SIGINT-1198 - SARIF report generation (#35)

BLACKDUCK and POLARIS SARIF REPORT SUPPORT --------- Co-authored-by: Synopsys DSi <synopsys.dsi@gmail.com> Co-authored-by: Maksudur Rahman Maruf <maruf.bsnm@gmail.com> Co-authored-by: jraihan <jahid.raihan@dsinnovators.com> Co-authored-by: Akib Uz Zaman <akibuz@synopsys.com> Co-authored-by: Maksudur Rahman Maruf <maksudur@synopsys.com> Co-authored-by: Maksudur Rahman Maruf <43263023+maksudur-rahman-maruf@users.noreply.github.com> Co-authored-by: Akib Uz Zaman <42386528+zaman-akib@users.noreply.github.com> Co-authored-by: jraihan <jahid@synopsys.com>
jenkinsci · Feb 23, 2024 · 5a2965e · 5a2965e
1 parent 11c5957
commit 5a2965e
Show file tree

Hide file tree

Showing 44 changed files with 917 additions and 74 deletions.
diff --git a/src/main/java/io/jenkins/plugins/synopsys/security/scan/SecurityScanner.java b/src/main/java/io/jenkins/plugins/synopsys/security/scan/SecurityScanner.java
@@ -10,11 +10,16 @@
 import io.jenkins.plugins.synopsys.security.scan.global.ApplicationConstants;
 import io.jenkins.plugins.synopsys.security.scan.global.LoggerWrapper;
 import io.jenkins.plugins.synopsys.security.scan.global.Utility;
+import io.jenkins.plugins.synopsys.security.scan.global.enums.ReportType;
+import io.jenkins.plugins.synopsys.security.scan.global.enums.SecurityProduct;
 import io.jenkins.plugins.synopsys.security.scan.service.ScannerArgumentService;
-import io.jenkins.plugins.synopsys.security.scan.service.diagnostics.DiagnosticsService;
+import io.jenkins.plugins.synopsys.security.scan.service.diagnostics.UploadReportService;
+import io.jenkins.plugins.synopsys.security.scan.service.scan.ScanParametersService;
+import java.io.File;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 public class SecurityScanner {
@@ -79,14 +84,45 @@ public int runScanner(Map<String, Object> scanParams, FilePath bridgeInstallatio
             scannerArgumentService.removeTemporaryInputJson(commandLineArgs);
 
             if (Objects.equals(scanParams.get(ApplicationConstants.INCLUDE_DIAGNOSTICS_KEY), true)) {
-                DiagnosticsService diagnosticsService = new DiagnosticsService(
+                UploadReportService uploadReportService = new UploadReportService(
                         run,
                         listener,
                         launcher,
                         envVars,
                         new ArtifactArchiver(ApplicationConstants.ALL_FILES_WILDCARD_SYMBOL));
-                diagnosticsService.archiveDiagnostics(
-                        workspace.child(ApplicationConstants.BRIDGE_DIAGNOSTICS_DIRECTORY));
+                uploadReportService.archiveReports(
+                        workspace.child(ApplicationConstants.BRIDGE_REPORT_DIRECTORY), ReportType.DIAGNOSTIC);
+            }
+
+            if (Objects.equals(scanParams.get(ApplicationConstants.BLACKDUCK_REPORTS_SARIF_CREATE_KEY), true)
+                    || Objects.equals(scanParams.get(ApplicationConstants.POLARIS_REPORTS_SARIF_CREATE_KEY), true)) {
+                ScanParametersService scanParametersService = new ScanParametersService(listener, envVars);
+                Set<String> scanType = scanParametersService.getSynopsysSecurityProducts(scanParams);
+                boolean isBlackDuckScan = scanType.contains(SecurityProduct.BLACKDUCK.name());
+                boolean isPolarisDuckScan = scanType.contains(SecurityProduct.POLARIS.name());
+                String defaultSarifReportFilePath = isBlackDuckScan
+                        ? ApplicationConstants.DEFAULT_BLACKDUCK_SARIF_REPORT_FILE_PATH.concat(
+                                ApplicationConstants.SARIF_REPORT_FILENAME)
+                        : isPolarisDuckScan
+                                ? ApplicationConstants.DEFAULT_POLARIS_SARIF_REPORT_FILE_PATH.concat(
+                                        ApplicationConstants.SARIF_REPORT_FILENAME)
+                                : "";
+
+                String customSarifReportFilePath = isBlackDuckScan
+                        ? (String) scanParams.get(ApplicationConstants.BLACKDUCK_REPORTS_SARIF_FILE_PATH_KEY)
+                        : isPolarisDuckScan
+                                ? (String) scanParams.get(ApplicationConstants.POLARIS_REPORTS_SARIF_FILE_PATH_KEY)
+                                : "";
+
+                String reportFilePath =
+                        customSarifReportFilePath != null ? customSarifReportFilePath : defaultSarifReportFilePath;
+                String reportFileName = customSarifReportFilePath != null
+                        ? new File(customSarifReportFilePath).getName()
+                        : ApplicationConstants.SARIF_REPORT_FILENAME;
+
+                UploadReportService uploadReportService =
+                        new UploadReportService(run, listener, launcher, envVars, new ArtifactArchiver(reportFileName));
+                uploadReportService.archiveReports(workspace.child(reportFilePath), ReportType.SARIF);
             }
         }
 

diff --git a/src/main/java/io/jenkins/plugins/synopsys/security/scan/extension/SecurityScan.java b/src/main/java/io/jenkins/plugins/synopsys/security/scan/extension/SecurityScan.java
@@ -69,5 +69,23 @@ public interface SecurityScan {
 
     public Boolean isNetwork_airgap();
 
+    public Boolean isBlackduck_reports_sarif_create();
+
+    public String getBlackduck_reports_sarif_file_path();
+
+    public Boolean isBlackduck_reports_sarif_groupSCAIssues();
+
+    public String getBlackduck_reports_sarif_severities();
+
     public Boolean isReturn_status();
+
+    public Boolean isPolaris_reports_sarif_create();
+
+    public String getPolaris_reports_sarif_file_path();
+
+    public Boolean isPolaris_reports_sarif_groupSCAIssues();
+
+    public String getPolaris_reports_sarif_severities();
+
+    public String getPolaris_reports_sarif_issue_types();
 }
diff --git a/.../io/jenkins/plugins/synopsys/security/scan/extension/freestyle/SecurityScanFreestyle.java b/.../io/jenkins/plugins/synopsys/security/scan/extension/freestyle/SecurityScanFreestyle.java
@@ -39,6 +39,10 @@ public class SecurityScanFreestyle extends Builder implements SecurityScan, Simp
     //    private Boolean blackduck_automation_fixpr;
     private Boolean blackduck_automation_prcomment;
     private String blackduck_download_url;
+    private Boolean blackduck_reports_sarif_create;
+    private String blackduck_reports_sarif_file_path;
+    private Boolean blackduck_reports_sarif_groupSCAIssues;
+    private String blackduck_reports_sarif_severities;
 
     private String coverity_url;
     private String coverity_user;
@@ -59,6 +63,11 @@ public class SecurityScanFreestyle extends Builder implements SecurityScan, Simp
     private String polaris_triage;
     private String polaris_branch_name;
     //    private String polaris_branch_parent_name;
+    private Boolean polaris_reports_sarif_create;
+    private String polaris_reports_sarif_file_path;
+    private String polaris_reports_sarif_issue_types;
+    private Boolean polaris_reports_sarif_groupSCAIssues;
+    private String polaris_reports_sarif_severities;
 
     private transient String bitbucket_token;
 
@@ -110,6 +119,22 @@ public String getBlackduck_download_url() {
         return blackduck_download_url;
     }
 
+    public Boolean isBlackduck_reports_sarif_create() {
+        return blackduck_reports_sarif_create;
+    }
+
+    public String getBlackduck_reports_sarif_file_path() {
+        return blackduck_reports_sarif_file_path;
+    }
+
+    public Boolean isBlackduck_reports_sarif_groupSCAIssues() {
+        return blackduck_reports_sarif_groupSCAIssues;
+    }
+
+    public String getBlackduck_reports_sarif_severities() {
+        return blackduck_reports_sarif_severities;
+    }
+
     public String getCoverity_url() {
         return coverity_url;
     }
@@ -178,6 +203,26 @@ public String getPolaris_branch_name() {
         return polaris_branch_name;
     }
 
+    public Boolean isPolaris_reports_sarif_create() {
+        return polaris_reports_sarif_create;
+    }
+
+    public String getPolaris_reports_sarif_file_path() {
+        return polaris_reports_sarif_file_path;
+    }
+
+    public Boolean isPolaris_reports_sarif_groupSCAIssues() {
+        return polaris_reports_sarif_groupSCAIssues;
+    }
+
+    public String getPolaris_reports_sarif_severities() {
+        return polaris_reports_sarif_severities;
+    }
+
+    public String getPolaris_reports_sarif_issue_types() {
+        return polaris_reports_sarif_issue_types;
+    }
+
     public String getBitbucket_token() {
         return bitbucket_token;
     }
@@ -260,6 +305,26 @@ public void setBlackduck_download_url(String blackduck_download_url) {
         this.blackduck_download_url = Util.fixEmptyAndTrim(blackduck_download_url);
     }
 
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_create(Boolean blackduck_reports_sarif_create) {
+        this.blackduck_reports_sarif_create = blackduck_reports_sarif_create ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_file_path(String blackduck_reports_sarif_file_path) {
+        this.blackduck_reports_sarif_file_path = Util.fixEmptyAndTrim(blackduck_reports_sarif_file_path);
+    }
+
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_groupSCAIssues(Boolean blackduck_reports_sarif_groupSCAIssues) {
+        this.blackduck_reports_sarif_groupSCAIssues = blackduck_reports_sarif_groupSCAIssues ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_severities(String blackduck_reports_sarif_severities) {
+        this.blackduck_reports_sarif_severities = Util.fixEmptyAndTrim(blackduck_reports_sarif_severities);
+    }
+
     @DataBoundSetter
     public void setCoverity_url(String coverity_url) {
         this.coverity_url = coverity_url;
@@ -345,6 +410,31 @@ public void setPolaris_branch_name(String polaris_branch_name) {
         this.polaris_branch_name = Util.fixEmptyAndTrim(polaris_branch_name);
     }
 
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_create(Boolean polaris_reports_sarif_create) {
+        this.polaris_reports_sarif_create = polaris_reports_sarif_create ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_file_path(String polaris_reports_sarif_file_path) {
+        this.polaris_reports_sarif_file_path = Util.fixEmptyAndTrim(polaris_reports_sarif_file_path);
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_groupSCAIssues(Boolean polaris_reports_sarif_groupSCAIssues) {
+        this.polaris_reports_sarif_groupSCAIssues = polaris_reports_sarif_groupSCAIssues ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_severities(String polaris_reports_sarif_severities) {
+        this.polaris_reports_sarif_severities = Util.fixEmptyAndTrim(polaris_reports_sarif_severities);
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_issue_types(String polaris_reports_sarif_issue_types) {
+        this.polaris_reports_sarif_issue_types = Util.fixEmptyAndTrim(polaris_reports_sarif_issue_types);
+    }
+
     @DataBoundSetter
     public void setBitbucket_token(String bitbucket_token) {
         this.bitbucket_token = bitbucket_token;

diff --git a/...n/java/io/jenkins/plugins/synopsys/security/scan/extension/pipeline/SecurityScanStep.java b/...n/java/io/jenkins/plugins/synopsys/security/scan/extension/pipeline/SecurityScanStep.java
@@ -81,7 +81,16 @@ public class SecurityScanStep extends Step implements SecurityScan, Serializable
     private String synopsys_bridge_install_directory;
     private Boolean include_diagnostics;
     private Boolean network_airgap;
+    private Boolean blackduck_reports_sarif_create;
+    private String blackduck_reports_sarif_file_path;
+    private Boolean blackduck_reports_sarif_groupSCAIssues;
+    private String blackduck_reports_sarif_severities;
     private Boolean return_status;
+    private Boolean polaris_reports_sarif_create;
+    private String polaris_reports_sarif_file_path;
+    private String polaris_reports_sarif_issue_types;
+    private Boolean polaris_reports_sarif_groupSCAIssues;
+    private String polaris_reports_sarif_severities;
 
