github.com/xgoffin/jenkins-library@v1.154.0/cmd/fortifyExecuteScan_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "path/filepath" 9 "reflect" 10 "strings" 11 "time" 12 13 "github.com/SAP/jenkins-library/pkg/config" 14 "github.com/SAP/jenkins-library/pkg/gcs" 15 "github.com/SAP/jenkins-library/pkg/log" 16 "github.com/SAP/jenkins-library/pkg/piperenv" 17 "github.com/SAP/jenkins-library/pkg/splunk" 18 "github.com/SAP/jenkins-library/pkg/telemetry" 19 "github.com/SAP/jenkins-library/pkg/validation" 20 "github.com/bmatcuk/doublestar" 21 "github.com/spf13/cobra" 22 ) 23 24 type fortifyExecuteScanOptions struct { 25 AdditionalScanParameters []string `json:"additionalScanParameters,omitempty"` 26 Assignees []string `json:"assignees,omitempty"` 27 AuthToken string `json:"authToken,omitempty"` 28 BuildDescriptorExcludeList []string `json:"buildDescriptorExcludeList,omitempty"` 29 CustomScanVersion string `json:"customScanVersion,omitempty"` 30 GithubToken string `json:"githubToken,omitempty"` 31 AutoCreate bool `json:"autoCreate,omitempty"` 32 ModulePath string `json:"modulePath,omitempty"` 33 PythonRequirementsFile string `json:"pythonRequirementsFile,omitempty"` 34 AutodetectClasspath bool `json:"autodetectClasspath,omitempty"` 35 MustAuditIssueGroups string `json:"mustAuditIssueGroups,omitempty"` 36 SpotAuditIssueGroups string `json:"spotAuditIssueGroups,omitempty"` 37 PythonRequirementsInstallSuffix string `json:"pythonRequirementsInstallSuffix,omitempty"` 38 PythonVersion string `json:"pythonVersion,omitempty"` 39 UploadResults bool `json:"uploadResults,omitempty"` 40 Version string `json:"version,omitempty"` 41 BuildDescriptorFile string `json:"buildDescriptorFile,omitempty"` 42 CommitID string `json:"commitId,omitempty"` 43 CommitMessage string `json:"commitMessage,omitempty"` 44 GithubAPIURL string `json:"githubApiUrl,omitempty"` 45 Owner string `json:"owner,omitempty"` 46 Repository string `json:"repository,omitempty"` 47 Memory string `json:"memory,omitempty"` 48 UpdateRulePack bool `json:"updateRulePack,omitempty"` 49 ReportDownloadEndpoint string `json:"reportDownloadEndpoint,omitempty"` 50 PollingMinutes int `json:"pollingMinutes,omitempty"` 51 QuickScan bool `json:"quickScan,omitempty"` 52 Translate string `json:"translate,omitempty"` 53 Src []string `json:"src,omitempty"` 54 Exclude []string `json:"exclude,omitempty"` 55 APIEndpoint string `json:"apiEndpoint,omitempty"` 56 ReportType string `json:"reportType,omitempty"` 57 PythonAdditionalPath []string `json:"pythonAdditionalPath,omitempty"` 58 ArtifactURL string `json:"artifactUrl,omitempty"` 59 ConsiderSuspicious bool `json:"considerSuspicious,omitempty"` 60 ConvertToSarif bool `json:"convertToSarif,omitempty"` 61 FprUploadEndpoint string `json:"fprUploadEndpoint,omitempty"` 62 ProjectName string `json:"projectName,omitempty"` 63 Reporting bool `json:"reporting,omitempty"` 64 ServerURL string `json:"serverUrl,omitempty"` 65 PullRequestMessageRegexGroup int `json:"pullRequestMessageRegexGroup,omitempty"` 66 DeltaMinutes int `json:"deltaMinutes,omitempty"` 67 SpotCheckMinimum int `json:"spotCheckMinimum,omitempty"` 68 FprDownloadEndpoint string `json:"fprDownloadEndpoint,omitempty"` 69 VersioningModel string `json:"versioningModel,omitempty" validate:"possible-values=major major-minor semantic full"` 70 PythonInstallCommand string `json:"pythonInstallCommand,omitempty"` 71 ReportTemplateID int `json:"reportTemplateId,omitempty"` 72 FilterSetTitle string `json:"filterSetTitle,omitempty"` 73 PullRequestName string `json:"pullRequestName,omitempty"` 74 PullRequestMessageRegex string `json:"pullRequestMessageRegex,omitempty"` 75 BuildTool string `json:"buildTool,omitempty"` 76 ProjectSettingsFile string `json:"projectSettingsFile,omitempty"` 77 GlobalSettingsFile string `json:"globalSettingsFile,omitempty"` 78 M2Path string `json:"m2Path,omitempty"` 79 VerifyOnly bool `json:"verifyOnly,omitempty"` 80 InstallArtifacts bool `json:"installArtifacts,omitempty"` 81 CreateResultIssue bool `json:"createResultIssue,omitempty"` 82 } 83 84 type fortifyExecuteScanInflux struct { 85 step_data struct { 86 fields struct { 87 fortify bool 88 } 89 tags struct { 90 } 91 } 92 fortify_data struct { 93 fields struct { 94 projectName string 95 projectVersion string 96 projectVersionID int64 97 violations int 98 corporateTotal int 99 corporateAudited int 100 auditAllTotal int 101 auditAllAudited int 102 spotChecksTotal int 103 spotChecksAudited int 104 spotChecksGap int 105 suspicious int 106 exploitable int 107 suppressed int 108 } 109 tags struct { 110 } 111 } 112 } 113 114 func (i *fortifyExecuteScanInflux) persist(path, resourceName string) { 115 measurementContent := []struct { 116 measurement string 117 valType string 118 name string 119 value interface{} 120 }{ 121 {valType: config.InfluxField, measurement: "step_data", name: "fortify", value: i.step_data.fields.fortify}, 122 {valType: config.InfluxField, measurement: "fortify_data", name: "projectName", value: i.fortify_data.fields.projectName}, 123 {valType: config.InfluxField, measurement: "fortify_data", name: "projectVersion", value: i.fortify_data.fields.projectVersion}, 124 {valType: config.InfluxField, measurement: "fortify_data", name: "projectVersionId", value: i.fortify_data.fields.projectVersionID}, 125 {valType: config.InfluxField, measurement: "fortify_data", name: "violations", value: i.fortify_data.fields.violations}, 126 {valType: config.InfluxField, measurement: "fortify_data", name: "corporateTotal", value: i.fortify_data.fields.corporateTotal}, 127 {valType: config.InfluxField, measurement: "fortify_data", name: "corporateAudited", value: i.fortify_data.fields.corporateAudited}, 128 {valType: config.InfluxField, measurement: "fortify_data", name: "auditAllTotal", value: i.fortify_data.fields.auditAllTotal}, 129 {valType: config.InfluxField, measurement: "fortify_data", name: "auditAllAudited", value: i.fortify_data.fields.auditAllAudited}, 130 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksTotal", value: i.fortify_data.fields.spotChecksTotal}, 131 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksAudited", value: i.fortify_data.fields.spotChecksAudited}, 132 {valType: config.InfluxField, measurement: "fortify_data", name: "spotChecksGap", value: i.fortify_data.fields.spotChecksGap}, 133 {valType: config.InfluxField, measurement: "fortify_data", name: "suspicious", value: i.fortify_data.fields.suspicious}, 134 {valType: config.InfluxField, measurement: "fortify_data", name: "exploitable", value: i.fortify_data.fields.exploitable}, 135 {valType: config.InfluxField, measurement: "fortify_data", name: "suppressed", value: i.fortify_data.fields.suppressed}, 136 } 137 138 errCount := 0 139 for _, metric := range measurementContent { 140 err := piperenv.SetResourceParameter(path, resourceName, filepath.Join(metric.measurement, fmt.Sprintf("%vs", metric.valType), metric.name), metric.value) 141 if err != nil { 142 log.Entry().WithError(err).Error("Error persisting influx environment.") 143 errCount++ 144 } 145 } 146 if errCount > 0 { 147 log.Entry().Error("failed to persist Influx environment") 148 } 149 } 150 151 type fortifyExecuteScanReports struct { 152 } 153 154 func (p *fortifyExecuteScanReports) persist(stepConfig fortifyExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { 155 if gcsBucketId == "" { 156 log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") 157 return 158 } 159 log.Entry().Info("Uploading reports to Google Cloud Storage...") 160 content := []gcs.ReportOutputParam{ 161 {FilePattern: "**/*.PDF", ParamRef: "", StepResultType: "fortify"}, 162 {FilePattern: "**/*.fpr", ParamRef: "", StepResultType: "fortify"}, 163 {FilePattern: "**/fortify-scan.*", ParamRef: "", StepResultType: "fortify"}, 164 {FilePattern: "**/toolrun_fortify_*.json", ParamRef: "", StepResultType: "fortify"}, 165 {FilePattern: "**/piper_fortify_report.json", ParamRef: "", StepResultType: "fortify"}, 166 {FilePattern: "**/piper_fortify_report.html", ParamRef: "", StepResultType: "fortify"}, 167 } 168 envVars := []gcs.EnvVar{ 169 {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, 170 } 171 gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) 172 if err != nil { 173 log.Entry().Errorf("creation of GCS client failed: %v", err) 174 return 175 } 176 defer gcsClient.Close() 177 structVal := reflect.ValueOf(&stepConfig).Elem() 178 inputParameters := map[string]string{} 179 for i := 0; i < structVal.NumField(); i++ { 180 field := structVal.Type().Field(i) 181 if field.Type.String() == "string" { 182 paramName := strings.Split(field.Tag.Get("json"), ",") 183 paramValue, _ := structVal.Field(i).Interface().(string) 184 inputParameters[paramName[0]] = paramValue 185 } 186 } 187 if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { 188 log.Entry().Errorf("failed to persist reports: %v", err) 189 } 190 } 191 192 // FortifyExecuteScanCommand This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws. 193 func FortifyExecuteScanCommand() *cobra.Command { 194 const STEP_NAME = "fortifyExecuteScan" 195 196 metadata := fortifyExecuteScanMetadata() 197 var stepConfig fortifyExecuteScanOptions 198 var startTime time.Time 199 var influx fortifyExecuteScanInflux 200 var reports fortifyExecuteScanReports 201 var logCollector *log.CollectorHook 202 var splunkClient *splunk.Splunk 203 telemetryClient := &telemetry.Telemetry{} 204 205 var createFortifyExecuteScanCmd = &cobra.Command{ 206 Use: STEP_NAME, 207 Short: "This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.", 208 Long: `This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws. 209 210 The Fortify step triggers a scan locally on your Jenkins within a docker container so finally you have to supply a docker image with a Fortify SCA 211 and Java plus Maven / Gradle or alternatively Python installed into it for being able to perform any scans. 212 !!! hint "Scanning MTA projects" 213 Build type ` + "`" + `maven` + "`" + ` requires a so called aggregator pom which includes all modules to be scanned. If used in a mta-project which includes non-java submodules as maven dependency (e.g. node via frontend-maven-plugin), exclude those by specifying java path explicitly, e.g. ` + "`" + `java/**/src/main/java/**/*` + "`" + `. 214 215 Besides triggering a scan the step verifies the results after they have been uploaded and processed by the Fortify SSC. By default the following KPIs are enforced: 216 * All issues must be audited from the Corporate Security Requirements folder. 217 * All issues must be audited from the Audit All folder. 218 * At least one issue per category must be audited from the Spot Checks of Each Category folder. 