Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Yocto Scanner support. #1824

Merged
merged 1 commit into from
Sep 16, 2024

Conversation

panicking
Copy link
Contributor

Yocto project support CVE security vulnerabilities using cve-check in the specific image or target you are building, add the following setting to your configuration:

INHERIT += "cve-check"

status of each CVE: Patched, Unpatched or Ignored

The scanner look only for Unpatched package and calculate the severity using the score_v2 or score_v3

Testing done

Cloned https://github.com/uhafner/warnings-ng-plugin-devenv.git
Apply this patch and the pull request of new Yocto Parser

Deploy on personal jenkins installation
Screenshot from 2024-09-10 22-04-52
Screenshot from 2024-09-10 22-05-04
Screenshot from 2024-09-10 22-05-14

Copy link
Member

@uhafner uhafner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good, thanks!

Can you please update analysis-model version in pom.xml as well?

return false;
}
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about adding another icon? The default warning icon might be inappropriate for security warnings?

We can select from: https://fontawesome.com/icons/categories/security or https://ionic.io/ionicons

Example code to change the icon: https://github.com/jenkinsci/warnings-ng-plugin/blob/main/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/ErrorProne.java

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diff --git a/plugin/pom.xml b/plugin/pom.xml
index 87a6b108c..b61c37f9f 100644
--- a/plugin/pom.xml
+++ b/plugin/pom.xml
@@ -25,7 +25,7 @@
     <changelist>-SNAPSHOT</changelist>
     <module.name>${project.groupId}.warnings.ng</module.name>
 
-    <analysis-model-api.version>12.4.0</analysis-model-api.version>
+    <analysis-model-api.version>12.5.0</analysis-model-api.version>
     <analysis-model-tests.version>${analysis-model-api.version}</analysis-model-tests.version>
     <pull-request-monitoring.version>335.v525cd64ec76b_</pull-request-monitoring.version>

This for the pom

diff --git a/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java b/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java
index c41df8dc4..5e121760f 100644
--- a/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java
+++ b/plugin/src/main/java/io/jenkins/plugins/analysis/warnings/YoctoScanner.java
@@ -5,6 +5,7 @@ import org.jenkinsci.Symbol;
import hudson.Extension;

import io.jenkins.plugins.analysis.core.model.AnalysisModelParser;
+import io.jenkins.plugins.analysis.core.model.SymbolIconLabelProvider;

/**
 * Provides a parser and customized messages for Yocto Scanner CLI (scannercli) reports.
@@ -42,5 +43,10 @@ public class YoctoScanner extends AnalysisModelParser {
        public boolean isPostProcessingEnabled() {
            return false;
        }
+
+        @Override
+        public StaticAnalysisLabelProvider getLabelProvider() {
+            return new SymbolIconLabelProvider(getId(), getDisplayName(), getDescriptionProvider(), "symbol-solid/bug plugin-font-awesome-api");
+        }

how icon are loaded?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Icons are part of a different plug-in and are referenced in the UI.

The bug is used for bug finders so you better should use a different one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

@uhafner uhafner Sep 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is not available. You need to choose a free one, there is a checkbox

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@uhafner Add the icon and tested, include the pom.xml change
Screenshot from 2024-09-15 21-32-28

Update the pom plugin of analysis-model-api-plugin to 12.6.0 that include
the yocto scanner model. The yocto scanner will use the icon from

https://fontawesome.com/icons/shield-halved?f=classic&s=solid

Signed-off-by: Michael Trimarchi <[email protected]>
Copy link

codecov bot commented Sep 15, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.57%. Comparing base (e2cbe02) to head (77f98ca).
Report is 2 commits behind head on main.

Additional details and impacted files
@@             Coverage Diff              @@
##               main    #1824      +/-   ##
============================================
- Coverage     82.64%   82.57%   -0.08%     
+ Complexity     1361     1360       -1     
============================================
  Files           248      249       +1     
  Lines          5226     5233       +7     
  Branches        402      402              
============================================
+ Hits           4319     4321       +2     
- Misses          798      802       +4     
- Partials        109      110       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@uhafner
Copy link
Member

uhafner commented Sep 16, 2024

Thanks!

@uhafner uhafner merged commit 385abfa into jenkinsci:main Sep 16, 2024
41 of 42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New features
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants