Open de-jcup opened 3 years ago
The metadata block could be made more generic to support other version control systems as well. For example, Apache Subversion, Mercurial etc.
For git:
"codeScan" : {
"metaData" : {
"versionControl " : {
"type" : "git",
"commit" : "aa893349"
}
}
}
For SVN:
"codeScan" : {
"metaData" : {
"versionControl " : {
"type" : "svn",
"revision" : "4123"
}
}
}
Situation
When people get sechub
Wanted
As a developer using SecHub I want to know for which commit ID the report information was.
Solution
Inside a code scan we introduce a
metaData
container JSON with git container inside having fieldcommit
. This information is available in sechub report later as well.SecHub Config changes
Example for SecHub config file (partial):
SecHub report changes
We need the information in report result - because input data is already validated and in a format suitable for report, I would suggest to simply add this to root node
Additional: We should add the report UUID also automatically inside the report JSON - if not already available inside there
Additional thoughts
We could later