219 * Nothing needs to be audited from the Optional folder.`, 220 PreRunE: func(cmd *cobra.Command, _ []string) error { 221 startTime = time.Now() 222 log.SetStepName(STEP_NAME) 223 log.SetVerbose(GeneralConfig.Verbose) 224 225 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 226 227 path, _ := os.Getwd() 228 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 229 log.RegisterHook(fatalHook) 230 231 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 232 if err != nil { 233 log.SetErrorCategory(log.ErrorConfiguration) 234 return err 235 } 236 log.RegisterSecret(stepConfig.AuthToken) 237 log.RegisterSecret(stepConfig.GithubToken) 238 239 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 240 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 241 log.RegisterHook(&sentryHook) 242 } 243 244 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 245 splunkClient = &splunk.Splunk{} 246 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 247 log.RegisterHook(logCollector) 248 } 249 250 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 251 if err != nil { 252 return err 253 } 254 if err = validation.ValidateStruct(stepConfig); err != nil { 255 log.SetErrorCategory(log.ErrorConfiguration) 256 return err 257 } 258 259 return nil 260 }, 261 Run: func(_ *cobra.Command, _ []string) { 262 stepTelemetryData := telemetry.CustomData{} 263 stepTelemetryData.ErrorCode = "1" 264 handler := func() { 265 influx.persist(GeneralConfig.EnvRootPath, "influx") 266 reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) 267 config.RemoveVaultSecretFiles() 268 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 269 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 270 stepTelemetryData.PiperCommitHash = GitCommit 271 telemetryClient.SetData(&stepTelemetryData) 272 telemetryClient.Send() 273 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 274 splunkClient.Send(telemetryClient.GetData(), logCollector) 275 } 276 } 277 log.DeferExitHandler(handler) 278 defer handler() 279 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 280 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 281 splunkClient.Initialize(GeneralConfig.CorrelationID, 282 GeneralConfig.HookConfig.SplunkConfig.Dsn, 283 GeneralConfig.HookConfig.SplunkConfig.Token, 284 GeneralConfig.HookConfig.SplunkConfig.Index, 285 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 286 } 287 fortifyExecuteScan(stepConfig, &stepTelemetryData, &influx) 288 stepTelemetryData.ErrorCode = "0" 289 log.Entry().Info("SUCCESS") 290 }, 291 } 292 293 addFortifyExecuteScanFlags(createFortifyExecuteScanCmd, &stepConfig) 294 return createFortifyExecuteScanCmd 295 } 296 297 func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteScanOptions) { 298 cmd.Flags().StringSliceVar(&stepConfig.AdditionalScanParameters, "additionalScanParameters", []string{}, "List of additional scan parameters to be used for Fortify sourceanalyzer command execution.") 299 cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.") 300 cmd.Flags().StringVar(&stepConfig.AuthToken, "authToken", os.Getenv("PIPER_authToken"), "The FortifyToken to use for authentication") 301 cmd.Flags().StringSliceVar(&stepConfig.BuildDescriptorExcludeList, "buildDescriptorExcludeList", []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, "List of build descriptors and therefore modules to exclude from the scan and assessment activities.") 302 cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "Custom version of the Fortify project used as source.") 303 cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line") 304 cmd.Flags().BoolVar(&stepConfig.AutoCreate, "autoCreate", false, "Whether Fortify project and project version shall be implicitly auto created in case they cannot be found in the backend") 305 cmd.Flags().StringVar(&stepConfig.ModulePath, "modulePath", `./`, "Allows providing the path for the module to scan") 306 cmd.Flags().StringVar(&stepConfig.PythonRequirementsFile, "pythonRequirementsFile", os.Getenv("PIPER_pythonRequirementsFile"), "The requirements file used in `buildTool: 'pip'` to populate the build environment with the necessary dependencies") 307 cmd.Flags().BoolVar(&stepConfig.AutodetectClasspath, "autodetectClasspath", true, "Whether the classpath is automatically determined via build tool i.e. maven or pip or not at all") 308 cmd.Flags().StringVar(&stepConfig.MustAuditIssueGroups, "mustAuditIssueGroups", `Corporate Security Requirements, Audit All`, "Comma separated list of issue groups that must be audited completely") 309 cmd.Flags().StringVar(&stepConfig.SpotAuditIssueGroups, "spotAuditIssueGroups", `Spot Checks of Each Category`, "Comma separated list of issue groups that are spot checked and for which `spotCheckMinimum` audited issues are enforced") 310 cmd.Flags().StringVar(&stepConfig.PythonRequirementsInstallSuffix, "pythonRequirementsInstallSuffix", os.Getenv("PIPER_pythonRequirementsInstallSuffix"), "The suffix for the command used to install the requirements file in `buildTool: 'pip'` to populate the build environment with the necessary dependencies") 311 cmd.Flags().StringVar(&stepConfig.PythonVersion, "pythonVersion", `python3`, "Python version to be used in `buildTool: 'pip'`") 312 cmd.Flags().BoolVar(&stepConfig.UploadResults, "uploadResults", true, "Whether results shall be uploaded or not") 313 cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Version used in conjunction with [`versioningModel`](#versioningModel) to identify the Fortify project to be created and used for results aggregation.") 