From 211837aec63887138a76a7315db6b893e90bb41f Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Tue, 25 Jun 2024 17:19:43 -0600
Subject: [PATCH 1/7] Include links to the Evergreen build and to the driver
 security testing summary in the SSDLC report

JAVA-5500
---
 .evergreen/ssdlc-report.sh                    | 28 ++++++++++++-
 .../template_ssdlc_compliance_report.md       | 39 +++++++++----------
 2 files changed, 44 insertions(+), 23 deletions(-)
diff --git a/.evergreen/ssdlc-report.sh b/.evergreen/ssdlc-report.sh
index b05e510c66b..16f294dab54 100755
--- a/.evergreen/ssdlc-report.sh
+++ b/.evergreen/ssdlc-report.sh
@@ -28,6 +28,28 @@ declare -r SSDLC_STATIC_ANALYSIS_REPORTS_PATH="${SSDLC_PATH}/static-analysis-rep
 mkdir "${SSDLC_PATH}"
 mkdir "${SSDLC_STATIC_ANALYSIS_REPORTS_PATH}"
 
+declare -r EVERGREEN_PROJECT_NAME_PREFIX="${PRODUCT_NAME//-/_}"
+declare -r EVERGREEN_BUILD_URL_PREFIX="https://spruce.mongodb.com/version"
+declare -r GIT_TAG="r${PRODUCT_VERSION}"
+GIT_COMMIT_HASH="$(git rev-list -n 1 "${GIT_TAG}")"
+set +e
+    GIT_BRANCH_MASTER="$(git branch -a --contains "${GIT_TAG}" | grep 'master$')"
+    GIT_BRANCH_PATCH="$(git branch -a --contains "${GIT_TAG}" | grep '\.x$')"
+set -e
+if [ -n "${GIT_BRANCH_MASTER}" ]; then
+    declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${GIT_COMMIT_HASH}"
+elif [ -n "${GIT_BRANCH_PATCH}" ]; then
+    declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION:0:3}"
+    declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${EVERGREEN_PROJECT_NAME_SUFFIX}_${GIT_COMMIT_HASH}"
+else
+    echo "Failed to compute EVERGREEN_BUILD_URL"
+    exit 1
+fi
+printf "\nEvergreen build URL: %s\n" "${EVERGREEN_BUILD_URL}"
+
+PRODUCT_RELEASE_CREATOR="$(git log "${GIT_TAG}"^.."${GIT_TAG}" --simplify-by-decoration --pretty='format:%aN')"
+printf "\nProduct release creator: %s\n" "${PRODUCT_RELEASE_CREATOR}"
+
 printf "\nCreating SpotBugs SARIF reports\n"
 ./gradlew -version
 set +e
@@ -52,14 +74,16 @@ declare -r SSDLC_REPORT_PATH="${SSDLC_PATH}/ssdlc_compliance_report.md"
 cp "${TEMPLATE_SSDLC_REPORT_PATH}" "${SSDLC_REPORT_PATH}"
 declare -a SED_EDIT_IN_PLACE_OPTION
 if [[ "$OSTYPE" == "darwin"* ]]; then
-  SED_EDIT_IN_PLACE_OPTION=(-i '')
+    SED_EDIT_IN_PLACE_OPTION=(-i '')
 else
-  SED_EDIT_IN_PLACE_OPTION=(-i)
+    SED_EDIT_IN_PLACE_OPTION=(-i)
 fi
 sed "${SED_EDIT_IN_PLACE_OPTION[@]}" \
     -e "s/\${product_name}/${PRODUCT_NAME}/g" \
     -e "s/\${product_version}/${PRODUCT_VERSION}/g" \
     -e "s/\${report_date_utc}/$(date -u +%Y-%m-%d)/g" \
+    -e "s/\${product_release_creator}/${PRODUCT_RELEASE_CREATOR}/g" \
+    -e "s>\${evergreen_build_url}>${EVERGREEN_BUILD_URL}>g" \
     "${SSDLC_REPORT_PATH}"
 printf "%s\n" "${SSDLC_REPORT_PATH}"
 
