-
-
Notifications
You must be signed in to change notification settings - Fork 64
Expand file tree
/
Copy pathglobal.jelly
More file actions
221 lines (186 loc) · 12.8 KB
/
global.jelly
File metadata and controls
221 lines (186 loc) · 12.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:c="/lib/credentials" xmlns:d="jelly:define"
xmlns:l="/lib/layout"
xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<!-- This Jelly script is used to produce the global configuration option. Jenkins uses a set of tag libraries
to provide uniformity in forms. To determine where this tag is defined, first check the namespace URI, and then
look under $JENKINS/views/. For example, <f:section> is defined in $JENKINS/views/lib/form/section.jelly. It's
also often useful to just check other similar scripts to see what tags they use. Views are always organized according
to its owner class, so it should be straightforward to find them. -->
<f:section title="Checkmarx" name="checkmarx">
<f:invisibleEntry>
<!-- Used for Internet Explorer cache invalidation -->
<f:textbox default="${descriptor.currentTime}" field="timestamp"/>
</f:invisibleEntry>
<f:optionalBlock title="Enable TLS/SSL Server Certificate Validation" inline="true"
field="enableCertificateValidation"/>
<f:entry title="Default Server URL" field="serverUrl">
<f:textbox/>
</f:entry>
<j:if test="${descriptor.isOldCredentials()}">
<f:block>
<div style="font-weight: bold; padding: 8px;">You are currently using the Checkmarx credential method.
To switch to the new Jenkins Credential method, click Add and select your new credentials.
</div>
</f:block>
</j:if>
<f:entry field="credentialsId" title="${%Credentials}">
<c:select/>
</f:entry>
<f:invisibleEntry>
<f:readOnlyTextbox field="username"/>
<f:readOnlyTextbox field="password"/>
</f:invisibleEntry>
<f:optionalBlock title="Use Jenkins proxy" inline="true" field="isProxy" />
<f:validateButton title="Test Connection" progress="Testing..." method="testConnection"
with="enableCertificateValidation,isProxy,serverUrl,username,password,timestamp,credentialsId" />
<f:entry title="Maven Path" field="mvnPath">
<f:textbox/>
</f:entry>
<f:validateButton title="Validate Maven Path" progress="Validating..." method="validateMvnPath"
with="mvnPath"/>
<f:entry title="Default Exclude folders" field="excludeFolders">
<f:textbox/>
</f:entry>
<f:entry title="Default Include/Exclude wildcard patterns" field="filterPattern">
<f:textarea default="${descriptor.DEFAULT_FILTER_PATTERNS}"/>
</f:entry>
<f:optionalBlock title="Deny new Checkmarx projects creation" inline="true" field="prohibitProjectCreation"/>
<f:optionalBlock title="Hide results" inline="true" field="hideResults"/>
<f:optionalBlock title="Remove Html results in Async mode" inline="true" field="asyncHtmlRemoval"/>
<f:entry name="jobGlobalStatusOnError" title="Job status when CxSAST scan returns an error:"
field="jobGlobalStatusOnError">
<f:enum field="jobGlobalStatusOnError">${it.displayName}</f:enum>
</f:entry>
<f:entry title="Sast Comment" field="sastcomment">
<f:textarea default=""/>
</f:entry>
<f:optionalBlock title="Globally Define vulnerability thresholds for all jobs" inline="true"
field="forcingVulnerabilityThresholdEnabled">
<f:optionalBlock title="Always use the defined global vulnerability thresholds" inline="true"
field="lockVulnerabilitySettings"/>
<f:entry title="Build status when results exceed threshold:" field="jobGlobalStatusOnThresholdViolation">
<f:enum>${it.displayName}</f:enum>
</f:entry>
<f:entry title="SAST High severity vulnerabilities threshold" field="highThresholdEnforcement">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST"/>
</f:entry>
<f:entry title="SAST Medium severity vulnerabilities threshold" field="mediumThresholdEnforcement">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST"/>
</f:entry>
<f:entry title="SAST Low severity vulnerabilities threshold" field="lowThresholdEnforcement">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST"/>
</f:entry>
<f:entry title="Dependency scan high severity vulnerabilities threshold" field="osaHighThresholdEnforcement">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST"/>
</f:entry>
<f:entry title="Dependency scan medium severity vulnerabilities threshold" field="osaMediumThresholdEnforcement">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST"/>
</f:entry>
<f:entry title="Dependency scan low severity vulnerabilities threshold" field="osaLowThresholdEnforcement">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST"/>
</f:entry>
</f:optionalBlock>
<f:optionalBlock title="Set job scan timeout threshold" inline="true" field="scanTimeOutEnabled">
<f:entry title="Scan timeout (minutes)" field="scanTimeoutDuration">
<f:number clazz="positive-number" min="0" step="1" default="1" checkMethod="POST" />
</f:entry>
</f:optionalBlock>
<f:optionalBlock title="Continue when timed out" inline="true" field="continueBuildWhenTimedOut">
</f:optionalBlock>
<f:optionalBlock title="Globally define dependency scan settings" field="dependencyScanConfig"
