-
-
Notifications
You must be signed in to change notification settings - Fork 64
Expand file tree
/
Copy pathconfig.jelly
More file actions
431 lines (365 loc) · 27.1 KB
/
config.jelly
File metadata and controls
431 lines (365 loc) · 27.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:c="/lib/credentials" xmlns:l="/lib/layout"
xmlns:t="/lib/hudson" xmlns:f="/lib/form" descriptor="${it.descriptor}">
<!-- This jelly script is used for per-project configuration. -->
<f:invisibleEntry>
<!-- Used for Internet Explorer cache invalidation -->
<f:textbox default="${descriptor.currentTime}" field="timestamp" />
</f:invisibleEntry>
<f:section title=""/>
<f:section title="Checkmarx Server Settings"/>
<f:invisibleEntry>
<f:readOnlyTextbox field="username"/>
<f:readOnlyTextbox field="password"/>
</f:invisibleEntry>
<f:optionalBlock title="Use default server credentials (${descriptor.credentialsDescription})"
inline="true" field="useOwnServerCredentials" negative="true"
checked="${instance==null?true:!instance.useOwnServerCredentials}">
<f:entry title="Checkmarx server URL" field="serverUrl">
<f:textbox default="${descriptor.serverUrl}" />
</f:entry>
<j:if test="${instance.isOldCredentials()}">
<f:block>
<div style="font-weight: bold; padding: 8px;">You are currently using the Checkmarx credential method. To switch to the new Jenkins Credential method, click Add and select your new credentials.</div>
</f:block>
</j:if>
<f:entry field="credentialsId" title="${%Credentials}">
<c:select />
</f:entry>
<f:optionalBlock title="Use Jenkins proxy" inline="true" field="isProxy" checked="${instance==null?true:instance.isProxy}" />
<f:validateButton title="Test Connection" progress="Testing..." method="testConnection"
with="serverUrl,password, username,timestamp,credentialsId,isProxy" />
</f:optionalBlock>
<f:optionalBlock title="Enable config as code" inline="true" field="configAsCode" checked="${instance==null?true:instance.configAsCode}">
<div style="font-weight: bold; padding: 8px;">The following fields will be overriding by config file values if exists (project name ,team name ,sast scan settings and sca scan settings.).</div>
</f:optionalBlock>
<f:entry title="Checkmarx project name" description="Existing projects appear in a completion list when server url is provided (up to 20)">
<f:combobox field="projectName" value="${instance.projectName == null?descriptor.defaultProjectName:instance.projectName}"/>
</f:entry>
<f:entry title="Team" field="groupId">
<f:select />
</f:entry>
<f:section title="CxSAST Scan"/>
<f:optionalBlock title="Enable CxSAST scan" inline="true" field="sastEnabled" checked="${instance == null || instance.sastEnabled == null || instance.sastEnabled}">
<f:entry title="Preset" field="preset">
<f:select />
</f:entry>
<!-- GLOBAL INCLUDE\EXCLUDE -->
<f:radioBlock checked="${instance == null || instance.exclusionsSetting == null || instance.exclusionsSetting.equals('global')}" inline="true"
name="exclusionsSetting" title="Use Global Include/Exclude Settings" value="global">
<f:nested>
<f:entry title="Exclude Folders" field="globalExcludeFolders">
<f:textbox readonly="readonly" value="${descriptor.excludeFolders}"/>
</f:entry>
<f:entry title="Include/Exclude Wildcard Patterns" field="globalFilterPattern">
<f:textarea readonly="readonly" value="${descriptor.filterPattern}" />
</f:entry>
</f:nested>
</f:radioBlock>
<!-- SPECIFIC INCLUDE\EXCLUDE -->
<f:radioBlock checked="${instance.getExclusionsSetting().equals('job')}" inline="true"
name="exclusionsSetting" title="Specific Include/Exclude Settings" value="job">
<f:nested>
<f:entry title="Exclude Folders" field="excludeFolders">
<f:textbox default="${descriptor.excludeFolders}" />
</f:entry>
<f:entry title="Include/Exclude Wildcard Patterns" field="filterPattern">
<f:textarea default="${descriptor.filterPattern}" />
