Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

March23 integration #137

Open
wants to merge 60 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 57 commits
Commits
Show all changes
60 commits
Select commit Hold shift + click to select a range
05f4bc0
SSL/TLS validation is disabled by default
swatiawate1 Mar 16, 2023
d1028fe
Merged Code from bug_776_latest branch
SubhadraSahoo Mar 16, 2023
93dd7e3
Fixed build status while threshold exceeded in SCA
nidhi0512 Mar 31, 2023
de751cd
add retention rate settings
Khant1000 Apr 18, 2023
bd8cd65
Merge pull request #119 from jenkinsci/jobStatusOnError
nidhi0512 May 18, 2023
0ac7891
Merge pull request #118 from jenkinsci/Plug51
nidhi0512 May 18, 2023
0b4f3d3
Merge pull request #116 from jenkinsci/ssl_server_certificate_validation
nidhi0512 May 18, 2023
cb57a27
Merge pull request #120 from jenkinsci/bug_776_latest_merge
nidhi0512 May 18, 2023
924ecbf
Merge branch 'march23-integration' into ScaResolverAddParams
nidhi0512 May 19, 2023
7f6ed7f
Merge pull request #123 from jenkinsci/ScaResolverAddParams
nidhi0512 May 19, 2023
6eb876a
Updated Plugin Version
nidhi0512 May 19, 2023
ef3b673
Report with results of both SCA and SAST from Jenkins Plugin
swatiawate1 May 19, 2023
be271ce
updated scaresolver additional param
nidhi0512 May 21, 2023
55f0c88
Removed unwanted code changes for issue related to sca report generation
swatiawate1 May 22, 2023
6429f11
Merge pull request #124 from jenkinsci/plug_49_sca_reports
swatiawate1 May 22, 2023
982c450
Added UI and log level validation for Exploitable Path params in SCA …
nidhi0512 May 22, 2023
24f7e40
support 0 value for data retention
Khant1000 May 25, 2023
3a1c812
Added UI Validations and Log Messages for SCA Resolver Additional Par…
nidhi0512 May 25, 2023
2307896
Resolving Merge Conflict
nidhi0512 May 25, 2023
3aaf0aa
Resolving Merge Conflict
nidhi0512 May 25, 2023
d2271e1
log update
Khant1000 May 26, 2023
98de0aa
Merge pull request #126 from jenkinsci/ScaResolverAddParams
nidhi0512 May 26, 2023
b6f3b52
Updated plugin version
nidhi0512 May 26, 2023
6086853
Merge pull request #125 from jenkinsci/Plug51
Khant1000 May 26, 2023
68b3b7d
fixed issue regarding sca report generation and did ui changes
swatiawate1 May 26, 2023
d755101
Merge branch 'march23-integration' into plug_49_sca_reports
swatiawate1 May 26, 2023
8e86415
Merge pull request #127 from jenkinsci/plug_49_sca_reports
swatiawate1 May 26, 2023
aa2954a
Updated warning and error UI and log messages for Sca Resolver Add Pa…
nidhi0512 May 27, 2023
f7ed3d8
Fixed issue regarding sca pdf file getting generated in build directory.
swatiawate1 May 29, 2023
1be9e91
warning for 0 retention rate
Khant1000 May 29, 2023
1d94f7f
Merge pull request #128 from jenkinsci/ScaResolverAddParams
nidhi0512 May 29, 2023
14e80c7
updated plugin version
nidhi0512 May 29, 2023
3e28ebe
Merge pull request #129 from jenkinsci/plug_49_sca_reports
swatiawate1 May 29, 2023
7a58f83
worning change
Khant1000 May 29, 2023
88f08b8
Updated title of Checkbox of Generate CxSCA Report
swatiawate1 May 29, 2023
c8a4291
Merge pull request #130 from jenkinsci/bugfixPlug51
Khant1000 May 29, 2023
5393282
Merge pull request #131 from jenkinsci/plug_49_sca_reports
swatiawate1 May 29, 2023
55f45a5
Updated org.json version
nidhi0512 May 30, 2023
c383872
bugFix for UI
Khant1000 May 30, 2023
fe5dc35
version change
Khant1000 May 30, 2023
9675394
Merge pull request #132 from jenkinsci/ScaResolverAddParams
Khant1000 May 30, 2023
53b431c
Merge pull request #133 from jenkinsci/bugfixPlug51UI
Khant1000 May 30, 2023
92904cf
Changed log and UI warning and error messages and Tooltips messages
nidhi0512 May 31, 2023
3d802c6
Merge branch 'march23-integration' into ScaResolverAddParams
nidhi0512 May 31, 2023
f064c88
Update gradle.properties
nidhi0512 May 31, 2023
22a05c5
corrected grammar for log messages
nidhi0512 May 31, 2023
2116542
Merge pull request #134 from jenkinsci/ScaResolverAddParams
Khant1000 May 31, 2023
46873e1
Added error messages in Case of exp path params
nidhi0512 May 31, 2023
997c5f8
Merge pull request #135 from jenkinsci/ScaResolverAddParams
nidhi0512 May 31, 2023
2687a49
Changed log messages
nidhi0512 Jun 1, 2023
c9f887d
Merge branch 'march23-integration' into ScaResolverAddParams
nidhi0512 Jun 1, 2023
0c205ac
updated log messages
nidhi0512 Jun 1, 2023
4e4cf64
Update help-scaResolverAddParameters.html
nidhi0512 Jun 1, 2023
14fe698
updated plugin version and log messages
nidhi0512 Jun 1, 2023
3a47d5f
Merge branch 'ScaResolverAddParams' of https://github.com/jenkinsci/c…
nidhi0512 Jun 1, 2023
c43fa3e
Updated log messages
nidhi0512 Jun 1, 2023
a739857
Merge pull request #136 from jenkinsci/ScaResolverAddParams
nidhi0512 Jun 1, 2023
6e78499
Merge branch 'master' into march23-integration
nidhi0512 Jun 1, 2023
2195e5d
Merge branch 'march23-integration' of https://github.com/jenkinsci/ch…
nidhi0512 Jun 1, 2023
a79d5e8
Update CxScanBuilder.java
nidhi0512 Jun 1, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ dependencies {
exclude group: 'org.apache.commons', module: 'commons-compress'
exclude group: 'org.yaml' , module: 'snakeyaml'
exclude group: 'com.google.code.gson', module: 'gson'
exclude group: 'org.json', module: 'json'
}