checked="${descriptor.globallyDefineScanSettings}">
<f:entry title="Include/Exclude wildcard patterns" field="dependencyScanPatterns">
<f:textarea value="${descriptor.dependencyScanConfig.dependencyScanPatterns}" />
</f:entry>
<f:entry title="Exclude folders" field="dependencyScanExcludeFolders">
<f:textbox value="${descriptor.dependencyScanConfig.dependencyScanExcludeFolders}" />
</f:entry>
<f:radioBlock checked="${descriptor.dependencyScanConfig.dependencyScannerType == 'OSA'}" inline="true"
name="dependencyScannerType" title="Use CxOSA dependency scanner" value="OSA">
<f:nested>
<f:entry title="Archive extract patterns" field="osaArchiveIncludePatterns">
<f:textbox default="${descriptor.DEFAULT_OSA_ARCHIVE_INCLUDE_PATTERNS}"
value="${descriptor.dependencyScanConfig.osaArchiveIncludePatterns}"/>
</f:entry>
<f:entry title="Execute dependency managers 'install packages' command before Scan"
field="osaInstallBeforeScan">
<f:checkbox checked="${descriptor.dependencyScanConfig.osaInstallBeforeScan}"/>
</f:entry>
</f:nested>
</f:radioBlock>
<f:radioBlock checked="${descriptor.dependencyScanConfig.dependencyScannerType == 'SCA'}"
inline="true" name="dependencyScannerType" title="Use CxSCA dependency scanner" value="SCA">
<f:nested>
<f:entry title="CxSCA API URL" field="scaServerUrl">
<f:textbox default="${descriptor.DEFAULT_SCA_SERVER_URL}"
value="${descriptor.dependencyScanConfig.scaServerUrl}"/>
</f:entry>
<f:entry title="Access control server URL" field="scaAccessControlUrl">
<f:textbox default="${descriptor.DEFAULT_SCA_ACCESS_CONTROL_URL}"
value="${descriptor.dependencyScanConfig.scaAccessControlUrl}"/>
</f:entry>
<f:entry title="CxSCA web app URL" field="scaWebAppUrl">
<f:textbox default="${descriptor.DEFAULT_SCA_WEB_APP_URL}"
value="${descriptor.dependencyScanConfig.scaWebAppUrl}"/>
</f:entry>
<f:entry title="CxSCA credentials" field="scaCredentialsId">
<c:select value="${descriptor.dependencyScanConfig.scaCredentialsId}" />
</f:entry>
<f:description>**Note:SAML and SSO are not supported
</f:description>
<f:entry title="Account" field="scaTenant">
<f:textbox value="${descriptor.dependencyScanConfig.scaTenant}"/>
</f:entry>
<f:entry title="Teampath" field="scaTeamPath">
<f:textbox value="${instance.dependencyScanConfig.scaTeamPath}"/>
</f:entry>
<f:entry title="Project Custom Tags" field="scaProjectCustomTags">
<f:textbox value="${instance.dependencyScanConfig.scaProjectCustomTags}"/>
</f:entry>
<f:entry title="Scan Custom Tags" field="scaScanCustomTags">
<f:textbox value="${instance.dependencyScanConfig.scaScanCustomTags}"/>
</f:entry>
<f:entry title="SCA Scan timeout (minutes)" field="scaTimeout">
<f:textbox value="${descriptor.dependencyScanConfig.scaTimeout}"/>
</f:entry>
<f:validateButton title="Test Connection" progress="Testing..." method="testScaConnection"
with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,scaTimeout,timestamp,isProxy"/>
</f:nested>
<f:radioBlock checked="${descriptor.dependencyScanConfig.enableScaResolver == null || descriptor.dependencyScanConfig.enableScaResolver == 'SCA_RESOLVER'}" inline="true"
name="enableScaResolver" title="Perform SCA scan using dependency resolution by SCA Resolver tool."
value="SCA_RESOLVER">
<!-- Sca Resolver Fields-->
<f:entry title="Path to SCA Resolver" field="pathToScaResolver">
<f:textbox value="${descriptor.dependencyScanConfig.pathToScaResolver}" />
</f:entry>
<f:optionalBlock title="Enable Exploitable Path" field="isGlobalExploitablePathByScaResolver" inline="true" checked="${descriptor.dependencyScanConfig.isGlobalExploitablePathByScaResolver}">
</f:optionalBlock>
<f:entry title="SCA Resolver Additional Parameters" field="globalScaResolverAddParameters">
<f:textarea value="${descriptor.dependencyScanConfig.globalScaResolverAddParameters}" />
</f:entry>
</f:radioBlock>
<f:radioBlock checked="${descriptor.dependencyScanConfig.enableScaResolver == null || descriptor.dependencyScanConfig.enableScaResolver == 'MANIFEST'}" inline="true"
name="enableScaResolver" title="Perform SCA scan by uploading manifests file(s)/source to SCA Service."
value="MANIFEST">
<!-- Non-Sca Resolver Fields-->
<f:entry title="Package Manager's Config File(s) Path" field="scaConfigFile">
<f:textarea value="${descriptor.dependencyScanConfig.scaConfigFile}" />
</f:entry>
<f:entry title="Private Registry Environment Variable" field="scaEnvVariables">
<f:textarea value="${descriptor.dependencyScanConfig.scaEnvVariables}" />
</f:entry>
<f:optionalBlock title="Include Sources" field="isIncludeSources"
inline="true" checked="${instance.dependencyScanConfig.isIncludeSources}"/>
</f:radioBlock>
</f:radioBlock>
</f:optionalBlock>
<f:optionalBlock title="Enable Data Retention" inline="true"
field="enableDataRetention">
<f:entry title="Scan Retention rate (number of scan)" field="projectRetentionRateEnforce">
<f:number clazz="positive-number" min="1" max="10000" step="1" default="10" checkMethod="POST" />
</f:entry>
</f:optionalBlock>
<f:optionalBlock title="Hide Debug Logs" inline="true" field="hideDebugLogs"/>
</f:section>
</j:jelly>