</f:entry>
</f:nested>
</f:radioBlock>
<f:optionalBlock title="Incremental" field="incremental" inline="true" checkMethod="POST" checked="${instance.incremental}">
<f:optionalBlock title="Schedule periodic full scans" field="fullScansScheduled" inline="true"
checked="${instance.fullScansScheduled}">
<f:entry
title="Number of incremental scans between full scans (${descriptor.FULL_SCAN_CYCLE_MIN}-${descriptor.FULL_SCAN_CYCLE_MAX})"
field="fullScanCycle">
<f:number clazz="positive-number" min="${descriptor.FULL_SCAN_CYCLE_MIN}" max="${descriptor.FULL_SCAN_CYCLE_MAX}"
step="1" default="10" checkMethod="POST" />
</f:entry>
</f:optionalBlock>
</f:optionalBlock>
<f:entry title="Force Scan" field="forceScan">
<f:checkbox checkMethod="POST" checked="${instance.forceScan}"/>
</f:entry>
<f:entry title="Scan level - custom fields" field="customFields">
<f:textbox checkMethod="POST" value="${instance.customFields}" />
</f:entry>
<f:entry title="Post Scan Action" field="postScanActionId">
<f:select />
</f:entry>
<f:entry title="Source character encoding (configuration)" field="sourceEncoding" description="Default Configuration uses UTF-8">
<f:select />
</f:entry>
<f:optionalBlock title="Allow global comment" inline="true" field="addGlobalCommenToBuildCommet"/>
<f:entry title="Comment" field="comment">
<f:textarea />
</f:entry>
<f:optionalBlock title="Avoid duplicate project scans in queue" inline="true" field="avoidDuplicateProjectScans" />
<f:optionalBlock title="Enable Override Project Setting" inline="true" field="overrideProjectSetting" checked="${instance==null?false:instance.overrideProjectSetting}" />
</f:optionalBlock>
<f:optionalBlock title="Skip scan if triggered by SCM Changes" inline="true" field="skipSCMTriggers" />
<f:section title="Dependency Scan" />
<f:optionalBlock title="Enable dependency scan" field="dependencyScanConfig"
checked="${instance.dependencyScanConfig != null}">
<f:optionalBlock title="Override global dependency scan settings" name="overrideGlobalConfig"
checked="${instance.dependencyScanConfig.overrideGlobalConfig}" inline="true">
<f:entry title="Include/Exclude wildcard patterns" field="dependencyScanPatterns">
<f:textarea value="${instance.dependencyScanConfig.dependencyScanPatterns}" />
</f:entry>
<f:entry title="Exclude folders" field="dependencyScanExcludeFolders">
<f:textbox value="${instance.dependencyScanConfig.dependencyScanExcludeFolders}" />
</f:entry>
<f:radioBlock checked="${instance.dependencyScanConfig.dependencyScannerType == 'OSA'}" inline="true"
name="dependencyScannerType" title="Use CxOSA dependency scanner" value="OSA">
<f:nested>
<f:entry title="FSA variables" field="fsaVariables">
<f:textarea value="${instance.dependencyScanConfig.fsaVariables}" />
</f:entry>
<f:entry title="Archive extract patterns" field="osaArchiveIncludePatterns">
<f:textbox default="${descriptor.DEFAULT_OSA_ARCHIVE_INCLUDE_PATTERNS}"
value="${instance.dependencyScanConfig.osaArchiveIncludePatterns}"/>
</f:entry>
<f:entry title="Execute dependency managers 'install packages' command before Scan"
field="osaInstallBeforeScan">
<f:checkbox checked="${instance.dependencyScanConfig.osaInstallBeforeScan}"/>
</f:entry>
</f:nested>
</f:radioBlock>
<f:radioBlock checked="${instance.dependencyScanConfig.dependencyScannerType == 'SCA'}"
inline="true" name="dependencyScannerType" title="Use CxSCA dependency scanner" value="SCA">
<f:nested>
<f:entry title="CxSCA API URL" field="scaServerUrl">
<f:textbox default="${descriptor.DEFAULT_SCA_SERVER_URL}"
value="${instance.dependencyScanConfig.scaServerUrl}"/>
</f:entry>
<f:entry title="Access control server URL" field="scaAccessControlUrl">
<f:textbox default="${descriptor.DEFAULT_SCA_ACCESS_CONTROL_URL}"
value="${instance.dependencyScanConfig.scaAccessControlUrl}"/>
</f:entry>