314 cmd.Flags().StringVar(&stepConfig.BuildDescriptorFile, "buildDescriptorFile", `./pom.xml`, "Path to the build descriptor file addressing the module/folder to be scanned.") 315 cmd.Flags().StringVar(&stepConfig.CommitID, "commitId", os.Getenv("PIPER_commitId"), "Set the Git commit ID for identifying artifacts throughout the scan.") 316 cmd.Flags().StringVar(&stepConfig.CommitMessage, "commitMessage", os.Getenv("PIPER_commitMessage"), "Set the Git commit message for identifying pull request merges throughout the scan.") 317 cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") 318 cmd.Flags().StringVar(&stepConfig.Owner, "owner", os.Getenv("PIPER_owner"), "Set the GitHub organization.") 319 cmd.Flags().StringVar(&stepConfig.Repository, "repository", os.Getenv("PIPER_repository"), "Set the GitHub repository.") 320 cmd.Flags().StringVar(&stepConfig.Memory, "memory", `-Xmx4G -Xms512M`, "The amount of memory granted to the translate/scan executions") 321 cmd.Flags().BoolVar(&stepConfig.UpdateRulePack, "updateRulePack", true, "Whether the rule pack shall be updated and pulled from Fortify SSC before scanning or not") 322 cmd.Flags().StringVar(&stepConfig.ReportDownloadEndpoint, "reportDownloadEndpoint", `/transfer/reportDownload.html`, "Fortify SSC endpoint for Report downloads") 323 cmd.Flags().IntVar(&stepConfig.PollingMinutes, "pollingMinutes", 30, "The number of minutes for which an uploaded FPR artifact''s status is being polled to finish queuing/processing, if exceeded polling will be stopped and an error will be thrown") 324 cmd.Flags().BoolVar(&stepConfig.QuickScan, "quickScan", false, "Whether a quick scan should be performed, please consult the related Fortify documentation on JAM on the impact of this setting") 325 cmd.Flags().StringVar(&stepConfig.Translate, "translate", os.Getenv("PIPER_translate"), "Options for translate phase of Fortify. Most likely, you do not need to set this parameter. See src, exclude. If `'src'` and `'exclude'` are set they are automatically used. Technical details: It has to be a JSON string of list of maps with required key `'src'`, and optional keys `'exclude'`, `'libDirs'`, `'aspnetcore'`, and `'dotNetCoreVersion'`") 326 cmd.Flags().StringSliceVar(&stepConfig.Src, "src", []string{}, "A list of source directories to scan. Wildcards can be used, e.g., `'src/main/java/**/*'`. If `'translate'` is set, this will ignored. The default value for `buildTool: 'maven'` is `['**/*.xml', '**/*.html', '**/*.jsp', '**/*.js', '**/src/main/resources/**/*', '**/src/main/java/**/*', '**/target/main/java/**/*', '**/target/main/resources/**/*', '**/target/generated-sources/**/*']`, for `buildTool: 'pip'` it is `['./**/*']`.") 327 cmd.Flags().StringSliceVar(&stepConfig.Exclude, "exclude", []string{}, "A list of directories/files to be excluded from the scan. Wildcards can be used, e.g., `'**/Test.java'`. If `translate` is set, this will ignored. The default value for `buildTool: 'maven'` is `['**/src/test/**/*']`, for `buildTool: 'pip'` it is `['./**/tests/**/*', './**/setup.py']`.") 328 cmd.Flags().StringVar(&stepConfig.APIEndpoint, "apiEndpoint", `/api/v1`, "Fortify SSC endpoint used for uploading the scan results and checking the audit state") 329 cmd.Flags().StringVar(&stepConfig.ReportType, "reportType", `PDF`, "The type of report to be generated") 330 cmd.Flags().StringSliceVar(&stepConfig.PythonAdditionalPath, "pythonAdditionalPath", []string{`./lib`, `.`}, "A list of additional paths which can be used in `buildTool: 'pip'` for customization purposes") 331 cmd.Flags().StringVar(&stepConfig.ArtifactURL, "artifactUrl", os.Getenv("PIPER_artifactUrl"), "Path/URL pointing to an additional artifact repository for resolution of additional artifacts during the build") 332 cmd.Flags().BoolVar(&stepConfig.ConsiderSuspicious, "considerSuspicious", true, "Whether suspicious issues should trigger the check to fail or not") 333 cmd.Flags().BoolVar(&stepConfig.ConvertToSarif, "convertToSarif", false, "[BETA] Convert the proprietary format of Fortify scan results to the open SARIF standard. Uploaded through Cumulus later on.") 334 cmd.Flags().StringVar(&stepConfig.FprUploadEndpoint, "fprUploadEndpoint", `/upload/resultFileUpload.html`, "Fortify SSC endpoint for FPR uploads") 335 cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", `{{list .GroupID .ArtifactID | join "-" | trimAll "-"}}`, "The project used for reporting results in SSC") 336 cmd.Flags().BoolVar(&stepConfig.Reporting, "reporting", false, "Influences whether a report is generated or not") 337 cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Fortify SSC Url to be used for accessing the APIs") 338 cmd.Flags().IntVar(&stepConfig.PullRequestMessageRegexGroup, "pullRequestMessageRegexGroup", 1, "The group number for extracting the pull request id in `'pullRequestMessageRegex'`") 339 cmd.Flags().IntVar(&stepConfig.DeltaMinutes, "deltaMinutes", 5, "The number of minutes for which an uploaded FPR artifact is considered to be recent and healthy, if exceeded an error will be thrown") 340 cmd.Flags().IntVar(&stepConfig.SpotCheckMinimum, "spotCheckMinimum", 1, "The minimum number of issues that must be audited per category in the `Spot Checks of each Category` folder to avoid an error being thrown") 341 cmd.Flags().StringVar(&stepConfig.FprDownloadEndpoint, "fprDownloadEndpoint", `/download/currentStateFprDownload.html`, "Fortify SSC endpoint for FPR downloads") 342 cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`") 343 cmd.Flags().StringVar(&stepConfig.PythonInstallCommand, "pythonInstallCommand", `{{.Pip}} install --user .