malwareExecuteScan¶
Performs a malware scan using the SAP Malware Scanning Service.
Parameters¶
Overview - Step¶
Name | Mandatory | Additional information |
---|---|---|
buildTool | yes | |
host | yes | |
password | (yes) | malwareScanCredentialsId ) |
script | (yes) | |
username | (yes) | malwareScanCredentialsId ) |
containerRegistryPassword | no | |
containerRegistryUser | no | |
dockerConfigJSON | no | dockerConfigJsonCredentialsId ) |
reportFileName | no | |
scanFile | no | |
scanImage | no | |
scanImageRegistryUrl | no | |
timeout | no | |
verbose | no | activates debug output |
Overview - Execution Environment¶
Orchestrator-specific only
These parameters are relevant for orchestrator usage and not considered when using the command line option.
Name | Mandatory | Additional information |
---|---|---|
Details¶
buildTool¶
Defines the tool which is used for building the artifact.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_buildTool (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: buildTool |
containerRegistryPassword¶
For buildTool: docker
: Password for container registry access - typically provided by the CI/CD environment.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_containerRegistryPassword (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/repositoryPassword commonPipelineEnvironment: reference to: custom/repositoryPassword |
containerRegistryUser¶
For buildTool: docker
: Username for container registry access - typically provided by the CI/CD environment.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_containerRegistryUser (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/repositoryUsername commonPipelineEnvironment: reference to: custom/repositoryUsername |
dockerConfigJSON¶
Path to the file .docker/config.json
- this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the Docker documentation.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_dockerConfigJSON (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: custom/dockerConfigJSON Jenkins credential id: id: dockerConfigJsonCredentialsId Vault resource: name: dockerConfigFileVaultSecretName default value: docker-config Vault paths:
|
host¶
malware scanning host.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_host (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
password¶
Password
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_password (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: malwareScanCredentialsId reference to: password Vault resource: name: malwareScanPasswordVaultSecretName default value: malware-scan Vault paths:
|
reportFileName¶
The file name of the report to be created
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | malwarescan_report.json |
Secret | no |
Configuration scope |
|
Resource references | none |
scanFile¶
The file which is scanned for malware
Scope | Details |
---|---|
Aliases | file (deprecated) |
Type | string |
Mandatory | no |
Default | $PIPER_scanFile (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
scanImage¶
For buildTool: docker
: Defines the docker image which should be scanned.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_scanImage (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/imageNameTag |
scanImageRegistryUrl¶
For buildTool: docker
: Defines the registry where the scanImage is located.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_scanImageRegistryUrl (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/registryUrl |
script¶
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this
parameter, as in script: this
. This allows the function to access the commonPipelineEnvironment
for retrieving, e.g. configuration parameters.
Scope | Details |
---|---|
Aliases | - |
Type | Jenkins Script |
Mandatory | yes |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
timeout¶
timeout for http layer in seconds
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | 600 |
Secret | no |
Configuration scope |
|
Resource references | none |
username¶
User
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_username (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: malwareScanCredentialsId reference to: username Vault resource: name: malwareScanUsernameVaultSecretName default value: malware-scan Vault paths:
|
verbose¶
verbose output
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
malwareScanCredentialsId¶
Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Configuration scope |
|
Exceptions¶
None
Examples¶
malwareExecuteScan script: this
configuration
steps:
malwareExecuteScan:
file: myFile.zip
host: https://malwarescanner.example.sap.com
malwareScanCredentialsId: MALWARESCAN