compile 'com.fasterxml.jackson.core:jackson-core:2.11.3',
Expand All @@ -70,7 +71,9 @@ dependencies {
'org.apache.logging.log4j:log4j-core:2.17.1',
'org.apache.commons:commons-compress:1.22',
'com.google.code.gson:gson:2.8.9',
'org.yaml:snakeyaml:1.33'
'org.yaml:snakeyaml:1.33',
'org.json:json:20230227'

constraints {
implementation('io.vertx:vertx-web:3.9.7') {
because 'previous versions have a bug impacting this application'
Expand Down
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface.
group = com.checkmarx.jenkins
version = 2022.4.3
version = 2023.2.6

repositoryVersion=

Expand Down
618 changes: 503 additions & 115 deletions src/main/java/com/checkmarx/jenkins/CxScanBuilder.java

Large diffs are not rendered by default.

14 changes: 14 additions & 0 deletions src/main/java/com/checkmarx/jenkins/CxScanResult.java
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ public class CxScanResult implements Action {

private File pdfReport;
public static final String PDF_REPORT_NAME = "ScanReport.pdf";

public static final String SCA_PDF_REPORT_NAME = "ScaPdfReport.pdf";
private boolean osaSuccessful; //osa fails flag for jelly

private String htmlReportName;
Expand Down Expand Up @@ -233,6 +235,18 @@ public void doPdfReport(StaplerRequest req, StaplerResponse rsp) throws IOExcept
outputStream.close();
}

public void doScaPdfReport(StaplerRequest req, StaplerResponse rsp) throws IOException {
rsp.setContentType("application/pdf");
ServletOutputStream outputStream = rsp.getOutputStream();
File buildDirectory = owner.getRootDir();
File b = new File(buildDirectory, "/checkmarx/" + SCA_PDF_REPORT_NAME);

IOUtils.copy(b, outputStream);

outputStream.flush();
outputStream.close();
}

static String resolveHTMLReportName(boolean sastEnabled, ScannerType dependencyScanner) {
final String POSTFIX = ".html";
String result = "Report";
Expand Down
9 changes: 9 additions & 0 deletions src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,9 @@ public class DependencyScanConfig {
@DataBoundSetter
public Integer scaTimeout;

@DataBoundSetter
public boolean generateScaReport;

@DataBoundSetter
public boolean isIncludeSources;

Expand All @@ -89,9 +92,15 @@ public class DependencyScanConfig {
@DataBoundSetter
public String scaResolverAddParameters;