`, "Additional install command that can be run when `buildTool: 'pip'` is used which allows further customizing the execution environment of the scan") 344 cmd.Flags().IntVar(&stepConfig.ReportTemplateID, "reportTemplateId", 18, "Report template ID to be used for generating the Fortify report") 345 cmd.Flags().StringVar(&stepConfig.FilterSetTitle, "filterSetTitle", `SAP`, "Title of the filter set to use for analysing the results") 346 cmd.Flags().StringVar(&stepConfig.PullRequestName, "pullRequestName", os.Getenv("PIPER_pullRequestName"), "The name of the pull request branch which will trigger creation of a new version in Fortify SSC based on the master branch version") 347 cmd.Flags().StringVar(&stepConfig.PullRequestMessageRegex, "pullRequestMessageRegex", `.*Merge pull request #(\\d+) from.*`, "Regex used to identify the PR-XXX reference within the merge commit message") 348 cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Scan type used for the step which can be `'maven'`, `'pip'` or `'gradle'`") 349 cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.") 350 cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.") 351 cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.") 352 cmd.Flags().BoolVar(&stepConfig.VerifyOnly, "verifyOnly", false, "Whether the step shall only apply verification checks or whether it does a full scan and check cycle") 353 cmd.Flags().BoolVar(&stepConfig.InstallArtifacts, "installArtifacts", false, "If enabled, it will install all artifacts to the local maven repository to make them available before running Fortify. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.") 354 cmd.Flags().BoolVar(&stepConfig.CreateResultIssue, "createResultIssue", false, "Whether the step creates a GitHub issue containing the scan results in the originating repo. Since optimized pipelines are headless the creation is implicitly activated for schedules runs.") 355 356 cmd.MarkFlagRequired("authToken") 357 cmd.Flags().MarkDeprecated("pythonAdditionalPath", "this is deprecated") 358 cmd.MarkFlagRequired("serverUrl") 359 } 360 361 // retrieve step metadata 362 func fortifyExecuteScanMetadata() config.StepData { 363 var theMetaData = config.StepData{ 364 Metadata: config.StepMetadata{ 365 Name: "fortifyExecuteScan", 366 Aliases: []config.Alias{}, 367 Description: "This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.", 368 }, 369 Spec: config.StepSpec{ 370 Inputs: config.StepInputs{ 371 Secrets: []config.StepSecrets{ 372 {Name: "fortifyCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to Fortify SSC.", Type: "jenkins"}, 373 {Name: "githubTokenCredentialsId", Description: "Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.", Type: "jenkins"}, 374 }, 375 Resources: []config.StepResources{ 376 {Name: "commonPipelineEnvironment"}, 377 {Name: "buildDescriptor", Type: "stash"}, 378 {Name: "deployDescriptor", Type: "stash"}, 379 {Name: "tests", Type: "stash"}, 380 {Name: "opensourceConfiguration", Type: "stash"}, 381 }, 382 Parameters: []config.StepParameters{ 383 { 384 Name: "additionalScanParameters", 385 ResourceRef: []config.ResourceReference{}, 386 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 387 Type: "[]string", 388 Mandatory: false, 389 Aliases: []config.Alias{}, 390 Default: []string{}, 391 }, 392 { 393 Name: "assignees", 394 ResourceRef: []config.ResourceReference{}, 395 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 396 Type: "[]string", 397 Mandatory: false, 398 Aliases: []config.Alias{}, 399 Default: []string{``}, 400 }, 401 { 402 Name: "authToken", 403 ResourceRef: []config.ResourceReference{ 404 { 405 Name: "fortifyCredentialsId", 406 Type: "secret", 407 }, 408 409 { 410 Name: "fortifyVaultSecretName", 411 Type: "vaultSecret", 412 Default: "fortify", 413 }, 414 }, 415 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 416 Type: "string", 417 Mandatory: true, 418 Aliases: []config.Alias{}, 419 Default: os.Getenv("PIPER_authToken"), 420 }, 421 { 422 Name: "buildDescriptorExcludeList", 423 ResourceRef: []config.ResourceReference{}, 424 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 425 Type: "[]string", 426 Mandatory: false, 427 Aliases: []config.Alias{}, 428 Default: []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, 429 }, 430 { 431 Name: "customScanVersion", 432 ResourceRef: []config.ResourceReference{}, 433 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 434 Type: "string", 435 Mandatory: false, 436 Aliases: []config.Alias{}, 437 Default: os.Getenv("PIPER_customScanVersion"), 438 }, 439 { 440 Name: "githubToken", 441 ResourceRef: []config.ResourceReference{ 442 { 443 Name: "githubTokenCredentialsId", 444 Type: "secret", 445 }, 446 447 { 448 Name: "githubVaultSecretName", 449 Type: "vaultSecret", 450 Default: "github", 451 }, 452 }, 453 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 454 Type: "string", 455 Mandatory: false, 456 Aliases: []config.Alias{{Name: "access_token"}}, 457 Default: os.Getenv("PIPER_githubToken"), 458 }, 459 { 460 Name: "autoCreate", 461 ResourceRef: []config.ResourceReference{}, 462 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 463 Type: "bool", 464 Mandatory: false, 465 Aliases: []config.Alias{}, 466 Default: false, 467 }, 468 { 469 Name: "modulePath", 470 ResourceRef: []config.ResourceReference{}, 471 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 472 Type: "string", 473 Mandatory: false, 474 Aliases: []config.Alias{}, 475 Default: `./`, 476 }, 477 { 478 Name: "pythonRequirementsFile", 479 ResourceRef: []config.ResourceReference{}, 480 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 481 Type: "string", 482 Mandatory: false, 483 Aliases: []config.Alias{}, 484 Default: os.Getenv("PIPER_pythonRequirementsFile"), 485 }, 486 { 487 Name: "autodetectClasspath", 488 ResourceRef: []config.ResourceReference{}, 489 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 490 Type: "bool", 491 Mandatory: false, 492 Aliases: []config.Alias{}, 493 Default: true, 494 }, 495 { 496 Name: "mustAuditIssueGroups", 497 ResourceRef: []config.ResourceReference{}, 498 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 499 Type: "string", 500 Mandatory: false, 501 Aliases: []config.Alias{}, 502 Default: `Corporate Security Requirements, Audit All`, 503 }, 504 { 505 Name: "spotAuditIssueGroups", 506 ResourceRef: []config.ResourceReference{}, 507 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 508 Type: "string", 509 Mandatory: false, 510 Aliases: []config.Alias{}, 511 Default: `Spot Checks of Each Category`, 512 }, 513 { 514 Name: "pythonRequirementsInstallSuffix", 515 ResourceRef: []config.ResourceReference{}, 516 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 517 Type: "string", 518 Mandatory: false, 519 Aliases: []config.Alias{}, 520 Default: os.Getenv("PIPER_pythonRequirementsInstallSuffix"), 521 }, 522 { 523 Name: "pythonVersion", 524 ResourceRef: []config.ResourceReference{}, 525 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 526 Type: "string", 527 Mandatory: false, 528 Aliases: []config.Alias{}, 529 Default: `python3`, 530 }, 531 { 532 Name: "uploadResults", 533 ResourceRef: []config.ResourceReference{}, 534 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 535 Type: "bool", 536 Mandatory: false, 537 Aliases: []config.Alias{}, 538 Default: true, 539 }, 540 { 541 Name: "version", 542 ResourceRef: []config.ResourceReference{ 543 { 544 Name: "commonPipelineEnvironment", 545 Param: "artifactVersion", 546 }, 547 }, 548 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 549 Type: "string", 550 Mandatory: false, 551 Aliases: []config.Alias{{Name: "fortifyProjectVersion", Deprecated: true}}, 552 Default: os.Getenv("PIPER_version"), 553 }, 554 { 555 Name: "buildDescriptorFile", 556 ResourceRef: []config.ResourceReference{}, 557 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 558 Type: "string", 559 Mandatory: false, 560 Aliases: []config.Alias{}, 561 Default: `./pom.xml`, 562 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "maven"}}}}, 563 }, 564 { 565 Name: "buildDescriptorFile", 566 ResourceRef: []config.ResourceReference{}, 567 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 568 Type: "string", 569 Mandatory: false, 570 Aliases: []config.Alias{}, 571 Default: `./setup.py`, 572 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "pip"}}}}, 573 }, 574 { 575 Name: "buildDescriptorFile", 576 ResourceRef: []config.ResourceReference{}, 577 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 578 Type: "string", 579 Mandatory: false, 580 Aliases: []config.Alias{}, 581 Default: `./build.gradle`, 582 Conditions: []config.Condition{{ConditionRef: "strings-equal", Params: []config.Param{{Name: "buildTool", Value: "gradle"}}}}, 583 }, 584 { 585 Name: "commitId", 586 ResourceRef: []config.ResourceReference{ 587 { 588 Name: "commonPipelineEnvironment", 589 Param: "git/commitId", 590 }, 591 }, 592 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 593 Type: "string", 594 Mandatory: false, 595 Aliases: []config.Alias{}, 596 Default: os.Getenv("PIPER_commitId"), 597 }, 598 { 599 Name: "commitMessage", 600 ResourceRef: []config.ResourceReference{ 601 { 602 Name: "commonPipelineEnvironment", 603 Param: "git/commitMessage", 604 }, 605 }, 606 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 607 Type: "string", 608 Mandatory: false, 609 Aliases: []config.Alias{}, 610 Default: os.Getenv("PIPER_commitMessage"), 611 }, 612 { 613 Name: "githubApiUrl", 614 ResourceRef: []config.ResourceReference{}, 615 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 616 Type: "string", 617 Mandatory: false, 618 Aliases: []config.Alias{}, 619 Default: `https://api.github.com`, 620 }, 621 { 622 Name: "owner", 623 ResourceRef: []config.ResourceReference{ 624 { 625 Name: "commonPipelineEnvironment", 626 Param: "github/owner", 627 }, 628 }, 629 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 630 Type: "string", 631 Mandatory: false, 632 Aliases: []config.Alias{{Name: "githubOrg"}}, 633 Default: os.Getenv("PIPER_owner"), 634 }, 635 { 636 Name: "repository", 637 ResourceRef: []config.ResourceReference{ 638 { 639 Name: "commonPipelineEnvironment", 640 Param: "github/repository", 641 }, 642 }, 643 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 644 Type: "string", 