Package com.veracode.jenkins.plugin

Class VeracodeAction

    • Constructor Detail

      • VeracodeAction

        public VeracodeAction()

        Constructor for VeracodeAction.

      • VeracodeAction

        public VeracodeAction​(ScanHistory scanHistory,
                      String xmlApiHost)

        Constructor for VeracodeAction.

        Parameters:
        scanHistory - a ScanHistory object.
        xmlApiHost - the object to store the specific region url

    • Method Detail

      • getIconFileName

        public String getIconFileName()
        Use by Jenkins framework to display our logo on the left panel on on the build page
        Specified by:
        getIconFileName in interface Action
        Returns:
        URI to the 24x24 Veracode logo icon

      • onLoad

        public void onLoad​(Run<?,​?> r)
        Specified by:
        onLoad in interface RunAction2

      • getPolicyName

        public String getPolicyName()
        Get the policy name
        Returns:
        the policy name

      • getPolicyNameForHTML

        public String getPolicyNameForHTML()
        Get the policy name suitable for displaying in HTML
        Returns:
        policy name escaped for HTML

      • getPolicyComplianceStatus

        public String getPolicyComplianceStatus()
        Get the policy compliance status
        Returns:
        policy compliance status

      • getPolicyComplianceStatusForHTML

        public String getPolicyComplianceStatusForHTML()
        Get the policy compliance status for displaying in HTML Note that the "PASS" status is returned as "Passed" for displaying purpose.
        Returns:
        policy compliance status escaped for HTML

      • getVeracodeLevel

        public String getVeracodeLevel()
        Get the Veracode level
        Returns:
        Veracode level

      • getVeracodeLevelForHTML

        public String getVeracodeLevelForHTML()
        Get the Veracode level to be displayed in HTML
        Returns:
        Veracode level escaped for HTML

      • getAnalysisScore

        public int getAnalysisScore()

      • getScanOverdueStatus

        public String getScanOverdueStatus()

      • getVeracodeLogo48

        public String getVeracodeLogo48()
        Use by summary.jelly for VeracodeAction to display our logo
        Returns:
        URI to the 48x48 Veracode logo icon

      • getPolicyComplianceStatusIconUri16

        public String getPolicyComplianceStatusIconUri16()
        Use by summary.jelly for VeracodeAction to display the correct status icon (16x16)
        Returns:
        relative URI of the status icon

      • getPolicyComplianceStatusIconUri24

        public String getPolicyComplianceStatusIconUri24()
        Use by summary.jelly for VeracodeAction to display the correct status icon (24x24)
        Returns:
        relative URI of the status icon

      • getPolicyComplianceStatusIconUri32

        public String getPolicyComplianceStatusIconUri32()
        Used by summary.jelly for VeracodeAction to display the correct status icon (32x32)
        Returns:
        relative URI of the status icon

      • getPolicyComplianceStatusIconUri48

        public String getPolicyComplianceStatusIconUri48()
        Used by summary.jelly for VeracodeAction to display the correct status icon
        Returns:
        relative URI of the status icon

      • getOpenNewWindow16

        public String getOpenNewWindow16()
        Use by index.jelly for VeracodeAction to display the open new window icon
        Returns:
        String

      • isStaticSevLevelMitigated

        public boolean isStaticSevLevelMitigated​(int severity)
        Find out if the flaw count of the given severity is lower than the actual count due to mitigation
        Parameters:
        severity - - A severity level
        Returns:
        true if the count is lower due to mitigation, false otherwise.

      • getFlawsCount

        public String getFlawsCount​(int severity)

      • getTotalFlawsCount

        public int getTotalFlawsCount()

      • getTotalNewFlawsCount

        public int getTotalNewFlawsCount()

      • getTotalNetChangeCount

        public int getTotalNetChangeCount()

      • getNetChange

        public String getNetChange​(int severity)

      • getNewFlaws

        public String getNewFlaws​(int severity)

      • doGraph

        public void doGraph​(org.kohsuke.stapler.StaplerRequest request,
                    org.kohsuke.stapler.StaplerResponse response)
        Creates a trend chart with scan history.
        Parameters:
        request - a StaplerRequest object.
        response - a StaplerResponse object.

      • getDetailedReportURLForHTMLAttr

        public String getDetailedReportURLForHTMLAttr()
        Get the URL to the Detailed Report for this scan that is escaped for HTML attribute
        Returns:
        Detailed Report URL escaped for HTML attribute

      • isScanHistoryAvailable

        public boolean isScanHistoryAvailable()

      • getBuild

        public Run<?,​?> getBuild()

      • isSCAHistoryAvailable

        public boolean isSCAHistoryAvailable()
        Determine if the SCA History is available
        Returns:
        true if available. False otherwise

      • isSubscribedToSCA

        public boolean isSubscribedToSCA()
        Determine if the account used for the build is subscribed to SCA or not
        Returns:
        true if subscribed. False if not subscribed or data not available