diff --git a/.evergreen/template_ssdlc_compliance_report.md b/.evergreen/template_ssdlc_compliance_report.md
index 998092b65c9..1e13ec2938a 100644
--- a/.evergreen/template_ssdlc_compliance_report.md
+++ b/.evergreen/template_ssdlc_compliance_report.md
@@ -13,30 +13,18 @@ This report is available at
     <td>${product_version}</td>
   </tr>
   <tr>
-    <th>Report date, UTC</th>
-    <td>${report_date_utc}</td>
-  </tr>
-</table>
-
-## Release creator  
-
-This information is available in multiple ways:
-
-<table>
-  <tr>
-    <th>Evergreen</th>
+    <th>Release creator</th>
     <td>
-        Go to
-        <a href="https://evergreen.mongodb.com/waterfall/mongo-java-driver?bv_filter=Publish%20Release">
-            https://evergreen.mongodb.com/waterfall/mongo-java-driver?bv_filter=Publish%20Release</a>,
-        find the build triggered from Git tag <code>r${product_version}</code>, see who authored it.
+        ${product_release_creator}
+        <p>
+            Refer to data in Papertrail for more details.
+            There is currently no official way to serve that data.
+        </p>        
     </td>
   </tr>
   <tr>
-    <th>Papertrail</th>
-    <td>
-        Refer to data in Papertrail. There is currently no official way to serve that data.
-    </td>
+    <th>Report date, UTC</th>
+    <td>${report_date_utc}</td>
   </tr>
 </table>
 
@@ -55,7 +43,7 @@ is <https://github.com/mongodb/mongo-java-driver/blob/r${product_version}/sbom.j
 
 ## Static analysis findings  
 
-The static analysis findings are all available at
+The static analysis findings are available at
 <https://d-9067613a84.awsapps.com/start/#/console?account_id=857654397073&role_name=Drivers.User&destination=https%3a%2f%2fus-west-1.console.aws.amazon.com%2fs3%2fbuckets%2fjava-driver-release-assets%3fregion%3dus-west-1%26bucketType%3dgeneral%26prefix%3d${product_name}%2f${product_version}%2fstatic-analysis-reports%2f>.
 All the findings in the aforementioned reports
 are either of the MongoDB status "False Positive" or "No Fix Needed",
@@ -63,6 +51,15 @@ because code that has any other findings cannot technically get into the product
 
 <https://github.com/mongodb/mongo-java-driver/blob/r${product_version}/config/spotbugs/exclude.xml> may also be of interest.
 
+## Security testing results
+
+The testing results are available at
+<${evergreen_build_url}>.
+
+See the driver security testing summary
+<https://docs.google.com/document/d/1y2K_RY4GZVXpQvv4JH_35mSzFRTawNJ3mibpvSBU8H0>
+for the description of what is tested.
+
 ## Signature information
 
 The product artifacts are signed.

From 7e8fc344888029ddf21574f2792e3735db29d1d2 Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Tue, 25 Jun 2024 17:59:12 -0600
Subject: [PATCH 2/7] Fix how EVERGREEN_PROJECT_NAME_SUFFIX is computed

JAVA-5500
---
 .evergreen/ssdlc-report.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.evergreen/ssdlc-report.sh b/.evergreen/ssdlc-report.sh
index 16f294dab54..3be53b63e5e 100755
--- a/.evergreen/ssdlc-report.sh
+++ b/.evergreen/ssdlc-report.sh
@@ -39,7 +39,8 @@ set -e
 if [ -n "${GIT_BRANCH_MASTER}" ]; then
     declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${GIT_COMMIT_HASH}"
 elif [ -n "${GIT_BRANCH_PATCH}" ]; then
-    declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION:0:3}"
+    # strip out the patch version
+    declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION%.*}"
     declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${EVERGREEN_PROJECT_NAME_SUFFIX}_${GIT_COMMIT_HASH}"
 else
     echo "Failed to compute EVERGREEN_BUILD_URL"

From 77c25a219593b2fdc90d5dcc73c25b4dc86ffb36 Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Wed, 26 Jun 2024 09:17:43 -0600
Subject: [PATCH 3/7] Don't fail `ssdlc-report.sh` for patch builds due to
 inability to compute the Evergreen URL

