SAP-master 2023-08-22 upstream update #28
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Initial in progress * compiling but not yet functional * Missed file * updated checkmarxone step * Working up to fetching a project then breaks * Missed file * Breaks when retrieving projects+proxy set * Create project & run scan working, now polling * Fixed polling * added back the zipfile remove command * Fixed polling again * Generates and downloads PDF report * Updated and working, prep for refactor * Added compliance steps * Cleanup, reporting, added groovy connector * fixed groovy file * checkmarxone to checkmarxOne * checkmarxone to checkmarxOne * split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix * Fixed filenames & yaml * missed the metadata_generated.go * added json to sarif conversion * fix:type in new checkmarxone package * fix:type in new checkmarxone package * removed test logs, added temp error log for creds * extra debugging to fix crash * improved auth logging, fixed query parse issue * fixed bug with group fetch when using oauth user * CWE can be -1 if not defined, can't be uint * Query also had CweID * Disabled predicates-fetch in sarif generation * Removing leftover info log message * Better error handling * fixed default preset configuration * removing .bat files - sorry * Cleanup per initial review * refactoring per Gist, fixed project find, add apps * small fix - sorry for commit noise while testing * Fixing issues with incremental scans. * removing maxretries * Updated per PR feedback, further changes todo toda * JSON Report changes and reporting cleanup * removing .bat (again?) * adding docs, groovy unit test, linter fixes * Started adding tests maybe 15% covered * fix(checkmarxOne): test cases for pkg and reporting * fix(checkmarxOne):fix formatting * feat(checkmarxone): update interface with missing method * feat(checkmarxone):change runStep signature to be able to inject dependency * feat(checkmarxone): add tests for step (wip) * Adding a bit more coverage * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix integration test PR --------- Co-authored-by: thtri <[email protected]> Co-authored-by: Thanh-Hai Trinh <[email protected]>
…AP#4238) Co-authored-by: Philipp Stehle <[email protected]> Co-authored-by: Ralf Pannemans <[email protected]>
Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Jan von Loewenstein <[email protected]>
* fix(npm): Update npm cycloneDx to cyclonedx-npm * Remove --no-validate and fix ut * remove global * Change to npm * Apply suggestions from code review --------- Co-authored-by: Christopher Fenner <[email protected]>
* Add proxy config for sonar scan step Update sonar.go Import fmt Update sonar.go Use serverUrl from config Update sonarExecuteScan.go Add proxy param Add proxy check Update sonarExecuteScan.go Update sonarExecuteScan.go Update http.go Update sonarExecuteScan.go Update sonarExecuteScan.go Add env variable Fix typo Fix string Split host port Typo Remove echoes * Code review change * Refactor * Update cmd/sonarExecuteScan.go Co-authored-by: dimitrij-afonitschkin <[email protected]> * Add proxy config for sonar scan step Update sonar.go Import fmt Update sonar.go Use serverUrl from config Update sonarExecuteScan.go Add proxy param Add proxy check Update sonarExecuteScan.go Update sonarExecuteScan.go Update http.go Update sonarExecuteScan.go Update sonarExecuteScan.go Add env variable Fix typo Fix string Split host port Typo Remove echoes * Code review change * Refactor * Update cmd/sonarExecuteScan.go Co-authored-by: dimitrij-afonitschkin <[email protected]> * Add compatability to other usecases --------- Co-authored-by: dimitrij-afonitschkin <[email protected]>
* Uprade sonar scanner cli version to 4.8 * Update download url
…AP#4360) * created wrapper * tests added * update documentation * tests data race fix --------- Co-authored-by: Jordi van Liempt <[email protected]>
…AP#4332) * kubernetesDeploy: Add kube-context parameter for helm test command * Resolve merge conflict
* output version pin for cyclonedx * test fix --------- Co-authored-by: Vyacheslav Starostin <[email protected]>
Co-authored-by: Ashly Mathew <[email protected]> Co-authored-by: Vyacheslav Starostin <[email protected]>
* feat(whitesourceExecuteScan) allow to specify InstallCommand * reorder imports --------- Co-authored-by: sumeet patil <[email protected]> Co-authored-by: Andrei Kireev <[email protected]>
…lts (SAP#4370) pagination call for getting code scanning results --------- Co-authored-by: sumeet patil <[email protected]>
…#4387) * Initial in progress * compiling but not yet functional * Missed file * updated checkmarxone step * Working up to fetching a project then breaks * Missed file * Breaks when retrieving projects+proxy set * Create project & run scan working, now polling * Fixed polling * added back the zipfile remove command * Fixed polling again * Generates and downloads PDF report * Updated and working, prep for refactor * Added compliance steps * Cleanup, reporting, added groovy connector * fixed groovy file * checkmarxone to checkmarxOne * checkmarxone to checkmarxOne * split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix * Fixed filenames & yaml * missed the metadata_generated.go * added json to sarif conversion * fix:type in new checkmarxone package * fix:type in new checkmarxone package * removed test logs, added temp error log for creds * extra debugging to fix crash * improved auth logging, fixed query parse issue * fixed bug with group fetch when using oauth user * CWE can be -1 if not defined, can't be uint * Query also had CweID * Disabled predicates-fetch in sarif generation * Removing leftover