@DataBoundSetter
public String globalScaResolverAddParameters;

@DataBoundSetter
public boolean isExploitablePathByScaResolver;

@DataBoundSetter
public boolean isGlobalExploitablePathByScaResolver;

@DataBoundSetter
public String fsaVariables;

Expand Down
15 changes: 15 additions & 0 deletions src/main/java/com/checkmarx/jenkins/ScaReportFormat.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package com.checkmarx.jenkins;

public enum ScaReportFormat {
PDF("PDF"), XML("XML"), CSV("CSV"), JSON("JSON"), cyclonedxjson("cyclonedxjson"), cyclonedxxml("cyclonedxxml");

private final String displayName;

ScaReportFormat(String displayName) {
this.displayName = displayName;
}

public String getDisplayName() {
return displayName;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,19 @@
<f:entry title="Preset" field="preset">
<f:select />
</f:entry>

<j:choose>
<j:when test="${descriptor.enableDataRetention}">
<f:optionalBlock title="Override global scan retention settings" name="overrideGlobalRetentionRate"
checked="${instance.overrideGlobalRetentionRate}" inline="true">
<f:entry title="Scan Retention rate (number of scan)" field="projectRetentionRate">
<f:number clazz="number" min="0" max="10000" step="1" default="${descriptor.projectRetentionRateEnforce}" checkMethod="POST" />
</f:entry>
</f:optionalBlock>
</j:when>
<j:otherwise>
<f:description>Global settings option for Data Retention is disabled</f:description>
</j:otherwise>
</j:choose>
<!-- GLOBAL INCLUDE\EXCLUDE -->
<f:radioBlock checked="${instance == null || instance.exclusionsSetting == null || instance.exclusionsSetting.equals('global')}" inline="true"
name="exclusionsSetting" title="Use Global Include/Exclude Settings" value="global">
Expand Down Expand Up @@ -128,8 +140,6 @@
<f:optionalBlock title="Enable Override Project Setting" inline="true" field="overrideProjectSetting" checked="${instance==null?false:instance.overrideProjectSetting}" />
</f:optionalBlock>
<f:optionalBlock title="Skip scan if triggered by SCM Changes" inline="true" field="skipSCMTriggers" />


<f:section title="Dependency Scan" />
<f:optionalBlock title="Enable dependency scan" field="dependencyScanConfig"
checked="${instance.dependencyScanConfig != null}">
Expand Down Expand Up @@ -200,12 +210,11 @@
<f:entry title="Path to SCA Resolver" field="pathToScaResolver">
<f:textbox value="${instance.dependencyScanConfig.pathToScaResolver}" />
</f:entry>

<f:entry title="SCA Resolver Additional Parameters" field="scaResolverAddParameters">
<f:textarea value="${instance.dependencyScanConfig.scaResolverAddParameters}" />
</f:entry>
<f:optionalBlock title="Enable Exploitable Path" field="isExploitablePathByScaResolver" inline="true" checked="${instance.dependencyScanConfig.isExploitablePathByScaResolver}">
</f:optionalBlock>
<f:entry title="SCA Resolver Additional Parameters" field="scaResolverAddParameters">
<f:textarea value="${instance.dependencyScanConfig.scaResolverAddParameters}" />
</f:entry>
</f:radioBlock>
<f:radioBlock checked="${instance.dependencyScanConfig.enableScaResolver == null || instance.dependencyScanConfig.enableScaResolver == 'MANIFEST'}" inline="true"
name="enableScaResolver" title="Perform SCA scan by uploading manifests file(s)/source to SCA Service."
Expand Down Expand Up @@ -313,6 +322,15 @@
<!-- -= Generate PDF report =- -->
<f:optionalBlock title="Generate CxSAST PDF report" inline="true" field="generatePdfReport" />

<!-- -= generateScaReport =- -->
<f:optionalBlock title="Generate CxSCA report" inline="true" field="generateScaReport" checkMethod="POST"
checked="${instance.generateScaReport &amp;&amp; instance.dependencyScanConfig.dependencyScannerType == 'SCA'}">

<f:entry name="scaReportFormat" title="Report Format:" field="scaReportFormat">
<f:enum field="scaReportFormat">${it.displayName}</f:enum>
</f:entry>
</f:optionalBlock>

<!-- -= enableProjectPolicyEnforcement =- -->
<f:optionalBlock title="Enable Project's policy enforcement" inline="true" field="enableProjectPolicyEnforcement" />

