Added support for including package manager config files in the SCA s…

…can.

Also added help documentation.

src/main/java/com/checkmarx/jenkins/CxScanBuilder.java

@@ -20,6 +20,7 @@
 import com.cx.restclient.ast.dto.sca.AstScaResults;
 import com.cx.restclient.dto.SourceLocationType;
 import com.cx.restclient.sast.utils.LegacyClient;
+import com.cx.restclient.sca.utils.CxSCAFileSystemUtils;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import freemarker.template.TemplateException;
 import hudson.*;
@@ -952,11 +953,11 @@ private void configureDependencyScan(Run<?, ?> run, DescriptorImpl descriptor, E
             config.setOsaArchiveIncludePatterns(effectiveConfig.osaArchiveIncludePatterns.trim());
             config.setOsaRunInstall(effectiveConfig.osaInstallBeforeScan);
         } else if (config.isAstScaEnabled()) {
-            config.setAstScaConfig(getScaConfig(run, effectiveConfig));
+            config.setAstScaConfig(getScaConfig(run, env ,effectiveConfig));
         }
     }
 
-    private AstScaConfig getScaConfig(Run<?, ?> run, DependencyScanConfig dsConfig) {
+    private AstScaConfig getScaConfig(Run<?, ?> run, EnvVars env, DependencyScanConfig dsConfig) {
         AstScaConfig result = new AstScaConfig();
         result.setApiUrl(dsConfig.scaServerUrl);
         result.setAccessControlUrl(dsConfig.scaAccessControlUrl);
@@ -972,27 +973,11 @@ private AstScaConfig getScaConfig(Run<?, ?> run, DependencyScanConfig dsConfig)
         }
         if(StringUtils.isNotEmpty(dsConfig.scaEnvVariables))
         {
-            result.setEnvVariables(convertStringToKeyValueMap(dsConfig.scaEnvVariables));
+            result.setEnvVariables(CxSCAFileSystemUtils.convertStringToKeyValueMap(env.expand(dsConfig.scaEnvVariables)));
         }
-        return result;
-    }
-
-    private HashMap<String, String> convertStringToKeyValueMap(String envString) {
-
-        HashMap<String, String> envMap = new HashMap<>();
-        //"Key1=Val1,Key2=Val2"
-        String trimmedString = envString.replace("\"","");
-        List<String> envlist = Arrays.asList(trimmedString.split(","));
-
-        for( String variable : envlist)
-        {
-            String[] splitFromEqual = variable.split("=");
-            String key = (splitFromEqual[0]).trim();
-            String value = (splitFromEqual[1]).trim();
-            envMap.put(key, value);
-        }
-        return envMap;
 
+        result.setConfigFilePaths(Arrays.asList(dsConfig.configFilePath));
+        return result;
     }
 
     private ScannerType getDependencyScannerType(CxScanConfig config) {

src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java

@@ -47,6 +47,9 @@ public class DependencyScanConfig {
     @DataBoundSetter
     public String scaEnvVariables;
 
+    @DataBoundSetter
+    public String configFilePath;
+
     @DataBoundConstructor
     public DependencyScanConfig() {
     }

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly

@@ -155,7 +155,9 @@
                         <f:textbox value="${instance.dependencyScanConfig.scaTenant}"/>
                     </f:entry>
                     <f:entry title="SCA Environment Variables" field="scaEnvVariables">
-                        <f:textarea value="${instance.dependencyScanConfig.scaEnvVariables}"/>
+                        <f:textarea value="${instance.dependencyScanConfig.scaEnvVariables}" />
+                    </f:entry>
+                    <f:entry title="Note : To include configuration files from the package managers for the SCA scan, click on the help icon (?) for the instructions." field="scaConfigFilePath">
                     </f:entry>
                     <f:validateButton title="Test Connection" progress="Testing..." method="testScaConnection"
                                       with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant"/>

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaConfigFilePath.html

@@ -0,0 +1,27 @@
+Perform the below steps to include the configuration files in the SCA scan.<br>
+<br>
+1) Install the Jenkins plugin 'Config File Provider Plugin'.<br>
+
+2) Once the above plugin is installed, go to 'Manage Jenkins' -> 'Managed files' and click on 'Add new config' option.<br>
+
+3) Select the type as 'Custom' and click on 'Submit' button.<br>
+
+4) On the next page, provide an appropriate name in the 'Name' textbox that identifies your file and<br>
+   copy the contents of your config file in the 'Content' section. Click on 'Submit' and your file will be ready to use within Jenkins.<br>
+
+5) Go to the Job Configuration by clicking on 'Configure' link on your Job.<br>
+
+6) Under the 'Build Environment' section, select the checkbox named 'Provide Configuration files'<br>
+
+7) Under the 'File' dropdown option, select your desired configuration file name.<br>
+
+8) Under the 'Target' option, provide the path within the workspace where your file will be copied.<br>
+ * It has to be copied under the folder named '.cxsca.configurations'.<br>
+ * Kindly provide the original file name as mentioned in the package manager.<br>
+ * For e.g - For settings.xml, provide '.cxsca.configurations/settings.xml' as the input.<br>
+             For .npmrc file, provide '.cxsca.configurations/.npmrc'<br>
+
+9) The 'Variable' textbox and 'Replace Tokens' checkbox can be left blanked since these are required for the SCA scan.<br>
+
+10) Save the job configuration and the configuration file from the package manager will be used whenever the Job is triggered.<br>
+

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaEnvVariables.html

@@ -1,2 +1,2 @@
-Optional Environment Variables that are used during SCA scan. (e.g- Private Repositories)
-Format : Key1=Val1,Key2=Val2
+Optional Environment Variables that are used during SCA scan. (e.g- for Private Repositories)
+Format : Key1:Val1, Key2:Val2