      • getMaxCVSSScore

        public double getMaxCVSSScore()
        Get the max CVSS score among all the SCA components.
        Returns:
        the max CVSS score if available. Otherwise, -1 for none of the SCA components has a CVSS score -2 for SCA data is not available

      • getMaxCVSSScoreForHTML

        public String getMaxCVSSScoreForHTML()
        Returns the display on the build page based on the Max CVSS Score
        Returns:
        the max CVSS score if available. Otherwise, "-" if none of the SCA components has a CVSS score "" if SCA data is not available

      • getBlacklistedCompsCount

        public int getBlacklistedCompsCount()
        Get the number of blacklisted components.
        Returns:
        the number of blacklisted components if available. Otherwise, -1 if SCA data is not available

      • getBlacklistedCompsCountForHTML

        public String getBlacklistedCompsCountForHTML()
        Returns the display of the number of blacklisted components on the build page
        Returns:
        the number of blacklisted components if available. Otherwise, "0" if SCA data is not available or no SCA blacklisted components

      • getVulCountForDisplayBySeverity

        public String getVulCountForDisplayBySeverity​(int severity)
        Get the vulnerability count of a given severity level (0 - 5). If the count is lower than actual (due to mitigation), then the returned count will be followed by an asterisk
        Parameters:
        severity - - A severity level
        Returns:
        the vulnerability count

      • getPolicyAffection

        public boolean getPolicyAffection​(int severity)
        Get if the each severity level contains flaws which affect policy compliance
        Parameters:
        severity - - A severity level
        Returns:
        policy affection

      • getNewVulCountForDisplayBySeverity

        public String getNewVulCountForDisplayBySeverity​(int severity)
        Get the new vulnerability count of a given severity level (0 - 5). If the count zero, then an empty string will be returned. If the count is not available, null will be returned.
        Parameters:
        severity - - A severity level
        Returns:
        the vulnerability count

      • getNetVulCountForDisplayBySeverity

        public String getNetVulCountForDisplayBySeverity​(int severity)
        Get the net vulnerability count of a given severity level (0 - 5). If the count zero, then an empty string will be returned. If the count is not available, null will be returned.
        Parameters:
        severity - - A severity level
        Returns:
        the vulnerability count

      • isSCASevLevelMitigated

        public boolean isSCASevLevelMitigated​(int severity)
        Find out if the vulnerability count of the given severity is lower than the actual count due to mitigation
        Parameters:
        severity - - A severity level
        Returns:
        true if the count is lower due to mitigation, false otherwise.

      • getTotalVulCount

        public int getTotalVulCount()
        Get the total number of vulnerabilities across all severity levels.
        Returns:
        the total number of vulnerabilities if available. Otherwise, -1 if SCA data is not available

      • getTotalVulCountForDisplay

        public String getTotalVulCountForDisplay()
        Returns the display of the total number of vulnerabilities across all severity levels.
        Returns:
        the total number of vulnerabilities

      • getTotalNewVulCount

        public int getTotalNewVulCount()
        Get the total number of new vulnerabilities across all severity levels.
        Returns:
        the total number of new vulnerabilities if available. Otherwise, -1 if SCA data is not available

      • getTotalNewVulCountForDisplay

        public String getTotalNewVulCountForDisplay()
        Returns the display of the total number of new vulnerabilities across all severity levels.
        Returns:
        the total number of new vulnerabilities

      • getTotalNetVulCount

        public Integer getTotalNetVulCount()
        Get the total number of net vulnerabilities across all severity levels.
        Returns:
        the total number of net vulnerabilities if available. Otherwise, null if SCA data is not available

      • getTotalNetVulCountForDisplay

        public String getTotalNetVulCountForDisplay()
        Returns the display of the total number of net vulnerabilities across all severity levels.
        Returns:
        the total number of net vulnerabilities

      • isNewSCAComponents

        public boolean isNewSCAComponents()
        Used by index.jelly for VeracodeAction to determine if there are new SCA components since the previous build.
        Returns:
        boolean whether or not there are new SCA components

      • getNewSCAComponentsByPolicyStatus

        public ArrayList<String> getNewSCAComponentsByPolicyStatus​(boolean isViolatedPolicy)
        Used by index.jelly for VeracodeAction to display the SCA components which are new since the previous build. Builds an array of the new SCA components that passed policy or failed policy.
        Parameters:
        isViolatedPolicy - boolean
        Returns:
        array of SCA component names that either passed or failed policy

      • getPolicyComplianceComponentIconUri

        public String getPolicyComplianceComponentIconUri​(boolean isViolatedPolicy)
        Used by index.jelly for VeracodeAction to display the policy compliance icon for the SCA component.
        Parameters:
        isViolatedPolicy - boolean
        Returns:
        relative URI of the status icon

      • getVulCountHistory

        public List<Map<String,​Long>> getVulCountHistory()
        Get the vulnerability count history
        Returns:
        the count history or null if it is unavailable