Skip to content

malwareExecuteScan

Performs a malware scan using the SAP Malware Scanning Service.

Parameters

Overview - Step

Name Mandatory Additional information
buildTool yes
host yes
password (yes) Vault Secret pass via ENV, Vault or Jenkins credentials (malwareScanCredentialsId)
script (yes) Jenkins only reference to Jenkins main pipeline script
username (yes) Vault Secret pass via ENV, Vault or Jenkins credentials (malwareScanCredentialsId)
containerRegistryPassword no Secret pass via ENV or Jenkins credentials
containerRegistryUser no Secret pass via ENV or Jenkins credentials
dockerConfigJSON no Vault Secret pass via ENV, Vault or Jenkins credentials (dockerConfigJsonCredentialsId)
reportFileName no
scanFile no
scanImage no
scanImageIncludeLayers no
scanImageRegistryUrl no
timeout no
verbose no activates debug output

Overview - Execution Environment

Orchestrator-specific only

These parameters are relevant for orchestrator usage and not considered when using the command line option.

Name Mandatory Additional information

Details

buildTool

Defines the tool which is used for building the artifact.

back to overview

Scope Details
Aliases -
Type string
Mandatory yes
Default $PIPER_buildTool (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: buildTool

containerRegistryPassword

For buildTool: docker: Password for container registry access - typically provided by the CI/CD environment.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_containerRegistryPassword (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: custom/repositoryPassword

containerRegistryUser

For buildTool: docker: Username for container registry access - typically provided by the CI/CD environment.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_containerRegistryUser (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: custom/repositoryUsername

dockerConfigJSON

Path to the file .docker/config.json - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the Docker documentation.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_dockerConfigJSON (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: custom/dockerConfigJSON
Jenkins credential id:
  id: dockerConfigJsonCredentialsId

Vault paths:
  • $(vaultPath)/docker-config
  • $(vaultBasePath)/$(vaultPipelineName)/docker-config
  • $(vaultBasePath)/GROUP-SECRETS/docker-config

host

malware scanning host.

back to overview

Scope Details
Aliases -
Type string
Mandatory yes
Default $PIPER_host (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

password

Password

back to overview

Scope Details
Aliases -
Type string
Mandatory yes
Default $PIPER_password (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references Jenkins credential id:
  id: malwareScanCredentialsId
  reference to: password

Vault paths:
  • $(vaultPath)/malware-scan
  • $(vaultBasePath)/$(vaultPipelineName)/malware-scan
  • $(vaultBasePath)/GROUP-SECRETS/malware-scan

reportFileName

The file name of the report to be created

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default malwarescan_report.json
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

scanFile

The file which is scanned for malware

back to overview

Scope Details
Aliases file (deprecated)
Type string
Mandatory no
Default $PIPER_scanFile (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

scanImage

For buildTool: docker: Defines the docker image which should be scanned.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_scanImage (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: container/imageNameTag

scanImageIncludeLayers

For buildTool: docker: Defines if layers should be included.

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default true
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

scanImageRegistryUrl

For buildTool: docker: Defines the registry where the scanImage is located.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_scanImageRegistryUrl (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: container/registryUrl

script

Jenkins-specific: Used for proper environment setup.

The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.

back to overview

Scope Details
Aliases -
Type Jenkins Script
Mandatory yes
Default
Secret no
Configuration scope
  • ☐ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references none

timeout

timeout for http layer in seconds

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default 600
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

username

User

back to overview

Scope Details
Aliases -
Type string
Mandatory yes
Default $PIPER_username (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references Jenkins credential id:
  id: malwareScanCredentialsId
  reference to: username

Vault paths:
  • $(vaultPath)/malware-scan
  • $(vaultBasePath)/$(vaultPipelineName)/malware-scan
  • $(vaultBasePath)/GROUP-SECRETS/malware-scan

verbose

verbose output

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

malwareScanCredentialsId

Jenkins-specific: Used for proper environment setup. See using credentials for details.

Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.

back to overview

Scope Details
Aliases -
Type string
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages

Exceptions

None

Examples

malwareExecuteScan script: this

configuration

steps:
    malwareExecuteScan:
        file: myFile.zip
        host: https://malwarescanner.example.sap.com
        malwareScanCredentialsId: MALWARESCAN