fortifyExecuteScan¶
This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.
Description¶
This step executes a Fortify scan on the specified project to perform static code analysis and check the source code for security flaws.
The Fortify step triggers a scan locally on your Jenkins within a docker container so finally you have to supply a docker image with a Fortify SCA and Java plus Maven / Gradle or alternatively Python installed into it for being able to perform any scans.
Scanning MTA projects
Build type maven requires a so called aggregator pom which includes all modules to be scanned. If used in a mta-project which includes non-java submodules as maven dependency (e.g. node via frontend-maven-plugin), exclude those by specifying java path explicitly, e.g. java/**/src/main/java/**/*.
Besides triggering a scan the step verifies the results after they have been uploaded and processed by the Fortify SSC. By default the following KPIs are enforced: * All issues must be audited from the Corporate Security Requirements folder. * All issues must be audited from the Audit All folder. * At least one issue per category must be audited from the Spot Checks of Each Category folder. * Nothing needs to be audited from the Optional folder.
Usage¶
We recommend to define values of step parameters via .pipeline/config.yml file.
In this case, calling the step is essentially reduced to defining the step name.
Calling the step can be done either in an orchestrator specific way (e.g. via a Jenkins library step) or on the command line.
library('piper-lib-os')
fortifyExecuteScan script: this
piper fortifyExecuteScan
Outputs¶
| Output type | Details |
|---|---|
| influx | measurement step_data
fortify_data |
Parameters¶
Overview - Step¶
pass via ENV, Vault or Jenkins credentials (
Overview - Execution Environment¶
Orchestrator-specific only
These parameters are relevant for orchestrator usage and not considered when using the command line option.
| Name | Mandatory | Additional information |
|---|---|---|
| containerCommand | no |  |
| containerShell | no | |
| dockerEnvVars | no | |
| dockerImage | no | |
| dockerName | no | |
| dockerOptions | no | |
| dockerPullImage | no | |
| dockerVolumeBind | no | |
| dockerWorkspace | no | |
| stashContent | no | |
Details¶
additionalMvnParameters¶
List of additional maven parameters to be used for Fortify mvn command execution.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_additionalMvnParameters (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
additionalScanParameters¶
List of additional scan parameters to be used for Fortify sourceanalyzer command execution.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_additionalScanParameters (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
apiEndpoint¶
Fortify SSC endpoint used for uploading the scan results and checking the audit state
| Scope | Details |
|---|---|
| Aliases | fortifyApiEndpoint |
| Type | string |
| Mandatory | no |
| Default | /api/v1 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
artifactUrl¶
Path/URL pointing to an additional artifact repository for resolution of additional artifacts during the build
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_artifactUrl (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
assignees¶
Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
authToken¶
The FortifyToken to use for authentication
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | yes |
| Default | $PIPER_authToken (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: fortifyCredentialsIdVault resource: name: fortifyVaultSecretNamedefault value: fortifyVault paths:
|
autoCreate¶
Whether Fortify project and project version shall be implicitly auto created in case they cannot be found in the backend
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
autodetectClasspath¶
Whether the classpath is automatically determined via build tool i.e. maven or pip or not at all
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
buildDescriptorExcludeList¶
List of build descriptors and therefore modules to exclude from the scan and assessment activities.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | - unit-tests/pom.xml- integration-tests/pom.xml |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
buildDescriptorFile¶
Path to the build descriptor file addressing the module/folder to be scanned.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | buildTool=maven: ./pom.xmlbuildTool= pip: ./setup.pybuildTool= gradle: ./build.gradle |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
buildTool¶
Scan type used for the step which can be 'maven', 'pip' or 'gradle'
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | maven |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
commitId¶
Set the Git commit ID for identifying artifacts throughout the scan.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_commitId (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: git/commitId |
commitMessage¶
Set the Git commit message for identifying pull request merges throughout the scan.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_commitMessage (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: git/commitMessage |
considerSuspicious¶
Whether suspicious issues should trigger the check to fail or not
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
containerCommand¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Allows to specify start command for container created with dockerImage parameter to overwrite Piper default (/usr/bin/tail -f /dev/null).
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
containerShell¶
Jenkins-specific: Used for proper environment setup.
Allows to specify the shell to be executed for container with containerName.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
convertToSarif¶
Convert the proprietary format of Fortify scan results to the open SARIF standard.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
createResultIssue¶
Whether the step creates a GitHub issue containing the scan results in the originating repo. Since optimized pipelines are headless the creation is implicitly activated for scheduled runs.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: custom/isOptimizedAndScheduled |
customScanVersion¶
Defines a custom version for the Fortify scan which deviates from the typical versioning pattern using version and versioningModel.
It allows to set non-numeric versions as well and supersedes the value of version which is calculated automatically.