<f:entry title="CxSCA web app URL" field="scaWebAppUrl">
<f:textbox default="${descriptor.DEFAULT_SCA_WEB_APP_URL}"
value="${instance.dependencyScanConfig.scaWebAppUrl}"/>
</f:entry>
<f:entry title="CxSCA credentials" field="scaCredentialsId">
<c:select value="${instance.dependencyScanConfig.scaCredentialsId}" />
</f:entry>
<f:description>**Note:SAML and SSO are not supported
</f:description>
<f:entry title="Account" field="scaTenant">
<f:textbox value="${instance.dependencyScanConfig.scaTenant}"/>
</f:entry>
<f:entry title="Teampath" field="scaTeamPath">
<f:textbox value="${instance.dependencyScanConfig.scaTeamPath}"/>
</f:entry>
<f:entry title="SCA Scan timeout (minutes)" field="scaTimeout">
<f:textbox value="${instance.dependencyScanConfig.scaTimeout}"/>
</f:entry>
<f:validateButton title="Test Connection" progress="Testing..." method="testScaConnection"
with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,timestamp,isProxy"/>
<f:radioBlock checked="${instance.dependencyScanConfig.enableScaResolver == null || instance.dependencyScanConfig.enableScaResolver == 'SCA_RESOLVER'}" inline="true"
name="enableScaResolver" title="Perform SCA scan using dependency resolution by SCA Resolver tool."
value="SCA_RESOLVER">
<!-- Sca Resolver Fields-->
<f:entry title="Path to SCA Resolver" field="pathToScaResolver">
<f:textbox value="${instance.dependencyScanConfig.pathToScaResolver}" />
</f:entry>
<f:entry title="SCA Resolver Additional Parameters" field="scaResolverAddParameters">
<f:textarea value="${instance.dependencyScanConfig.scaResolverAddParameters}" />
</f:entry>
</f:radioBlock>
<f:radioBlock checked="${instance.dependencyScanConfig.enableScaResolver == null || instance.dependencyScanConfig.enableScaResolver == 'MANIFEST'}" inline="true"
name="enableScaResolver" title="Perform SCA scan by uploading manifests file(s)/source to SCA Service."
value="MANIFEST">
<!-- Non-Sca Resolver Fields-->
<f:entry title="Package Manager's Config File(s) Path" field="scaConfigFile">
<f:textarea value="${instance.dependencyScanConfig.scaConfigFile}" />
</f:entry>
<f:entry title="Private Registry Environment Variable" field="scaEnvVariables">
<f:textarea value="${instance.dependencyScanConfig.scaEnvVariables}" />
</f:entry>
<f:optionalBlock title="Include Sources" field="isIncludeSources"
inline="true" checked="${instance.dependencyScanConfig.isIncludeSources}"/>
<f:optionalBlock title="Enable Exploitable Path" field="isExploitablePath"
inline="true" checked="${instance.dependencyScanConfig.isExploitablePath}">
<f:optionalBlock title="Use global settings (${descriptor.credentialsDescription})" field="useJobLevelSastDetails"
inline="true" negative="true" checked="${!instance.dependencyScanConfig.useJobLevelSastDetails}">
<f:entry title="CxSAST Server Url" field="scaSastServerUrl">
<f:textbox default="${descriptor.dependencyScanConfig.serverUrl}" value="${instance.dependencyScanConfig.scaSastServerUrl}" />
</f:entry>
<f:entry title="CxSAST credentials" field="sastCredentialsId">
<c:select value="${instance.dependencyScanConfig.sastCredentialsId}" />
</f:entry>
<f:validateButton title="Test Connection" progress="Testing..." method="testScaSASTConnection"
with="scaSastServerUrl,password,username,timestamp,sastCredentialsId,isProxy" />
</f:optionalBlock>
<f:entry title="Project Full Path" field="scaSASTProjectFullPath">
<f:textbox value="${instance.dependencyScanConfig.scaSASTProjectFullPath}"/>
</f:entry>
<f:entry title="Project ID" field="scaSASTProjectID">
<f:textbox checkMethod="POST" value="${instance.dependencyScanConfig.scaSASTProjectID}"/>
</f:entry>
</f:optionalBlock>
</f:radioBlock>
</f:nested>
</f:radioBlock>
</f:optionalBlock>
</f:optionalBlock>
<!-- -= Build Control =- -->
<f:section title="Build Control">
<f:entry name="jobStatusOnError" title="Job status when scan returns an error:" field="jobStatusOnError">
