fix(credentialdiggerScan): get_discoveries and docker image (#4613)

* Improve logs of credentialdiggerScan step * 'Restore step' * Use dockerhub image for Credential Digger * Regenerate credentialdiggerScan * Update docker image tag * Fix report generation with exportAll * Update docker image for credentialdiggerScan * Regenerate credentialdiggerScan step with new docker image * Dont duplicate step name with log.Entry() * Refactor RepoURL according to #4639 --------- Co-authored-by: Marcus Holl <[email protected]> Co-authored-by: Googlom <[email protected]>
SAP · Jul 4, 2024 · 64aabd8 · 64aabd8
1 parent 4a4c13f
commit 64aabd8
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 16 deletions.
diff --git a/cmd/credentialdiggerScan.go b/cmd/credentialdiggerScan.go
@@ -45,16 +45,19 @@ func credentialdiggerScan(config credentialdiggerScanOptions, telemetryData *tel
  provider, prov_err := orchestrator.GetOrchestratorConfigProvider(nil)
  if prov_err != nil {
  log.Entry().WithError(prov_err).Error(
- "credentialdiggerScan: unable to load orchestrator specific configuration.")
+ "Unable to load orchestrator specific configuration.")
  }
  if config.Repository == "" {
  // Get current repository from orchestrator
+ log.Entry().Debug("Repository URL not defined in step configuration. Try get it from orchestrators")
  repoUrlOrchestrator := provider.RepoURL()
  if repoUrlOrchestrator == "n/a" {
  // Jenkins configuration error
- log.Entry().WithError(errors.New(
-  fmt.Sprintf("Unknown repository URL %s", repoUrlOrchestrator))).Error(
+ configError := errors.New(fmt.Sprintf("Unknown repository URL %s", repoUrlOrchestrator))
+ log.Entry().WithError(configError).Error(
  "Repository URL n/a. Please verify git plugin is installed.")
+ // The repository to scan was not identified. Return an error
+ return configError
  }
  config.Repository = repoUrlOrchestrator
  log.Entry().Debug("Use current repository: ", repoUrlOrchestrator)
@@ -69,7 +72,7 @@ func credentialdiggerScan(config credentialdiggerScanOptions, telemetryData *tel
  log.Entry().Info("Load rules")
  err := credentialdiggerAddRules(&config, telemetryData, utils)
  if err != nil {
- log.Entry().Error("credentialdiggerScan: Failed running credentialdigger add_rules")
+ log.Entry().Error("Failed running credentialdigger add_rules")
  return err
  }
  log.Entry().Info("Rules added")
@@ -93,17 +96,21 @@ func credentialdiggerScan(config credentialdiggerScanOptions, telemetryData *tel
  }
  // err is an error exit number when there are findings
  if err == nil {
- log.Entry().Info("No discoveries found in this repo")
- // If there are no findings, there is no need to export an empty report
- return nil
+ log.Entry().Info("No leaks found in this repo with scan")
+ // Even if there are no leaks, the user may still want to export all
+ // the discoveries (param exportAll set to true)
  }
 
  // 3: Get discoveries
  err = credentialdiggerGetDiscoveries(&config, telemetryData, utils)
  if err != nil {
- // The exit number is the number of discoveries
+ // The exit number is the number of discoveries exported
  // Therefore, this error is not relevant, if raised
  log.Entry().Warn("There are findings to review")
+ } else {
+ // There are no discoveries exported, so no need to generate the
+ // artifact
+ return nil
  }
 
  // 4: Export report in workspace
@@ -149,7 +156,8 @@ func credentialdiggerAddRules(config *credentialdiggerScanOptions, telemetryData
  log.Entry().Debug("Use a local ruleset")
  // Use rules defined in stashed file
  if hasRulesFile(config.RulesFile, service) {
- log.Entry().WithField("file", config.RulesFile).Info("Use stashed rules file from repository")
+ log.Entry().WithField("file", config.RulesFile).Info(
+ "Use stashed rules file from repository")
  ruleFile = config.RulesFile
  } else {
  log.Entry().Info("Use standard pre-defined rules")
@@ -167,14 +175,15 @@ func credentialdiggerGetDiscoveries(config *credentialdiggerScanOptions, telemet
  // Export all the discoveries or export only new ones
  if !config.ExportAll {
  cmd_list = append(cmd_list, "--state", "new")
+ } else {
+ log.Entry().Info("Export all discoveries")
  }
  err := executeCredentialDiggerProcess(service, cmd_list)
  if err != nil {
- log.Entry().Error("credentialdiggerScan: Failed running credentialdigger get_discoveries")
- log.Entry().Error(err)
+ log.Entry().Warn("Report generated")
  return err
  }
- log.Entry().Info("Scan complete")
+ log.Entry().Info("Scan complete with no potential leaks")
  return nil
 }
 
@@ -203,7 +212,8 @@ func credentialdiggerBuildCommonArgs(config *credentialdiggerScanOptions) []stri
 }
 
 func credentialdiggerScanSnapshot(config *credentialdiggerScanOptions, telemetryData *telemetry.CustomData, service credentialdiggerUtils) error {
- log.Entry().Infof("Scan Snapshot %v from repo %v", config.Snapshot, config.Repository)
+ log.Entry().Infof(
+ "Scan Snapshot %v from repo %v", config.Snapshot, config.Repository)
  cmd_list := []string{"scan_snapshot",
  "--snapshot", config.Snapshot}
  cmd_list = append(cmd_list, credentialdiggerBuildCommonArgs(config)...)
@@ -218,7 +228,8 @@ func credentialdiggerScanSnapshot(config *credentialdiggerScanOptions, telemetry
 }
 
 func credentialdiggerScanPR(config *credentialdiggerScanOptions, telemetryData *telemetry.CustomData, service credentialdiggerUtils) error {
- log.Entry().Infof("Scan PR %v from repo %v", config.PrNumber, config.Repository)
+ log.Entry().Infof(
+ "Scan PR %v from repo %v", config.PrNumber, config.Repository)
  cmd_list := []string{"scan_pr",
  "--pr", strconv.Itoa(config.PrNumber),
  "--api_endpoint", config.APIURL}

diff --git a/cmd/credentialdiggerScan_generated.go b/cmd/credentialdiggerScan_generated.go
diff --git a/resources/metadata/credentialdiggerScan.yaml b/resources/metadata/credentialdiggerScan.yaml
@@ -121,4 +121,4 @@ spec:
  - filePattern: "**/report*.csv"
  type: credentialdigger-report
  containers:
- - image: "credentialdigger.int.repositories.cloud.sap/credential_digger:4.9.2"
+ - image: saposs/credentialdigger:4.14.0