, 532 }, 533 { 534 Name: "githubToken", 535 ResourceRef: []config.ResourceReference{ 536 { 537 Name: "githubTokenCredentialsId", 538 Type: "secret", 539 }, 540 541 { 542 Name: "githubVaultSecretName", 543 Type: "vaultSecret", 544 Default: "github", 545 }, 546 }, 547 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 548 Type: "string", 549 Mandatory: false, 550 Aliases: []config.Alias{{Name: "access_token"}}, 551 Default: os.Getenv("PIPER_githubToken"), 552 }, 553 { 554 Name: "createResultIssue", 555 ResourceRef: []config.ResourceReference{ 556 { 557 Name: "commonPipelineEnvironment", 558 Param: "custom/optimizedAndScheduled", 559 }, 560 }, 561 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 562 Type: "bool", 563 Mandatory: false, 564 Aliases: []config.Alias{}, 565 Default: false, 566 }, 567 { 568 Name: "githubApiUrl", 569 ResourceRef: []config.ResourceReference{}, 570 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 571 Type: "string", 572 Mandatory: false, 573 Aliases: []config.Alias{}, 574 Default: `https://api.github.com`, 575 }, 576 { 577 Name: "owner", 578 ResourceRef: []config.ResourceReference{ 579 { 580 Name: "commonPipelineEnvironment", 581 Param: "github/owner", 582 }, 583 }, 584 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 585 Type: "string", 586 Mandatory: false, 587 Aliases: []config.Alias{{Name: "githubOrg"}}, 588 Default: os.Getenv("PIPER_owner"), 589 }, 590 { 591 Name: "repository", 592 ResourceRef: []config.ResourceReference{ 593 { 594 Name: "commonPipelineEnvironment", 595 Param: "github/repository", 596 }, 597 }, 598 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 599 Type: "string", 600 Mandatory: false, 601 Aliases: []config.Alias{{Name: "githubRepo"}}, 602 Default: os.Getenv("PIPER_repository"), 603 }, 604 { 605 Name: "assignees", 606 ResourceRef: []config.ResourceReference{}, 607 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 608 Type: "[]string", 609 Mandatory: false, 610 Aliases: []config.Alias{}, 611 Default: []string{``}, 612 }, 613 { 614 Name: "customTlsCertificateLinks", 615 ResourceRef: []config.ResourceReference{}, 616 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 617 Type: "[]string", 618 Mandatory: false, 619 Aliases: []config.Alias{}, 620 Default: []string{}, 621 }, 622 }, 623 }, 624 Containers: []config.Container{ 625 {Name: "openjdk", Image: "openjdk:11", WorkingDir: "/root", Options: []config.Option{{Name: "-u", Value: "0"}}}, 626 }, 627 Outputs: config.StepOutputs{ 628 Resources: []config.StepResources{ 629 { 630 Name: "influx", 631 Type: "influx", 632 Parameters: []map[string]interface{}{ 633 {"name": "step_data", "fields": []map[string]string{{"name": "detect"}}}, 634 {"name": "detect_data", "fields": []map[string]string{{"name": "vulnerabilities"}, {"name": "major_vulnerabilities"}, {"name": "minor_vulnerabilities"}, {"name": "components"}, {"name": "policy_violations"}}}, 635 }, 636 }, 637 { 638 Name: "reports", 639 Type: "reports", 640 Parameters: []map[string]interface{}{ 641 {"filePattern": "**/*BlackDuck_RiskReport.pdf", "type": "blackduck-ip"}, 642 {"filePattern": "blackduck-ip.json", "type": "blackduck-ip"}, 643 {"filePattern": "**/toolrun_detectExecute_*.json", "type": "blackduck-ip"}, 644 {"filePattern": "**/piper_detect_vulnerability_report.html", "type": "blackduck-ip"}, 645 {"filePattern": "**/detectExecuteScan_oss_*.json", "type": "blackduck-ip"}, 646 {"filePattern": "**/piper_detect_policy_violation_report.html", "type": "blackduck-ip"}, 647 {"filePattern": "**/detectExecuteScan_policy_*.json", "type": "blackduck-ip"}, 648 }, 649 }, 650 }, 651 }, 652 }, 653 } 654 return theMetaData 655 }