The parameter is also used by other scan steps (e.g. Detect, Sonar, WhiteSource) and thus allows a common custom version across scan tools.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_customScanVersion (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
deltaMinutes¶
The number of minutes for which an uploaded FPR artifact is considered to be recent and healthy, if exceeded an error will be thrown
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 5 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerEnvVars¶
Environment variables to set in the container, e.g. [http_proxy: "proxy:8080"].
| Scope | Details |
|---|---|
| Aliases | - |
| Type | map[string]string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerImage¶
Name of the docker image that should be used. If empty, Docker is not used and the command is executed directly on the Jenkins system.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | `` |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerName¶
Kubernetes only: Name of the container launching dockerImage. SideCar only: Name of the container in local network.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerOptions¶
Docker options to be set when starting the container.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerPullImage¶
Set this to 'false' to bypass a docker image pull. Useful during development process. Allows testing of images which are available in the local registry only.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerVolumeBind¶
Jenkins-specific: Used for proper environment setup.
Volumes that should be mounted into the docker container.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | map[string]string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
dockerWorkspace¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
exclude¶
A list of directories/files to be excluded from the scan. Wildcards can be used, e.g., '**/Test.java'. If translate is set, this will ignored. The default value for buildTool: 'maven' is ['**/src/test/**/*'], for buildTool: 'pip' it is ['./**/tests/**/*', './**/setup.py'].
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_exclude (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
filterSetTitle¶
Title of the filter set to use for analysing the results
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | SAP |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
fprDownloadEndpoint¶
Fortify SSC endpoint for FPR downloads
| Scope | Details |
|---|---|
| Aliases | fortifyFprDownloadEndpoint |
| Type | string |
| Mandatory | no |
| Default | /download/currentStateFprDownload.html |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
fprUploadEndpoint¶
Fortify SSC endpoint for FPR uploads
| Scope | Details |
|---|---|
| Aliases | fortifyFprUploadEndpoint |
| Type | string |
| Mandatory | no |
| Default | /upload/resultFileUpload.html |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
githubApiUrl¶
Set the GitHub API URL.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | https://api.github.com |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
githubToken¶
GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
| Scope | Details |
|---|---|
| Aliases | access_token |
| Type | string |
| Mandatory | no |
| Default | $PIPER_githubToken (if set) |
| Secret | yes |
| Configuration scope |
|
| Resource references | Jenkins credential id: id: githubTokenCredentialsIdVault resource: name: githubVaultSecretNamedefault value: githubVault paths:
|
globalSettingsFile¶
Path to the mvn settings file that should be used as global settings file.
| Scope | Details |
|---|---|
| Aliases | maven/globalSettingsFile |
| Type | string |
| Mandatory | no |
| Default | $PIPER_globalSettingsFile (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
installArtifacts¶
If enabled, it will install all artifacts to the local maven repository to make them available before running Fortify. This is required if any maven module has dependencies to other modules in the repository and they were not installed before.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
m2Path¶
Path to the location of the local repository that should be used.
| Scope | Details |
|---|---|
| Aliases | maven/m2Path |
| Type | string |
| Mandatory | no |
| Default | $PIPER_m2Path (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
memory¶
The amount of memory granted to the translate/scan executions
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | -Xmx4G -Xms512M |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
modulePath¶
Allows providing the path for the module to scan
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | ./ |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
mustAuditIssueGroups¶
Comma separated list of issue groups that must be audited completely
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | Corporate Security Requirements, Audit All |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
owner¶
Set the GitHub organization.
| Scope | Details |
|---|---|
| Aliases | githubOrg |
| Type | string |
| Mandatory | no |
| Default | $PIPER_owner (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: github/owner |
pollingMinutes¶
The number of minutes for which an uploaded FPR artifact''s status is being polled to finish queuing/processing, if exceeded polling will be stopped and an error will be thrown
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 30 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
projectName¶
The project used for reporting results in SSC
| Scope | Details |
|---|---|
| Aliases | fortifyProjectName |
| Type | string |
| Mandatory | no |
| Default | {{list .GroupID .ArtifactID | join "-" | trimAll "-"}} |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
projectSettingsFile¶
Path to the mvn settings file that should be used as project settings file.
| Scope | Details |
|---|---|
| Aliases | maven/projectSettingsFile |
| Type | string |
| Mandatory | no |
| Default | $PIPER_projectSettingsFile (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
proxy¶
Proxy URL to be used for communication with the Fortify instance.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_proxy (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pullRequestMessageRegex¶
Regex used to identify the PR-XXX reference within the merge commit message
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | .*Merge pull request #(\\d+) from.* |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pullRequestMessageRegexGroup¶
The group number for extracting the pull request id in 'pullRequestMessageRegex'
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 1 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pullRequestName¶
The name of the pull request branch which will trigger creation of a new version in Fortify SSC based on the master branch version
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_pullRequestName (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pythonAdditionalPath¶
A list of additional paths which can be used in buildTool: 'pip' for customization purposes
| Scope | Details |
|---|---|
| Deprecated | this is deprecated |
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | - ./lib- . |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pythonInstallCommand¶
Additional install command that can be run when buildTool: 'pip' is used which allows further customizing the execution environment of the scan
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | {{.Pip}} install --user . |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pythonRequirementsFile¶
The requirements file used in buildTool: 'pip' to populate the build environment with the necessary dependencies
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_pythonRequirementsFile (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pythonRequirementsInstallSuffix¶
The suffix for the command used to install the requirements file in buildTool: 'pip' to populate the build environment with the necessary dependencies
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_pythonRequirementsInstallSuffix (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
pythonVersion¶
Python version to be used in buildTool: 'pip'
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | python3 |
| Possible values | - python3- python2 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
quickScan¶
Whether a quick scan should be performed, please consult the related Fortify documentation on JAM on the impact of this setting
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
reportDownloadEndpoint¶
Fortify SSC endpoint for Report downloads
| Scope | Details |
|---|---|
| Aliases | fortifyReportDownloadEndpoint |
| Type | string |
| Mandatory | no |
| Default | /transfer/reportDownload.html |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
reportTemplateId¶
Report template ID to be used for generating the Fortify report
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 18 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
reportType¶
The type of report to be generated
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | PDF |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
reporting¶
Influences whether a report is generated or not
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
repository¶
Set the GitHub repository.
