-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into fix/EDPC-763
- Loading branch information
Showing
95 changed files
with
5,604 additions
and
363 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 62 additions & 0 deletions
62
docs/modules/jenkins-shared-library/partials/odsComponentStageScanWithAqua.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// Document generated by render-adoc.go from odsComponentStageScanWithAqua.adoc.tmpl; DO NOT EDIT. | ||
|
||
The "Aqua Security Scan" stage scans an image that was previously built in that same pipeline run. | ||
|
||
As a result, a Bitbucket Code Insight entry is added to the git commit (in Bitbucket) that basically | ||
contains a link to the scan result on the Aqua platform. The Bitbucket Code Insight entry can be seen in a pull request. | ||
The pull request in Bitbucket shows the Code Insight of the latest commit of the PR. | ||
|
||
To get started, make sure you have a `ConfigMap` in your project-cd namespace in OpenShift that has these fields: | ||
---- | ||
... | ||
metadata: | ||
name: aqua | ||
... | ||
data: | ||
registry: <registry-name-in-aqua-platform> | ||
secretName: <secret-name-of-aqua-user-credentials> | ||
url: <aqua-platform-url> | ||
---- | ||
|
||
. `registry`: Refers to a name for the image registry given in the Aqua platform by an Aqua platform admin. | ||
. `secretName`: Name of a `Secret` that contains the credentials of the Aqua platform user that is used for executing the scan. That user needs to have scanner rights. | ||
. `url`: Base URL of the Aqua platform (including scheme). | ||
|
||
Now, to use the stage, add it in your `Jenkinsfile`, e.g. like this: | ||
---- | ||
) { context -> | ||
... | ||
odsComponentStageScanWithAqua(context) | ||
... | ||
} | ||
---- | ||
|
||
== Options | ||
|
||
[cols="1,2"] | ||
|=== | ||
| Option | Description | ||
|
||
|
||
| *branch* + | ||
_String_ | ||
|Branch to run stage for. | ||
Example: `'master'`. | ||
Next to exact matches, it also supports prefixes (e.g. `feature/`) and all branches (`*`). | ||
|
||
|
||
| *branches* + | ||
_List<String>_ | ||
|Branches to run stage for. | ||
Example: `['master', 'develop']`. | ||
Next to exact matches, it also supports prefixes (e.g. `feature/`) and all branches (`*`). | ||
|
||
|
||
| *resourceName* + | ||
_String_ | ||
|Name of `BuildConfig`/`ImageStream` of the image that we want to scan (defaults to `context.componentId`). | ||
BuildOpenShiftImageStage puts the imageRef into a map with the `resourceName` as key. | ||
In order to be able to receive the imageRef for scanning, the `resourceName` needs | ||
to be the same as in BuildOpenShiftImageStage. | ||
|
||
|=== |
43 changes: 43 additions & 0 deletions
43
docs/modules/jenkins-shared-library/partials/odsComponentStageScanWithAqua.adoc.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
The "Aqua Security Scan" stage scans an image that was previously built in that same pipeline run. | ||
|
||
As a result, a Bitbucket Code Insight entry is added to the git commit (in Bitbucket) that basically | ||
contains a link to the scan result on the Aqua platform. The Bitbucket Code Insight entry can be seen in a pull request. | ||
The pull request in Bitbucket shows the Code Insight of the latest commit of the PR. | ||
|
||
To get started, make sure you have a `ConfigMap` in your project-cd namespace in OpenShift that has these fields: | ||
---- | ||
... | ||
metadata: | ||
name: aqua | ||
... | ||
data: | ||
registry: <registry-name-in-aqua-platform> | ||
secretName: <secret-name-of-aqua-user-credentials> | ||
url: <aqua-platform-url> | ||
---- | ||
|
||
. `registry`: Refers to a name for the image registry given in the Aqua platform by an Aqua platform admin. | ||
. `secretName`: Name of a `Secret` that contains the credentials of the Aqua platform user that is used for executing the scan. That user needs to have scanner rights. | ||
. `url`: Base URL of the Aqua platform (including scheme). | ||
|
||
Now, to use the stage, add it in your `Jenkinsfile`, e.g. like this: | ||
---- | ||
) { context -> | ||
... | ||
odsComponentStageScanWithAqua(context) | ||
... | ||
} | ||
---- | ||
|
||
== Options | ||
|
||
[cols="1,2"] | ||
|=== | ||
| Option | Description | ||
{{range .Options}} | ||
|
||
| *{{.Name}}* + | ||
_{{.Type}}_ | ||
|{{.Description}} | ||
{{end}} | ||
|=== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package org.ods.component | ||
|
||
import groovy.transform.TypeChecked | ||
|
||
@TypeChecked | ||
class ScanWithAquaOptions extends Options { | ||
|
||
/** | ||
* Name of `BuildConfig`/`ImageStream` of the image that we want to scan (defaults to `context.componentId`). | ||
* BuildOpenShiftImageStage puts the imageRef into a map with the `resourceName` as key. | ||
* In order to be able to receive the imageRef for scanning, the `resourceName` needs | ||
* to be the same as in BuildOpenShiftImageStage. */ | ||
String resourceName | ||
|
||
} |
Oops, something went wrong.