<f:enum field="jobStatusOnError">${it.displayName}</f:enum>
</f:entry>
<j:choose>
<!-- -=use only global configuration setting =- -->
<j:when test="${descriptor.forcingVulnerabilityThresholdEnabled and descriptor.lockVulnerabilitySettings}">
<f:entry title="Build status when results exceed threshold:">
<f:readOnlyTextbox value="Setting Locked by Administrator (${descriptor.JobGlobalStatusOnThresholdViolation})" />
</f:entry>
<f:entry title="SAST High severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.highThresholdEnforcement}" />
</f:entry>
<f:entry title="SAST Medium severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.mediumThresholdEnforcement}" />
</f:entry>
<f:entry title="SAST Low severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.lowThresholdEnforcement}" />
</f:entry>
<f:entry title="Dependency scan high severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.osaHighThresholdEnforcement}" />
</f:entry>
<f:entry title="Dependency scan medium severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.osaMediumThresholdEnforcement}" />
</f:entry>
<f:entry title="Dependency scan low severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.osaLowThresholdEnforcement}" />
</f:entry>
<f:optionalBlock title="Enable synchronous mode" inline="true" field="waitForResultsEnabled"
checked="${instance==null?true:instance.waitForResultsEnabled}">
<!-- -= Enable Synchronous Mode =- -->
<f:description>Synchronous mode allows viewing scan results in Jenkins and setting thresholds
</f:description>
<f:optionalBlock title="Generate CxSAST PDF report" inline="true" field="generatePdfReport" />
<!-- -= enableProjectPolicyEnforcement =- -->
<f:optionalBlock title="Enable Project's policy enforcement" inline="true" field="enableProjectPolicyEnforcement" />
</f:optionalBlock>
</j:when>
<!-- ** use specific configuration setting ** -->
<j:otherwise>
<f:optionalBlock title="Enable synchronous mode" inline="true" field="waitForResultsEnabled"
checked="${instance==null?true:instance.waitForResultsEnabled}">
<!-- -= Enable Synchronous Mode =- -->
<f:description>Synchronous mode allows viewing scan results in Jenkins and setting thresholds
</f:description>
<!-- -= Generate PDF report =- -->
<f:optionalBlock title="Generate CxSAST PDF report" inline="true" field="generatePdfReport" />
<!-- -= generateScaReport =- -->
<f:optionalBlock title="Generate SCA report" inline="true" field="generateScaReport" checkMethod="POST"
checked="${instance.dependencyScanConfig.dependencyScannerType == 'SCA'}">
<f:entry name="scaReportFormat" title="Report Format:" field="scaReportFormat">
<f:enum field="scaReportFormat">${it.displayName}</f:enum>
</f:entry>
</f:optionalBlock>
<!-- -= enableProjectPolicyEnforcement =- -->
<f:optionalBlock title="Enable Project's policy enforcement" inline="true" field="enableProjectPolicyEnforcement" />
<!-- ** Enable CxSAST vulnerability threshold ** -->
<f:optionalBlock title="Enable vulnerability threshold" inline="true"
field="vulnerabilityThresholdEnabled">
<j:choose>
<j:when test="${descriptor.forcingVulnerabilityThresholdEnabled}">
<f:radioBlock checked="${instance.getThresholdSettings() == null || instance.getThresholdSettings().equals('global')}" inline="true"
name="thresholdSettings" title="Use Global Settings (${descriptor.JobGlobalStatusOnThresholdViolation.displayName})"
value="global">
<f:nested>
<f:entry title="Build status when results exceed threshold:">
<f:readOnlyTextbox value="${descriptor.JobGlobalStatusOnThresholdViolation.displayName}" />
</f:entry>
<f:entry title="SAST High severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.highThresholdEnforcement}" />
</f:entry>
<f:entry title="SAST Medium severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.mediumThresholdEnforcement}" />
</f:entry>