| Scope | Details |
|---|---|
| Aliases | githubRepo |
| Type | string |
| Mandatory | no |
| Default | $PIPER_repository (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: github/repository |
script¶
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | Jenkins Script |
| Mandatory | yes |
| Default | |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
serverUrl¶
Fortify SSC Url to be used for accessing the APIs
| Scope | Details |
|---|---|
| Aliases | - fortifyServerUrl- sscUrl (deprecated) |
| Type | string |
| Mandatory | yes |
| Default | $PIPER_serverUrl (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
spotAuditIssueGroups¶
Comma separated list of issue groups that are spot checked and for which spotCheckMinimum audited issues are enforced
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | Spot Checks of Each Category |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
spotCheckMaximum¶
The maximum number of issues that must be audited per category in the Spot Checks of each Category folder to avoid an error being thrown. Note that this flag depends on the result of spotCheckMinimum. For example if spotCheckMinimum percentage value exceeds spotCheckMaximum then spotCheckMaximum will be considerd else spotCheckMinimum is considered. If value is less than one, this flag will be ignored.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 0 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
spotCheckMinimum¶
The minimum number/percentage of issues that must be audited per category in the Spot Checks of each Category folder to avoid an error being thrown
| Scope | Details |
|---|---|
| Aliases | - |
| Type | int |
| Mandatory | no |
| Default | 1 |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
spotCheckMinimumUnit¶
The unit for the spotCheckMinimum to apply.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | number |
| Possible values | - number- percentage |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
src¶
A list of source directories to scan. Wildcards can be used, e.g., 'src/main/java/**/*'. If 'translate' is set, this will ignored. The default value for buildTool: 'maven' is ['**/*.xml', '**/*.html', '**/*.jsp', '**/*.js', '**/src/main/resources/**/*', '**/src/main/java/**/*', '**/src/gen/java/cds/**/*', '**/target/main/java/**/*', '**/target/main/resources/**/*', '**/target/generated-sources/**/*'], for buildTool: 'pip' it is ['./**/*'].
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | $PIPER_src (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
stashContent¶
Jenkins-specific: Used for proper environment setup.
Specific stashes that should be considered for the step execution.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | []string |
| Mandatory | no |
| Default | - buildDescriptor- deployDescriptor- tests- opensourceConfiguration |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
translate¶
Options for translate phase of Fortify. Most likely, you do not need to set this parameter. See src, exclude. If 'src' and 'exclude' are set they are automatically used. Technical details: It has to be a JSON string of list of maps with required key 'src', and optional keys 'exclude', 'libDirs', 'aspnetcore', and 'dotNetCoreVersion'
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Mandatory | no |
| Default | $PIPER_translate (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
updateRulePack¶
Whether the rule pack shall be updated and pulled from Fortify SSC before scanning or not
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
uploadResults¶
Whether results shall be uploaded or not
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | true |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
verbose¶
verbose output
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
verifyOnly¶
Whether the step shall only apply verification checks or whether it does a full scan and check cycle
| Scope | Details |
|---|---|
| Aliases | - |
| Type | bool |
| Mandatory | no |
| Default | false |
| Possible values | - true- false |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
version¶
Version used in conjunction with versioningModel to identify the Fortify project to be created and used for results aggregation.
This is usually determined automatically based on the information in the buildTool specific build descriptor file.
| Scope | Details |
|---|---|
| Aliases | fortifyProjectVersion (deprecated) |
| Type | string |
| Mandatory | no |
| Default | $PIPER_version (if set) |
| Secret | no |
| Configuration scope |
|
| Resource references | commonPipelineEnvironment: reference to: artifactVersion |
versioningModel¶
The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of 'major', 'major-minor', 'semantic', 'full'
| Scope | Details |
|---|---|
| Aliases | defaultVersioningModel (deprecated) |
| Type | string |
| Mandatory | no |
| Default | major |
| Possible values | - major- major-minor- semantic- full |
| Secret | no |
| Configuration scope |
|
| Resource references | none |
fortifyCredentialsId¶
Jenkins 'Secret text' credentials ID containing token to authenticate to Fortify SSC.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Configuration scope |
|
githubTokenCredentialsId¶
Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.
| Scope | Details |
|---|---|
| Aliases | - |
| Type | string |
| Configuration scope |
|