info log message * Better error handling * fixed default preset configuration * removing .bat files - sorry * Cleanup per initial review * refactoring per Gist, fixed project find, add apps * small fix - sorry for commit noise while testing * Fixing issues with incremental scans. * removing maxretries * Updated per PR feedback, further changes todo toda * JSON Report changes and reporting cleanup * removing .bat (again?) * adding docs, groovy unit test, linter fixes * Started adding tests maybe 15% covered * fix(checkmarxOne): test cases for pkg and reporting * fix(checkmarxOne):fix formatting * feat(checkmarxone): update interface with missing method * feat(checkmarxone):change runStep signature to be able to inject dependency * feat(checkmarxone): add tests for step (wip) * Adding a bit more coverage * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix integration test PR * adding scan-summary bug workaround, reportgen fail * enforceThresholds fix when no results passed in * fixed gap when preset empty in yaml & project conf * fixed another gap in preset selection * fix 0-result panic * fail when no preset is set anywhere * removed comment --------- Co-authored-by: thtri <[email protected]> Co-authored-by: Thanh-Hai Trinh <[email protected]>
Co-authored-by: Alexander Link <[email protected]> Co-authored-by: Alexander Link <[email protected]>
Fix glob pattern for resolving eslint files Do not swallow exception when resolving lint files
…edentials (SAP#4378) * enhancing protecode with registry credentials * Use protecodeUtils instead of separate package * Add target path for docker config to be created * Fix tests * Fix build flags --------- Co-authored-by: Vyacheslav Starostin <[email protected]>
) * Adjust npmExecuteLint (output-format, print output to console) Co-authored-by: Srinikitha Kondreddy <[email protected]>
…4409) * added waiting for the sarif file uploaded & tests * increased polling time, added timeout for waiting response from server & tests * fixed handling error while waiting sarif uploaded * added params for checking sarif uploaded & refactor * added test logs * fixed logs and test * added returning missed error * changed params descriptions and server response error processing processing * fixed retrying logic * increased polling timeout params & refactored
…ter (SAP#4415) Co-authored-by: Andrei Kireev <[email protected]>
…VAULTCREDENTIAL_ (SAP#4468) * only expand environment variables start with PIPER_VAULTCREDENTIAL_ * use VaultCredentialEnvPrefixDefault instead of hard coding * go fmt --------- Co-authored-by: Vyacheslav Starostin <[email protected]>
* Add details for EOF errors * Add testcase * remove test * Add unit test
Co-authored-by: sumeet patil <[email protected]>
Co-authored-by: sumeet patil <[email protected]>
* Hand over Tag to bf --------- Co-authored-by: rosemarieB <[email protected]>
* fix(checkmarxOne): changed json report
* chore(stash): add .cds file for SAP CAP
* fix(checkmarxOne): added missing report * added missing files after go generate
* adding log of cyclonedx * fix test * fix integration test * fix assertion of test --------- Co-authored-by: asadu <[email protected]>
* fix data race * fix test --------- Co-authored-by: Egor Balakin <[email protected]>
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.17+incompatible to 20.10.24+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v20.10.17...v20.10.24) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add optional verbose logging for kaniko command * change order of conditional arg appending * change kaniko verbosity from trace to debug * change kaniko verbosity from trace to debug --------- Co-authored-by: I557621 <[email protected]>
* kanikoExecute: add MultipleImages option --------- Co-authored-by: Egor Balakin <[email protected]>
Co-authored-by: Pavel Busko <[email protected]>
Co-authored-by: Pavel Busko <[email protected]>
…ge (SAP#4476) * implement deactivation logic * add step condition field * add unit test and fix evaluateConditions * add unit test for v1 and fix evaluateConditionsV1 * rollback old evaluator * rollback v1 evaluator * move into notActiveCondition and fix unit tests * add a comment about sapCumulusUpload step * optimize evaluateConditionsV1 parameters and map memory allocation * refactor unit tests and add more test cases * evaluateConditionsV1 refactored --------- Co-authored-by: Gulom Alimov <[email protected]> Co-authored-by: Jordi van Liempt <[email protected]>
Co-authored-by: Egor Balakin <[email protected]>
* quickly try to only specify base private repo URLs with git config * fix the test * refactoring of private modules * test * fix test * fix url * typo * Adding gitConfiguration * typo * unit test * unit test --------- Co-authored-by: I557621 <[email protected]> Co-authored-by: aibaend1 <[email protected]> Co-authored-by: asadu <[email protected]>
…in SARIF file for whitesource (SAP#4465) * Unified audit state for whitesource step * reverted unrelated to pr changes * go fmt * Fixed tests and formating * fixed format issue in whitesource/reporting.go --------- Co-authored-by: sumeet patil <[email protected]>
* update all deprecated ioutil usages * forgotten changes * add missing imports * undo changing comment * add missing 'os' import * fix integration test --------- Co-authored-by: I557621 <[email protected]> Co-authored-by: Gulom Alimov <[email protected]>
* Temporary commented adition of ignored alerts to the all alerts * Removed adding from other places
…AP#4430) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix githubPublishRelease --------- Co-authored-by: Egor Balakin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes