-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Yocto Scanner support. #1824
Adding Yocto Scanner support. #1824
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good, thanks!
Can you please update analysis-model version in pom.xml as well?
return false; | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about adding another icon? The default warning icon might be inappropriate for security warnings?
We can select from: https://fontawesome.com/icons/categories/security or https://ionic.io/ionicons
Example code to change the icon: https://github.com/jenkinsci/warnings-ng-plugin/blob/main/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/ErrorProne.java
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diff --git a/plugin/pom.xml b/plugin/pom.xml
index 87a6b108c..b61c37f9f 100644
--- a/plugin/pom.xml
+++ b/plugin/pom.xml
@@ -25,7 +25,7 @@
<changelist>-SNAPSHOT</changelist>
<module.name>${project.groupId}.warnings.ng</module.name>
- <analysis-model-api.version>12.4.0</analysis-model-api.version>
+ <analysis-model-api.version>12.5.0</analysis-model-api.version>
<analysis-model-tests.version>${analysis-model-api.version}</analysis-model-tests.version>
<pull-request-monitoring.version>335.v525cd64ec76b_</pull-request-monitoring.version>
This for the pom
diff --git a/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java b/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java
index c41df8dc4..5e121760f 100644
--- a/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java
+++ b/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java
@@ -5,6 +5,7 @@ import org.jenkinsci.Symbol;
import hudson.Extension;
import io.jenkins.plugins.analysis.core.model.AnalysisModelParser;
+import io.jenkins.plugins.analysis.core.model.SymbolIconLabelProvider;
/**
* Provides a parser and customized messages for Yocto Scanner CLI (scannercli) reports.
@@ -42,5 +43,10 @@ public class YoctoScanner extends AnalysisModelParser {
public boolean isPostProcessingEnabled() {
return false;
}
+
+ @Override
+ public StaticAnalysisLabelProvider getLabelProvider() {
+ return new SymbolIconLabelProvider(getId(), getDisplayName(), getDescriptionProvider(), "symbol-solid/bug plugin-font-awesome-api");
+ }
how icon are loaded?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Icons are part of a different plug-in and are referenced in the UI.
The bug is used for bug finders so you better should use a different one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is not available. You need to choose a free one, there is a checkbox
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@uhafner Add the icon and tested, include the pom.xml change
61e05ca
to
2719644
Compare
Update the pom plugin of analysis-model-api-plugin to 12.6.0 that include the yocto scanner model. The yocto scanner will use the icon from https://fontawesome.com/icons/shield-halved?f=classic&s=solid Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
2719644
to
77f98ca
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1824 +/- ##
============================================
- Coverage 82.64% 82.57% -0.08%
+ Complexity 1361 1360 -1
============================================
Files 248 249 +1
Lines 5226 5233 +7
Branches 402 402
============================================
+ Hits 4319 4321 +2
- Misses 798 802 +4
- Partials 109 110 +1 ☔ View full report in Codecov by Sentry. |
Thanks! |
Yocto project support CVE security vulnerabilities using cve-check in the specific image or target you are building, add the following setting to your configuration:
INHERIT += "cve-check"
status of each CVE: Patched, Unpatched or Ignored
The scanner look only for Unpatched package and calculate the severity using the score_v2 or score_v3
Testing done
Cloned https://github.com/uhafner/warnings-ng-plugin-devenv.git
Apply this patch and the pull request of new Yocto Parser
Deploy on personal jenkins installation