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
<f:optionalBlock title="Use Jenkins proxy" inline="true" field="isProxy" />

<f:validateButton title="Test Connection" progress="Testing..." method="testConnection"
with="isProxy,serverUrl,username,password,timestamp,credentialsId" />
with="enableCertificateValidation,isProxy,serverUrl,username,password,timestamp,credentialsId" />

<f:entry title="Maven Path" field="mvnPath">
<f:textbox/>
Expand All @@ -56,6 +56,7 @@
<f:textbox/>
</f:entry>


<f:entry title="Default Include/Exclude wildcard patterns" field="filterPattern">
<f:textarea default="${descriptor.DEFAULT_FILTER_PATTERNS}"/>
</f:entry>
Expand Down Expand Up @@ -176,11 +177,11 @@
<f:textbox value="${descriptor.dependencyScanConfig.pathToScaResolver}" />
</f:entry>

<f:entry title="SCA Resolver Additional Parameters" field="scaResolverAddParameters">
<f:textarea value="${descriptor.dependencyScanConfig.scaResolverAddParameters}" />
</f:entry>
<f:optionalBlock title="Enable Exploitable Path" field="isExploitablePathByScaResolver" inline="true" checked="${descriptor.dependencyScanConfig.isExploitablePathByScaResolver}">
<f:optionalBlock title="Enable Exploitable Path" field="isGlobalExploitablePathByScaResolver" inline="true" checked="${descriptor.dependencyScanConfig.isGlobalExploitablePathByScaResolver}">
</f:optionalBlock>
<f:entry title="SCA Resolver Additional Parameters" field="globalScaResolverAddParameters">
<f:textarea value="${descriptor.dependencyScanConfig.globalScaResolverAddParameters}" />
</f:entry>
</f:radioBlock>
<f:radioBlock checked="${descriptor.dependencyScanConfig.enableScaResolver == null || descriptor.dependencyScanConfig.enableScaResolver == 'MANIFEST'}" inline="true"
name="enableScaResolver" title="Perform SCA scan by uploading manifests file(s)/source to SCA Service."
Expand Down Expand Up @@ -210,6 +211,12 @@
</f:optionalBlock>
</f:radioBlock>
</f:radioBlock>
</f:optionalBlock>
<f:optionalBlock title="Enable Data Retention" inline="true"
field="enableDataRetention">
<f:entry title="Scan Retention rate (number of scan)" field="projectRetentionRateEnforce">
<f:number clazz="positive-number" min="1" max="10000" step="1" default="10" checkMethod="POST" />
</f:entry>
</f:optionalBlock>
<f:optionalBlock title="Hide Debug Logs" inline="true" field="hideDebugLogs"/>
</f:section>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<div>
Enables the option to set number for scan to retain while creating project.
</div>
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
<div>
When this flag is enabled, the plugin will use SCA Resolver utility to scan dependencies.
When this flag is enabled, the plugin will use SCA Resolver utility to scan dependencies. ScaResolver tool will be executed in offline mode.
</div>
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<div>
Downloads a report with scan results from the Checkmarx server. The report is available via a link on "Checkmarx Scan Results" page.
</div>
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
<div>
<p>For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided.</p>
<p>For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile</p>
<p> "-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.</p>
</div>
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<div>
<p>"Enable Exploitable Path" option can be checked to enable the exploitable path</p>
<p> "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path" are mandatory parameters for exploitable path detection that can be inherited from job or global arguments. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters. </p>
<p> Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result </p>
<p>For Exploitable Path Detections, SCA Resolver needs to connect to the SAST server, thus it needs the following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".</p>
<p> The plugin can automatically determine these parameters from the SAST parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.</p>
<p>Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result</p>
</div>
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
<div>
<p>For Exploitable Path Detections, SCA Resolver needs to connect to the SAST server, thus it needs the following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".</p>
<p> The plugin can automatically determine these parameters from the SAST parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.</p>
<p>Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result</p>
</div>
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
<div>
Provide arguments to ScaResovler tool in the same format as supported by the ScaResolver tool. ScaResolver tool will be executed in offline mode.
<p>"-s", "-n" and "-r" are mandatory parameters that can be inherited from job level arguments. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.</p>
<p>Example: -s C:\Users\SampleProject -n ProjectName -r c:\output, where</p>
<p> -s: Path to the source code</p>
<p> -n: name of the project</p>
<p> -r: local machine path where the evidence file must be stored</p>
</div>
<p>For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided.</p>
<p>For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile</p>
<p> "-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.</p>
</div>