JAVA-5500
---
 .evergreen/ssdlc-report.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.evergreen/ssdlc-report.sh b/.evergreen/ssdlc-report.sh
index 3be53b63e5e..bad8bf788dc 100755
--- a/.evergreen/ssdlc-report.sh
+++ b/.evergreen/ssdlc-report.sh
@@ -7,11 +7,11 @@ set -eu
 # PRODUCT_VERSION
 
 if [ -z "${PRODUCT_NAME}" ]; then
-    echo "PRODUCT_NAME must be set to a non-empty string"
+    printf "\nPRODUCT_NAME must be set to a non-empty string\n"
     exit 1
 fi
 if [ -z "${PRODUCT_VERSION}" ]; then
-    echo "PRODUCT_VERSION must be set to a non-empty string"
+    printf "\nPRODUCT_VERSION must be set to a non-empty string\n"
     exit 1
 fi
 
@@ -22,6 +22,8 @@ RELATIVE_DIR_PATH="$(dirname "${BASH_SOURCE[0]:-$0}")"
 source "${RELATIVE_DIR_PATH}/javaConfig.bash"
 
 printf "\nCreating SSDLC reports\n"
+printf "\nProduct name: %s\n" "${PRODUCT_NAME}"
+printf "\nProduct version: %s\n" "${PRODUCT_VERSION}"
 
 declare -r SSDLC_PATH="${RELATIVE_DIR_PATH}/../build/ssdlc"
 declare -r SSDLC_STATIC_ANALYSIS_REPORTS_PATH="${SSDLC_PATH}/static-analysis-reports"
@@ -42,8 +44,10 @@ elif [ -n "${GIT_BRANCH_PATCH}" ]; then
     # strip out the patch version
     declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION%.*}"
     declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${EVERGREEN_PROJECT_NAME_SUFFIX}_${GIT_COMMIT_HASH}"
+elif [[ "${PRODUCT_VERSION}" == *'-'* ]]; then
+    declare -r EVERGREEN_BUILD_URL="https://no-url-for-patch-builds"
 else
-    echo "Failed to compute EVERGREEN_BUILD_URL"
+    printf "\nFailed to compute EVERGREEN_BUILD_URL\n"
     exit 1
 fi
 printf "\nEvergreen build URL: %s\n" "${EVERGREEN_BUILD_URL}"

From db7ccb99f2dd555a6b4ecefd0729e4d4c67cbec8 Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Wed, 26 Jun 2024 12:43:16 -0600
Subject: [PATCH 4/7] Improve how the script detects snapshot builds

JAVA-5500
---
 .evergreen/ssdlc-report.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.evergreen/ssdlc-report.sh b/.evergreen/ssdlc-report.sh
index bad8bf788dc..a4313171549 100755
--- a/.evergreen/ssdlc-report.sh
+++ b/.evergreen/ssdlc-report.sh
@@ -44,8 +44,8 @@ elif [ -n "${GIT_BRANCH_PATCH}" ]; then
     # strip out the patch version
     declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION%.*}"
     declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${EVERGREEN_PROJECT_NAME_SUFFIX}_${GIT_COMMIT_HASH}"
-elif [[ "${PRODUCT_VERSION}" == *'-'* ]]; then
-    declare -r EVERGREEN_BUILD_URL="https://no-url-for-patch-builds"
+elif [[ "${PRODUCT_NAME}" == *'-snapshot' ]]; then
+    declare -r EVERGREEN_BUILD_URL="https://no-url-for-snapshot-builds"
 else
     printf "\nFailed to compute EVERGREEN_BUILD_URL\n"
     exit 1

From 81e4f4dfdb05b8c3b65b1145e6a3f659b096cb66 Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Thu, 27 Jun 2024 15:18:15 -0600
Subject: [PATCH 5/7] Do not generate a fake Evergreen link for snapshot builds

