Package com.veracode.jenkins.plugin
Class VeracodeAction
- java.lang.Object
-
- com.veracode.jenkins.plugin.VeracodeAction
-
- All Implemented Interfaces:
Action
,ModelObject
,RunAction2
public class VeracodeAction extends Object implements RunAction2
This class represents the post build Veracode step on the build page.
-
-
Constructor Summary
Constructors Constructor Description VeracodeAction()
Constructor for VeracodeAction.VeracodeAction(ScanHistory scanHistory, String xmlApiHost)
Constructor for VeracodeAction.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
doGraph(org.kohsuke.stapler.StaplerRequest request, org.kohsuke.stapler.StaplerResponse response)
Creates a trend chart with scan history.int
getAnalysisScore()
int
getBlacklistedCompsCount()
Get the number of blacklisted components.String
getBlacklistedCompsCountForHTML()
Returns the display of the number of blacklisted components on the build pageRun<?,?>
getBuild()
String
getDetailedReportURLForHTMLAttr()
Get the URL to the Detailed Report for this scan that is escaped for HTML attributeString
getDisplayName()
String
getFlawsCount(int severity)
List<Map<String,Long>>
getFlawsCountHistory()
String
getIconFileName()
Use by Jenkins framework to display our logo on the left panel on on the build pagedouble
getMaxCVSSScore()
Get the max CVSS score among all the SCA components.String
getMaxCVSSScoreForHTML()
Returns the display on the build page based on the Max CVSS ScoreString
getNetChange(int severity)
String
getNetVulCountForDisplayBySeverity(int severity)
Get the net vulnerability count of a given severity level (0 - 5).String
getNewFlaws(int severity)
ArrayList<String>
getNewSCAComponentsByPolicyStatus(boolean isViolatedPolicy)
Used by index.jelly for VeracodeAction to display the SCA components which are new since the previous build.String
getNewVulCountForDisplayBySeverity(int severity)
Get the new vulnerability count of a given severity level (0 - 5).String
getOpenNewWindow16()
Use by index.jelly for VeracodeAction to display the open new window iconboolean
getPolicyAffection(int severity)
Get if the each severity level contains flaws which affect policy complianceString
getPolicyComplianceComponentIconUri(boolean isViolatedPolicy)
Used by index.jelly for VeracodeAction to display the policy compliance icon for the SCA component.String
getPolicyComplianceStatus()
Get the policy compliance statusString
getPolicyComplianceStatusForHTML()
Get the policy compliance status for displaying in HTML Note that the "PASS" status is returned as "Passed" for displaying purpose.String
getPolicyComplianceStatusIconUri16()
Use by summary.jelly for VeracodeAction to display the correct status icon (16x16)String
getPolicyComplianceStatusIconUri24()
Use by summary.jelly for VeracodeAction to display the correct status icon (24x24)String
getPolicyComplianceStatusIconUri32()
Used by summary.jelly for VeracodeAction to display the correct status icon (32x32)String
getPolicyComplianceStatusIconUri48()
Used by summary.jelly for VeracodeAction to display the correct status iconString
getPolicyName()
Get the policy nameString
getPolicyNameForHTML()
Get the policy name suitable for displaying in HTMLString
getScanOverdueStatus()
SCAScanHistory
getSCAScanHistory()
int
getTotalFlawsCount()
int
getTotalNetChangeCount()
Integer
getTotalNetVulCount()
Get the total number of net vulnerabilities across all severity levels.String
getTotalNetVulCountForDisplay()
Returns the display of the total number of net vulnerabilities across all severity levels.int
getTotalNewFlawsCount()
int
getTotalNewVulCount()
Get the total number of new vulnerabilities across all severity levels.String
getTotalNewVulCountForDisplay()
Returns the display of the total number of new vulnerabilities across all severity levels.int
getTotalVulCount()
Get the total number of vulnerabilities across all severity levels.String
getTotalVulCountForDisplay()
Returns the display of the total number of vulnerabilities across all severity levels.String
getUrlName()
String
getVeracodeLevel()
Get the Veracode levelString
getVeracodeLevelForHTML()
Get the Veracode level to be displayed in HTMLString
getVeracodeLogo48()
Use by summary.jelly for VeracodeAction to display our logoString
getVulCountForDisplayBySeverity(int severity)
Get the vulnerability count of a given severity level (0 - 5).List<Map<String,Long>>
getVulCountHistory()
Get the vulnerability count historyboolean
isNewSCAComponents()
Used by index.jelly for VeracodeAction to determine if there are new SCA components since the previous build.boolean
isSCAHistoryAvailable()
Determine if the SCA History is availableboolean
isScanHistoryAvailable()
boolean
isSCASevLevelMitigated(int severity)
Find out if the vulnerability count of the given severity is lower than the actual count due to mitigationboolean
isStaticSevLevelMitigated(int severity)
Find out if the flaw count of the given severity is lower than the actual count due to mitigationboolean
isSubscribedToSCA()
Determine if the account used for the build is subscribed to SCA or notvoid
onAttached(Run<?,?> r)
void
onLoad(Run<?,?> r)
-
-
-
Constructor Detail
-
VeracodeAction
public VeracodeAction()
Constructor for VeracodeAction.