<f:entry title="SAST Low severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.lowThresholdEnforcement}" />
</f:entry>
<f:entry title="Dependency scan high severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.osaHighThresholdEnforcement}" />
</f:entry>
<f:entry title="Dependency scan medium severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.osaMediumThresholdEnforcement}" />
</f:entry>
<f:entry title="Dependency scan low severity vulnerabilities threshold">
<f:readOnlyTextbox value="${descriptor.osaLowThresholdEnforcement}" />
</f:entry>
</f:nested>
</f:radioBlock>
<f:radioBlock checked="${instance.getThresholdSettings().equals('job')}" inline="true"
name="thresholdSettings" title="Specific Scan settings" value="job">
<f:nested>
<f:entry title="Build status when results exceed threshold:" field="vulnerabilityThresholdResult">
<f:select />
</f:entry>
<f:entry title="SAST High severity vulnerabilities threshold" field="highThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="post" />
</f:entry>
<f:entry title="SAST Medium severity vulnerabilities threshold" field="mediumThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="post" />
</f:entry>
<f:entry title="SAST Low severity vulnerabilities threshold" field="lowThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="post" />
</f:entry>
<f:optionalBlock title="Fail the build for new SAST vulnerabilities" inline="true" field="failBuildOnNewResults">
<f:entry title="Fail for the following severity or greater" field="failBuildOnNewSeverity">
<f:select field="failBuildOnNewSeverity" />
</f:entry>
</f:optionalBlock>
<f:entry title="Dependency scan high severity vulnerabilities threshold" field="osaHighThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST" />
</f:entry>
<f:entry title="Dependency scan medium severity vulnerabilities threshold" field="osaMediumThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST" />
</f:entry>
<f:entry title="Dependency scan low severity vulnerabilities threshold" field="osaLowThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" checkMethod="POST" />
</f:entry>
</f:nested>
</f:radioBlock>
</j:when>
<j:otherwise>
<f:description>Global settings option is disabled</f:description>
<f:entry title="Build status when results exceed threshold:" field="vulnerabilityThresholdResult">
<f:select />
</f:entry>
<f:entry title="SAST High severity vulnerabilities threshold" field="highThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" />
</f:entry>
<f:entry title="SAST Medium severity vulnerabilities threshold" field="mediumThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" />
</f:entry>
<f:entry title="SAST Low severity vulnerabilities threshold" field="lowThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" />
</f:entry>
<f:optionalBlock title="Fail the build for new SAST vulnerabilities" inline="true" field="failBuildOnNewResults">
<f:entry title="Fail for the following severity or greater" field="failBuildOnNewSeverity">
<f:select field="failBuildOnNewSeverity" />
</f:entry>
</f:optionalBlock>
<f:entry title="Dependency scan high severity vulnerabilities threshold" field="osaHighThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" />
</f:entry>
<f:entry title="Dependency scan medium severity vulnerabilities threshold" field="osaMediumThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" />
</f:entry>
<f:entry title="Dependency scan low severity vulnerabilities threshold" field="osaLowThreshold">
<f:number clazz="positive-number" min="0" step="1" default="" />
</f:entry>
</j:otherwise>
</j:choose>
</f:optionalBlock>
</f:optionalBlock>
</j:otherwise>
</j:choose>
<f:optionalBlock title="Hide Debug Logs" inline="true" field="hideDebugLogs" checked="${instance==null?descriptor.hideDebugLogs:instance.hideDebugLogs}" />
</f:section>
</j:jelly>