JAVA-5500
---
 .evergreen/ssdlc-report.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.evergreen/ssdlc-report.sh b/.evergreen/ssdlc-report.sh
index a4313171549..638a5b22648 100755
--- a/.evergreen/ssdlc-report.sh
+++ b/.evergreen/ssdlc-report.sh
@@ -45,7 +45,7 @@ elif [ -n "${GIT_BRANCH_PATCH}" ]; then
     declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION%.*}"
     declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${EVERGREEN_PROJECT_NAME_SUFFIX}_${GIT_COMMIT_HASH}"
 elif [[ "${PRODUCT_NAME}" == *'-snapshot' ]]; then
-    declare -r EVERGREEN_BUILD_URL="https://no-url-for-snapshot-builds"
+    declare -r EVERGREEN_BUILD_URL="cannot-compute-evergreen-url-for-snapshot-builds"
 else
     printf "\nFailed to compute EVERGREEN_BUILD_URL\n"
     exit 1

From 0d8f72c4501bcd3f624665d461662ec9e89be411 Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Fri, 28 Jun 2024 01:24:46 -0600
Subject: [PATCH 6/7] Use default Evergreen expansions to simplify the script

https://docs.devprod.prod.corp.mongodb.com/evergreen/Project-Configuration/Project-Configuration-Files#default-expansions

JAVA-5500
---
 .evergreen/.evg.yml        |  2 ++
 .evergreen/ssdlc-report.sh | 39 +++++++++++++-------------------------
 2 files changed, 15 insertions(+), 26 deletions(-)

diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml
index c0bceb90c70..67b27964c41 100644
--- a/.evergreen/.evg.yml
+++ b/.evergreen/.evg.yml
@@ -150,6 +150,8 @@ functions:
         env:
           PRODUCT_NAME: ${product_name}
           PRODUCT_VERSION: ${product_version}
+          PRODUCT_RELEASE_CREATOR: ${author}
+          EVERGREEN_VERSION_ID: ${version_id}
         script: .evergreen/ssdlc-report.sh
     - command: ec2.assume_role
       params:
diff --git a/.evergreen/ssdlc-report.sh b/.evergreen/ssdlc-report.sh
index 638a5b22648..574cce48b74 100755
--- a/.evergreen/ssdlc-report.sh
+++ b/.evergreen/ssdlc-report.sh
@@ -5,6 +5,8 @@ set -eu
 # Supported/used environment variables:
 # PRODUCT_NAME
 # PRODUCT_VERSION
+# PRODUCT_RELEASE_CREATOR
+# EVERGREEN_VERSION_ID
 
 if [ -z "${PRODUCT_NAME}" ]; then
     printf "\nPRODUCT_NAME must be set to a non-empty string\n"
@@ -14,6 +16,14 @@ if [ -z "${PRODUCT_VERSION}" ]; then
     printf "\nPRODUCT_VERSION must be set to a non-empty string\n"
     exit 1
 fi
+if [ -z "${PRODUCT_RELEASE_CREATOR}" ]; then
+    printf "\PRODUCT_RELEASE_CREATOR must be set to a non-empty string\n"
+    exit 1
+fi
+if [ -z "${EVERGREEN_VERSION_ID}" ]; then
+    printf "\EVERGREEN_VERSION_ID must be set to a non-empty string\n"
+    exit 1
+fi
 
 ############################################
 #            Main Program                  #
@@ -24,37 +34,14 @@ source "${RELATIVE_DIR_PATH}/javaConfig.bash"
 printf "\nCreating SSDLC reports\n"
 printf "\nProduct name: %s\n" "${PRODUCT_NAME}"
 printf "\nProduct version: %s\n" "${PRODUCT_VERSION}"
-
+printf "\nProduct release creator: %s\n" "${PRODUCT_RELEASE_CREATOR}"
+declare -r EVERGREEN_BUILD_URL="https://spruce.mongodb.com/version/${EVERGREEN_VERSION_ID}"
+printf "\nEvergreen build URL: %s\n" "${EVERGREEN_BUILD_URL}"
 declare -r SSDLC_PATH="${RELATIVE_DIR_PATH}/../build/ssdlc"
 declare -r SSDLC_STATIC_ANALYSIS_REPORTS_PATH="${SSDLC_PATH}/static-analysis-reports"
 mkdir "${SSDLC_PATH}"
 mkdir "${SSDLC_STATIC_ANALYSIS_REPORTS_PATH}"
 
