malwareExecuteScan¶
Performs a malware scan using the SAP Malware Scanning Service.
Parameters¶
Overview - Step¶
Name | Mandatory | Additional information |
---|---|---|
buildTool | yes | |
host | yes | |
password | (yes) | malwareScanCredentialsId ) |
script | (yes) | |
username | (yes) | malwareScanCredentialsId ) |
containerRegistryPassword | no | |
containerRegistryUser | no | |
dockerConfigJSON | no | dockerConfigJsonCredentialsId ) |
reportFileName | no | |
scanFile | no | |
scanImage | no | |
scanImageRegistryUrl | no | |
timeout | no | |
verbose | no | activates debug output |
Overview - Execution Environment¶
Orchestrator-specific only
These parameters are relevant for orchestrator usage and not considered when using the command line option.
Name | Mandatory | Additional information |
---|---|---|
Details¶
buildTool¶
Defines the tool which is used for building the artifact.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_buildTool (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: buildTool |
containerRegistryPassword¶
For buildTool: docker
: Password for container registry access - typically provided by the CI/CD environment.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_containerRegistryPassword (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/repositoryPassword commonPipelineEnvironment: reference to: custom/repositoryPassword |
containerRegistryUser¶
For buildTool: docker
: Username for container registry access - typically provided by the CI/CD environment.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_containerRegistryUser (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/repositoryUsername commonPipelineEnvironment: reference to: custom/repositoryUsername |
dockerConfigJSON¶
Path to the file .docker/config.json
- this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the Docker documentation.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_dockerConfigJSON (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: custom/dockerConfigJSON Jenkins credential id: id: dockerConfigJsonCredentialsId Vault paths:
|
host¶
malware scanning host.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_host (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
password¶
Password
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_password (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: malwareScanCredentialsId reference to: password Vault paths:
|
reportFileName¶
The file name of the report to be created
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | malwarescan_report.json |
Secret | no |
Configuration scope |
|
Resource references | none |
scanFile¶
The file which is scanned for malware
Scope | Details |
---|---|
Aliases | file (deprecated) |
Type | string |
Mandatory | no |
Default | $PIPER_scanFile (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
scanImage¶
For buildTool: docker
: Defines the docker image which should be scanned.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_scanImage (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/imageNameTag |
scanImageRegistryUrl¶
For buildTool: docker
: Defines the registry where the scanImage is located.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_scanImageRegistryUrl (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/registryUrl |
script¶
Jenkins-specific: Used for proper environment setup.
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this
parameter, as in script: this
. This allows the function to access the commonPipelineEnvironment
for retrieving, e.g. configuration parameters.
Scope | Details |
---|---|
Aliases | - |
Type | Jenkins Script |
Mandatory | yes |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
timeout¶
timeout for http layer in seconds
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | 600 |
Secret | no |
Configuration scope |
|
Resource references | none |
username¶
User
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_username (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: malwareScanCredentialsId reference to: username Vault paths:
|
verbose¶
verbose output
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
malwareScanCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Configuration scope |
|
Exceptions¶
None
Examples¶
malwareExecuteScan script: this
configuration
steps:
malwareExecuteScan:
file: myFile.zip
host: https://malwarescanner.example.sap.com
malwareScanCredentialsId: MALWARESCAN