-
VeracodeAction
public VeracodeAction(ScanHistory scanHistory, String xmlApiHost)
Constructor for VeracodeAction.
- Parameters:
scanHistory
- aScanHistory
object.xmlApiHost
- the object to store the specific region url
-
-
Method Detail
-
getIconFileName
public String getIconFileName()
Use by Jenkins framework to display our logo on the left panel on on the build page- Specified by:
getIconFileName
in interfaceAction
- Returns:
- URI to the 24x24 Veracode logo icon
-
getDisplayName
public String getDisplayName()
- Specified by:
getDisplayName
in interfaceAction
- Specified by:
getDisplayName
in interfaceModelObject
-
getUrlName
public String getUrlName()
- Specified by:
getUrlName
in interfaceAction
-
onAttached
public void onAttached(Run<?,?> r)
- Specified by:
onAttached
in interfaceRunAction2
-
onLoad
public void onLoad(Run<?,?> r)
- Specified by:
onLoad
in interfaceRunAction2
-
getPolicyName
public String getPolicyName()
Get the policy name- Returns:
- the policy name
-
getPolicyNameForHTML
public String getPolicyNameForHTML()
Get the policy name suitable for displaying in HTML- Returns:
- policy name escaped for HTML
-
getPolicyComplianceStatus
public String getPolicyComplianceStatus()
Get the policy compliance status- Returns:
- policy compliance status
-
getPolicyComplianceStatusForHTML
public String getPolicyComplianceStatusForHTML()
Get the policy compliance status for displaying in HTML Note that the "PASS" status is returned as "Passed" for displaying purpose.- Returns:
- policy compliance status escaped for HTML
-
getVeracodeLevel
public String getVeracodeLevel()
Get the Veracode level- Returns:
- Veracode level
-
getVeracodeLevelForHTML
public String getVeracodeLevelForHTML()
Get the Veracode level to be displayed in HTML- Returns:
- Veracode level escaped for HTML
-
getAnalysisScore
public int getAnalysisScore()
-
getScanOverdueStatus
public String getScanOverdueStatus()
-
getVeracodeLogo48
public String getVeracodeLogo48()
Use by summary.jelly for VeracodeAction to display our logo- Returns:
- URI to the 48x48 Veracode logo icon
-
getPolicyComplianceStatusIconUri16
public String getPolicyComplianceStatusIconUri16()
Use by summary.jelly for VeracodeAction to display the correct status icon (16x16)- Returns:
- relative URI of the status icon
-
getPolicyComplianceStatusIconUri24
public String getPolicyComplianceStatusIconUri24()
Use by summary.jelly for VeracodeAction to display the correct status icon (24x24)- Returns:
- relative URI of the status icon
-
getPolicyComplianceStatusIconUri32
public String getPolicyComplianceStatusIconUri32()
Used by summary.jelly for VeracodeAction to display the correct status icon (32x32)- Returns:
- relative URI of the status icon
-
getPolicyComplianceStatusIconUri48
public String getPolicyComplianceStatusIconUri48()
Used by summary.jelly for VeracodeAction to display the correct status icon- Returns:
- relative URI of the status icon
-
getOpenNewWindow16
public String getOpenNewWindow16()
Use by index.jelly for VeracodeAction to display the open new window icon- Returns:
- String
-
isStaticSevLevelMitigated
public boolean isStaticSevLevelMitigated(int severity)
Find out if the flaw count of the given severity is lower than the actual count due to mitigation- Parameters:
severity
- - A severity level- Returns:
- true if the count is lower due to mitigation, false otherwise.
-
getFlawsCount
public String getFlawsCount(int severity)
-
getTotalFlawsCount
public int getTotalFlawsCount()
-
getTotalNewFlawsCount
public int getTotalNewFlawsCount()
-
getTotalNetChangeCount
public int getTotalNetChangeCount()
-
getNetChange
public String getNetChange(int severity)
-
getNewFlaws
public String getNewFlaws(int severity)
-
doGraph
public void doGraph(org.kohsuke.stapler.StaplerRequest request, org.kohsuke.stapler.StaplerResponse response)
Creates a trend chart with scan history.- Parameters:
request
- aStaplerRequest
object.response
- aStaplerResponse
object.