-declare -r EVERGREEN_PROJECT_NAME_PREFIX="${PRODUCT_NAME//-/_}"
-declare -r EVERGREEN_BUILD_URL_PREFIX="https://spruce.mongodb.com/version"
-declare -r GIT_TAG="r${PRODUCT_VERSION}"
-GIT_COMMIT_HASH="$(git rev-list -n 1 "${GIT_TAG}")"
-set +e
-    GIT_BRANCH_MASTER="$(git branch -a --contains "${GIT_TAG}" | grep 'master$')"
-    GIT_BRANCH_PATCH="$(git branch -a --contains "${GIT_TAG}" | grep '\.x$')"
-set -e
-if [ -n "${GIT_BRANCH_MASTER}" ]; then
-    declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${GIT_COMMIT_HASH}"
-elif [ -n "${GIT_BRANCH_PATCH}" ]; then
-    # strip out the patch version
-    declare -r EVERGREEN_PROJECT_NAME_SUFFIX="${PRODUCT_VERSION%.*}"
-    declare -r EVERGREEN_BUILD_URL="${EVERGREEN_BUILD_URL_PREFIX}/${EVERGREEN_PROJECT_NAME_PREFIX}_${EVERGREEN_PROJECT_NAME_SUFFIX}_${GIT_COMMIT_HASH}"
-elif [[ "${PRODUCT_NAME}" == *'-snapshot' ]]; then
-    declare -r EVERGREEN_BUILD_URL="cannot-compute-evergreen-url-for-snapshot-builds"
-else
-    printf "\nFailed to compute EVERGREEN_BUILD_URL\n"
-    exit 1
-fi
-printf "\nEvergreen build URL: %s\n" "${EVERGREEN_BUILD_URL}"
-
-PRODUCT_RELEASE_CREATOR="$(git log "${GIT_TAG}"^.."${GIT_TAG}" --simplify-by-decoration --pretty='format:%aN')"
-printf "\nProduct release creator: %s\n" "${PRODUCT_RELEASE_CREATOR}"
-
 printf "\nCreating SpotBugs SARIF reports\n"
 ./gradlew -version
 set +e

From ed6025f103a3448b8ac498411718582406b6d409 Mon Sep 17 00:00:00 2001
From: Valentin Kovalenko <valentin.kovalenko@mongodb.com>
Date: Fri, 28 Jun 2024 01:28:27 -0600
Subject: [PATCH 7/7] Fix a typo in `template_ssdlc_compliance_report.md`

JAVA-5500
---
 .evergreen/template_ssdlc_compliance_report.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.evergreen/template_ssdlc_compliance_report.md b/.evergreen/template_ssdlc_compliance_report.md
index 1e13ec2938a..adadc60fd71 100644
--- a/.evergreen/template_ssdlc_compliance_report.md
+++ b/.evergreen/template_ssdlc_compliance_report.md
@@ -35,7 +35,7 @@ Blocked on <https://jira.mongodb.org/browse/JAVA-5429>.
 The MongoDB SSDLC policy is available at
 <https://docs.google.com/document/d/1u0m4Kj2Ny30zU74KoEFCN4L6D_FbEYCaJ3CQdCYXTMc>.
 
-## Third-darty dependency information
+## Third-party dependency information
 
 There are no dependencies to report vulnerabilities of.
 Our [SBOM](https://docs.devprod.prod.corp.mongodb.com/mms/python/src/sbom/silkbomb/docs/CYCLONEDX/) lite

Evergreen	Release creator	- Go to - - https://evergreen.mongodb.com/waterfall/mongo-java-driver?bv_filter=Publish%20Release, - find the build triggered from Git tag `r${product_version}`, see who authored it. + ${product_release_creator} + + Refer to data in Papertrail for more details. + There is currently no official way to serve that data. +
Papertrail	- Refer to data in Papertrail. There is currently no official way to serve that data. -	Report date, UTC	${report_date_utc}