     @DataBoundConstructor
     public SecurityScanStep() {
@@ -228,6 +237,42 @@ public Boolean isReturn_status() {
         return return_status;
     }
 
+    public Boolean isBlackduck_reports_sarif_create() {
+        return blackduck_reports_sarif_create;
+    }
+
+    public String getBlackduck_reports_sarif_file_path() {
+        return blackduck_reports_sarif_file_path;
+    }
+
+    public Boolean isBlackduck_reports_sarif_groupSCAIssues() {
+        return blackduck_reports_sarif_groupSCAIssues;
+    }
+
+    public String getBlackduck_reports_sarif_severities() {
+        return blackduck_reports_sarif_severities;
+    }
+
+    public Boolean isPolaris_reports_sarif_create() {
+        return polaris_reports_sarif_create;
+    }
+
+    public String getPolaris_reports_sarif_file_path() {
+        return polaris_reports_sarif_file_path;
+    }
+
+    public Boolean isPolaris_reports_sarif_groupSCAIssues() {
+        return polaris_reports_sarif_groupSCAIssues;
+    }
+
+    public String getPolaris_reports_sarif_severities() {
+        return polaris_reports_sarif_severities;
+    }
+
+    public String getPolaris_reports_sarif_issue_types() {
+        return polaris_reports_sarif_issue_types;
+    }
+
     @DataBoundSetter
     public void setProduct(String product) {
         this.product = product;
@@ -404,6 +449,51 @@ public void setReturn_status(Boolean return_status) {
         this.return_status = return_status ? true : null;
     }
 
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_create(Boolean blackduck_reports_sarif_create) {
+        this.blackduck_reports_sarif_create = blackduck_reports_sarif_create ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_file_path(String blackduck_reports_sarif_file_path) {
+        this.blackduck_reports_sarif_file_path = Util.fixEmptyAndTrim(blackduck_reports_sarif_file_path);
+    }
+
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_groupSCAIssues(Boolean blackduck_reports_sarif_groupSCAIssues) {
+        this.blackduck_reports_sarif_groupSCAIssues = blackduck_reports_sarif_groupSCAIssues ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setBlackduck_reports_sarif_severities(String blackduck_reports_sarif_severities) {
+        this.blackduck_reports_sarif_severities = Util.fixEmptyAndTrim(blackduck_reports_sarif_severities);
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_create(Boolean polaris_reports_sarif_create) {
+        this.polaris_reports_sarif_create = polaris_reports_sarif_create ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_file_path(String polaris_reports_sarif_file_path) {
+        this.polaris_reports_sarif_file_path = Util.fixEmptyAndTrim(polaris_reports_sarif_file_path);
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_groupSCAIssues(Boolean polaris_reports_sarif_groupSCAIssues) {
+        this.polaris_reports_sarif_groupSCAIssues = polaris_reports_sarif_groupSCAIssues ? true : null;
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_severities(String polaris_reports_sarif_severities) {
+        this.polaris_reports_sarif_severities = Util.fixEmptyAndTrim(polaris_reports_sarif_severities);
+    }
+
+    @DataBoundSetter
+    public void setPolaris_reports_sarif_issue_types(String polaris_reports_sarif_issue_types) {
+        this.polaris_reports_sarif_issue_types = Util.fixEmptyAndTrim(polaris_reports_sarif_issue_types);
+    }
+
     private Map<String, Object> getParametersMap(FilePath workspace, TaskListener listener)
             throws PluginExceptionHandler {
         return ScanParametersFactory.preparePipelineParametersMap(