645 Mandatory: false, 646 Aliases: []config.Alias{{Name: "githubRepo"}}, 647 Default: os.Getenv("PIPER_repository"), 648 }, 649 { 650 Name: "memory", 651 ResourceRef: []config.ResourceReference{}, 652 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 653 Type: "string", 654 Mandatory: false, 655 Aliases: []config.Alias{}, 656 Default: `-Xmx4G -Xms512M`, 657 }, 658 { 659 Name: "updateRulePack", 660 ResourceRef: []config.ResourceReference{}, 661 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 662 Type: "bool", 663 Mandatory: false, 664 Aliases: []config.Alias{}, 665 Default: true, 666 }, 667 { 668 Name: "reportDownloadEndpoint", 669 ResourceRef: []config.ResourceReference{}, 670 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 671 Type: "string", 672 Mandatory: false, 673 Aliases: []config.Alias{{Name: "fortifyReportDownloadEndpoint"}}, 674 Default: `/transfer/reportDownload.html`, 675 }, 676 { 677 Name: "pollingMinutes", 678 ResourceRef: []config.ResourceReference{}, 679 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 680 Type: "int", 681 Mandatory: false, 682 Aliases: []config.Alias{}, 683 Default: 30, 684 }, 685 { 686 Name: "quickScan", 687 ResourceRef: []config.ResourceReference{}, 688 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 689 Type: "bool", 690 Mandatory: false, 691 Aliases: []config.Alias{}, 692 Default: false, 693 }, 694 { 695 Name: "translate", 696 ResourceRef: []config.ResourceReference{}, 697 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 698 Type: "string", 699 Mandatory: false, 700 Aliases: []config.Alias{}, 701 Default: os.Getenv("PIPER_translate"), 702 }, 703 { 704 Name: "src", 705 ResourceRef: []config.ResourceReference{}, 706 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 707 Type: "[]string", 708 Mandatory: false, 709 Aliases: []config.Alias{}, 710 Default: []string{}, 711 }, 712 { 713 Name: "exclude", 714 ResourceRef: []config.ResourceReference{}, 715 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 716 Type: "[]string", 717 Mandatory: false, 718 Aliases: []config.Alias{}, 719 Default: []string{}, 720 }, 721 { 722 Name: "apiEndpoint", 723 ResourceRef: []config.ResourceReference{}, 724 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 725 Type: "string", 726 Mandatory: false, 727 Aliases: []config.Alias{{Name: "fortifyApiEndpoint"}}, 728 Default: `/api/v1`, 729 }, 730 { 731 Name: "reportType", 732 ResourceRef: []config.ResourceReference{}, 733 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 734 Type: "string", 735 Mandatory: false, 736 Aliases: []config.Alias{}, 737 Default: `PDF`, 738 }, 739 { 740 Name: "pythonAdditionalPath", 741 ResourceRef: []config.ResourceReference{}, 742 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 743 Type: "[]string", 744 Mandatory: false, 745 Aliases: []config.Alias{}, 746 Default: []string{`./lib`, `.`}, 747 DeprecationMessage: "this is deprecated", 748 }, 749 { 750 Name: "artifactUrl", 751 ResourceRef: []config.ResourceReference{}, 752 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 753 Type: "string", 754 Mandatory: false, 755 Aliases: []config.Alias{}, 756 Default: os.Getenv("PIPER_artifactUrl"), 757 }, 758 { 759 Name: "considerSuspicious", 760 ResourceRef: []config.ResourceReference{}, 761 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 762 Type: "bool", 763 Mandatory: false, 764 Aliases: []config.Alias{}, 765 Default: true, 766 }, 767 { 768 Name: "convertToSarif", 769 ResourceRef: []config.ResourceReference{}, 770 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 771 Type: "bool", 772 Mandatory: false, 773 Aliases: []config.Alias{}, 774 Default: false, 775 }, 776 { 777 Name: "fprUploadEndpoint", 778 ResourceRef: []config.ResourceReference{}, 779 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 780 Type: "string", 781 Mandatory: false, 782 Aliases: []config.Alias{{Name: "fortifyFprUploadEndpoint"}}, 783 Default: `/upload/resultFileUpload.html`, 784 }, 785 { 786 Name: "projectName", 787 ResourceRef: []config.ResourceReference{}, 788 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 789 Type: "string", 790 Mandatory: false, 791 Aliases: []config.Alias{{Name: "fortifyProjectName"}}, 792 Default: `{{list .GroupID .ArtifactID | join "-" | trimAll "-"}}`, 793 }, 794 { 795 Name: "reporting", 796 ResourceRef: []config.ResourceReference{}, 797 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 798 Type: "bool", 799 Mandatory: false, 800 Aliases: []config.Alias{}, 801 Default: false, 802 }, 803 { 804 Name: "serverUrl", 805 ResourceRef: []config.ResourceReference{}, 806 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 807 Type: "string", 808 Mandatory: true, 809 Aliases: []config.Alias{{Name: "fortifyServerUrl"}, {Name: "sscUrl", Deprecated: true}}, 810 Default: os.Getenv("PIPER_serverUrl"), 811 }, 812 { 813 Name: "pullRequestMessageRegexGroup", 814 ResourceRef: []config.ResourceReference{}, 815 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 816 Type: "int", 817 Mandatory: false, 818 Aliases: []config.Alias{}, 819 Default: 1, 820 }, 821 { 822 Name: "deltaMinutes", 823 ResourceRef: []config.ResourceReference{}, 824 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 825 Type: "int", 826 Mandatory: false, 827 Aliases: []config.Alias{}, 828 Default: 5, 829 }, 830 { 831 Name: "spotCheckMinimum", 832 