-
getDetailedReportURLForHTMLAttr
public String getDetailedReportURLForHTMLAttr()
Get the URL to the Detailed Report for this scan that is escaped for HTML attribute- Returns:
- Detailed Report URL escaped for HTML attribute
-
isScanHistoryAvailable
public boolean isScanHistoryAvailable()
-
getBuild
public Run<?,?> getBuild()
-
isSCAHistoryAvailable
public boolean isSCAHistoryAvailable()
Determine if the SCA History is available- Returns:
- true if available. False otherwise
-
isSubscribedToSCA
public boolean isSubscribedToSCA()
Determine if the account used for the build is subscribed to SCA or not- Returns:
- true if subscribed. False if not subscribed or data not available
-
getMaxCVSSScore
public double getMaxCVSSScore()
Get the max CVSS score among all the SCA components.- Returns:
- the max CVSS score if available. Otherwise, -1 for none of the SCA components has a CVSS score -2 for SCA data is not available
-
getMaxCVSSScoreForHTML
public String getMaxCVSSScoreForHTML()
Returns the display on the build page based on the Max CVSS Score- Returns:
- the max CVSS score if available. Otherwise, "-" if none of the SCA components has a CVSS score "" if SCA data is not available
-
getBlacklistedCompsCount
public int getBlacklistedCompsCount()
Get the number of blacklisted components.- Returns:
- the number of blacklisted components if available. Otherwise, -1 if SCA data is not available
-
getBlacklistedCompsCountForHTML
public String getBlacklistedCompsCountForHTML()
Returns the display of the number of blacklisted components on the build page- Returns:
- the number of blacklisted components if available. Otherwise, "0" if SCA data is not available or no SCA blacklisted components
-
getVulCountForDisplayBySeverity
public String getVulCountForDisplayBySeverity(int severity)
Get the vulnerability count of a given severity level (0 - 5). If the count is lower than actual (due to mitigation), then the returned count will be followed by an asterisk- Parameters:
severity
- - A severity level- Returns:
- the vulnerability count
-
getPolicyAffection
public boolean getPolicyAffection(int severity)
Get if the each severity level contains flaws which affect policy compliance- Parameters:
severity
- - A severity level- Returns:
- policy affection
-
getNewVulCountForDisplayBySeverity
public String getNewVulCountForDisplayBySeverity(int severity)
Get the new vulnerability count of a given severity level (0 - 5). If the count zero, then an empty string will be returned. If the count is not available, null will be returned.- Parameters:
severity
- - A severity level- Returns:
- the vulnerability count
-
getNetVulCountForDisplayBySeverity
public String getNetVulCountForDisplayBySeverity(int severity)
Get the net vulnerability count of a given severity level (0 - 5). If the count zero, then an empty string will be returned. If the count is not available, null will be returned.- Parameters:
severity
- - A severity level- Returns:
- the vulnerability count
-
isSCASevLevelMitigated
public boolean isSCASevLevelMitigated(int severity)
Find out if the vulnerability count of the given severity is lower than the actual count due to mitigation- Parameters:
severity
- - A severity level- Returns:
- true if the count is lower due to mitigation, false otherwise.
-
getTotalVulCount
public int getTotalVulCount()
Get the total number of vulnerabilities across all severity levels.- Returns:
- the total number of vulnerabilities if available. Otherwise, -1 if SCA data is not available
-
getTotalVulCountForDisplay
public String getTotalVulCountForDisplay()
Returns the display of the total number of vulnerabilities across all severity levels.- Returns:
- the total number of vulnerabilities
-
getTotalNewVulCount
public int getTotalNewVulCount()
Get the total number of new vulnerabilities across all severity levels.- Returns:
- the total number of new vulnerabilities if available. Otherwise, -1 if SCA data is not available
-
getTotalNewVulCountForDisplay
public String getTotalNewVulCountForDisplay()
Returns the display of the total number of new vulnerabilities across all severity levels.- Returns:
- the total number of new vulnerabilities
-
getTotalNetVulCount
public Integer getTotalNetVulCount()
Get the total number of net vulnerabilities across all severity levels.- Returns:
- the total number of net vulnerabilities if available. Otherwise, null if SCA data is not available
-
getTotalNetVulCountForDisplay
public String getTotalNetVulCountForDisplay()
Returns the display of the total number of net vulnerabilities across all severity levels.- Returns:
- the total number of net vulnerabilities
-
isNewSCAComponents
public boolean isNewSCAComponents()
Used by index.jelly for VeracodeAction to determine if there are new SCA components since the previous build.- Returns:
- boolean whether or not there are new SCA components
-
getNewSCAComponentsByPolicyStatus
public ArrayList<String> getNewSCAComponentsByPolicyStatus(boolean isViolatedPolicy)
Used by index.jelly for VeracodeAction to display the SCA components which are new since the previous build. Builds an array of the new SCA components that passed policy or failed policy.- Parameters:
isViolatedPolicy
- boolean- Returns:
- array of SCA component names that either passed or failed policy
-
getPolicyComplianceComponentIconUri
public String getPolicyComplianceComponentIconUri(boolean isViolatedPolicy)
Used by index.jelly for VeracodeAction to display the policy compliance icon for the SCA component.- Parameters:
isViolatedPolicy
- boolean- Returns:
- relative URI of the status icon
-
getVulCountHistory
public List<Map<String,Long>> getVulCountHistory()
Get the vulnerability count history- Returns:
- the count history or null if it is unavailable
-
getSCAScanHistory
public SCAScanHistory getSCAScanHistory()
-
-