ResourceRef: []config.ResourceReference{}, 833 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 834 Type: "int", 835 Mandatory: false, 836 Aliases: []config.Alias{}, 837 Default: 1, 838 }, 839 { 840 Name: "fprDownloadEndpoint", 841 ResourceRef: []config.ResourceReference{}, 842 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 843 Type: "string", 844 Mandatory: false, 845 Aliases: []config.Alias{{Name: "fortifyFprDownloadEndpoint"}}, 846 Default: `/download/currentStateFprDownload.html`, 847 }, 848 { 849 Name: "versioningModel", 850 ResourceRef: []config.ResourceReference{}, 851 Scope: []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"}, 852 Type: "string", 853 Mandatory: false, 854 Aliases: []config.Alias{{Name: "defaultVersioningModel", Deprecated: true}}, 855 Default: `major`, 856 }, 857 { 858 Name: "pythonInstallCommand", 859 ResourceRef: []config.ResourceReference{}, 860 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 861 Type: "string", 862 Mandatory: false, 863 Aliases: []config.Alias{}, 864 Default: `{{.Pip}} install --user .`, 865 }, 866 { 867 Name: "reportTemplateId", 868 ResourceRef: []config.ResourceReference{}, 869 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 870 Type: "int", 871 Mandatory: false, 872 Aliases: []config.Alias{}, 873 Default: 18, 874 }, 875 { 876 Name: "filterSetTitle", 877 ResourceRef: []config.ResourceReference{}, 878 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 879 Type: "string", 880 Mandatory: false, 881 Aliases: []config.Alias{}, 882 Default: `SAP`, 883 }, 884 { 885 Name: "pullRequestName", 886 ResourceRef: []config.ResourceReference{}, 887 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 888 Type: "string", 889 Mandatory: false, 890 Aliases: []config.Alias{}, 891 Default: os.Getenv("PIPER_pullRequestName"), 892 }, 893 { 894 Name: "pullRequestMessageRegex", 895 ResourceRef: []config.ResourceReference{}, 896 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 897 Type: "string", 898 Mandatory: false, 899 Aliases: []config.Alias{}, 900 Default: `.*Merge pull request #(\\d+) from.*`, 901 }, 902 { 903 Name: "buildTool", 904 ResourceRef: []config.ResourceReference{}, 905 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 906 Type: "string", 907 Mandatory: false, 908 Aliases: []config.Alias{}, 909 Default: `maven`, 910 }, 911 { 912 Name: "projectSettingsFile", 913 ResourceRef: []config.ResourceReference{}, 914 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 915 Type: "string", 916 Mandatory: false, 917 Aliases: []config.Alias{{Name: "maven/projectSettingsFile"}}, 918 Default: os.Getenv("PIPER_projectSettingsFile"), 919 }, 920 { 921 Name: "globalSettingsFile", 922 ResourceRef: []config.ResourceReference{}, 923 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 924 Type: "string", 925 Mandatory: false, 926 Aliases: []config.Alias{{Name: "maven/globalSettingsFile"}}, 927 Default: os.Getenv("PIPER_globalSettingsFile"), 928 }, 929 { 930 Name: "m2Path", 931 ResourceRef: []config.ResourceReference{}, 932 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 933 Type: "string", 934 Mandatory: false, 935 Aliases: []config.Alias{{Name: "maven/m2Path"}}, 936 Default: os.Getenv("PIPER_m2Path"), 937 }, 938 { 939 Name: "verifyOnly", 940 ResourceRef: []config.ResourceReference{}, 941 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 942 Type: "bool", 943 Mandatory: false, 944 Aliases: []config.Alias{}, 945 Default: false, 946 }, 947 { 948 Name: "installArtifacts", 949 ResourceRef: []config.ResourceReference{}, 950 Scope: []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"}, 951 Type: "bool", 952 Mandatory: false, 953 Aliases: []config.Alias{}, 954 Default: false, 955 }, 956 { 957 Name: "createResultIssue", 958 ResourceRef: []config.ResourceReference{ 959 { 960 Name: "commonPipelineEnvironment", 961 Param: "custom/optimizedAndScheduled", 962 }, 963 }, 964 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 965 Type: "bool", 966 Mandatory: false, 967 Aliases: []config.Alias{}, 968 Default: false, 969 }, 970 }, 971 }, 972 Containers: []config.Container{ 973 {}, 974 }, 975 Outputs: config.StepOutputs{ 976 Resources: []config.StepResources{ 977 { 978 Name: "influx", 979 Type: "influx", 980 Parameters: []map[string]interface{}{ 981 {"name": "step_data", "fields": []map[string]string{{"name": "fortify"}}}, 982 {"name": "fortify_data", "fields": []map[string]string{{"name": "projectName"}, {"name": "projectVersion"}, {"name": "projectVersionId"}, {"name": "violations"}, {"name": "corporateTotal"}, {"name": "corporateAudited"}, {"name": "auditAllTotal"}, {"name": "auditAllAudited"}, {"name": "spotChecksTotal"}, {"name": "spotChecksAudited"}, {"name": "spotChecksGap"}, {"name": "suspicious"}, {"name": "exploitable"}, {"name": "suppressed"}}}, 983 }, 984 }, 985 { 986 Name: "reports", 987 Type: "reports", 988 Parameters: []map[string]interface{}{ 989 {"filePattern": "**/*.PDF", "type": "fortify"}, 990 {"filePattern": "**/*.fpr", "type": "fortify"}, 991 {"filePattern": "**/fortify-scan.*", "type": "fortify"}, 992 {"filePattern": "**/toolrun_fortify_*.json", "type": "fortify"}, 993 {"filePattern": "**/piper_fortify_report.json", "type": "fortify"}, 994 {"filePattern": "**/piper_fortify_report.html", "type": "fortify"}, 995 }, 996 }, 997 }, 998 }, 999 }, 1000 } 1001 return theMetaData 1002 }