Sourcehawk is an extensible compliance as code tool which allows development teams to run compliance scans on their source code.
Home Page: https://optum.github.io/sourcehawk
License: GNU General Public License v3.0
Sourcehawk is an extensible compliance as code tool which allows development teams to run compliance scans on their source code.
https://optum.github.io/sourcehawk/#_installation
https://optum.github.io/sourcehawk/#_commands
https://optum.github.io/sourcehawk-docs
If you wish to contribute to the development of Sourcehawk please read CONTRIBUTING.md for more information.
maven.MavenDependencies enforcer does not resolve transitive dependencies
Support glob, i.e. **/*.*, etc.. for path matching files in the repository
Rename sourcehawk.links to links
Scans are failing with errors due to projects not existing on server side.
Error: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project sourcehawk: Could not find a default branch to fall back on. -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project sourcehawk: Could not find a default branch to fall back on.
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.apache.maven.wrapper.BootstrapMainStarter.start (BootstrapMainStarter.java:39)
at org.apache.maven.wrapper.WrapperExecutor.execute (WrapperExecutor.java:122)
at org.apache.maven.wrapper.MavenWrapperMain.main (MavenWrapperMain.java:50)
Caused by: org.apache.maven.plugin.MojoExecutionException: Could not find a default branch to fall back on.
at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:67)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:104)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.apache.maven.wrapper.BootstrapMainStarter.start (BootstrapMainStarter.java:39)
at org.apache.maven.wrapper.WrapperExecutor.execute (WrapperExecutor.java:122)
at org.apache.maven.wrapper.MavenWrapperMain.main (MavenWrapperMain.java:50)
Caused by: org.sonar.api.utils.MessageException: Could not find a default branch to fall back on.
install failed.
# curl -sL https://raw.githubusercontent.com/optum/sourcehawk/main/install-linux.sh | bash
Downloading Sourcehawk binary...
Installing...
/usr/bin/sourcehawk: line 1: Not: command not found
/usr/bin/sourcehawk: line 1: Not: command not found
# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
# bash -x install-linux.sh
++ curl -sI https://github.com/optum/sourcehawk/releases/latest
++ grep -i location
++ awk -F/ '{ printf "%s", $NF }'
++ tr -d '\r\n'
+ VERSION=v0.5.0socket-worker-5029ae85.js
++ uname -m
+ ARCH=x86_64
+ DOWNLOAD_URL=https://github.com/optum/sourcehawk/releases/download/v0.5.0socket-worker-5029ae85.js/sourcehawk-linux-x86_64
+ INSTALL_LOCATION=/usr/bin
+ INSTALL_PATH=/usr/bin/sourcehawk
+ '[' '!' -w /usr/bin ']'
+ echo 'Downloading Sourcehawk binary...'
Downloading Sourcehawk binary...
+ curl -sLk https://github.com/optum/sourcehawk/releases/download/v0.5.0socket-worker-5029ae85.js/sourcehawk-linux-x86_64 -o /usr/bin/sourcehawk
+ echo Installing...
Installing...
+ chmod +x /usr/bin/sourcehawk
+ sourcehawk -V
/usr/bin/sourcehawk: line 1: Not: command not found
+ sourcehawk --help
/usr/bin/sourcehawk: line 1: Not: command not found
When upgrading to Sourcehawk 0.7.1, the binary is not executable, and then when chmod +x,:
Zsh
zsh: exec format error: sourcehawk
Bash
bash: /usr/local/bin/sourcehawk: cannot execute binary file
Add support for scanning remote Gitlab repositories
Assuming I want to validate a particular yaml or json file against a schema. If I have a webservice that accepts a payload with the yaml/json, the web service returns a 2XX for succes and 4xx for failure, Sourcehawk could record the result appropriately. This would open many doors for possible scans/validations.
Consider the below scenario.
The desired outcome is that org/repob config locations would be evaluated as https://raw.githubusercontent.com/org/repob/.sourcehawk/config.yml
sourcehawk.yml
config-locations:
- https://raw.githubusercontent.com/org/repob/sourcehawk.ymlsourcehawk.yml
config-locations:
- .sourcehawk/config.yml.sourcehawk/config.yml
Add support for scanning remote Github repositories
https://optum.github.io/sourcehawk-docs/docs/protocols/file/enforcers/common#contentsequal
Instead of hard-coding content in configuration, reference a URL (such as Github RAW)
Implement logging for fix results.
Need to output warnings when the scan has no errors and passed, but only has warnings.
sourcehawk/enforcer/file/maven/pom.xml
Lines 28 to 30 in 072cb4e
Recommended upgrade version:3.8.1
There are a log of enforcers for HAS but none for NOT HAS.
Need a container registry within Optum Github packages in order to push builder docker images.
https://github.com/orgs/Optum/packages
Github Docs:
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
Add support for scanning remote Bitbucket repositories
Airbrake error: #3830
Airbrake project: sourcehawk
Error type: java.lang.IllegalStateException
Error message: Airbrake demo - Brian Wyka
Where: <no information>
Occurred at: Mar 04, 2022 16:54:21 UTC
First seen at: Mar 04, 2022 16:54:20 UTC
Occurrences: 12 (0 since last deploy on <no information>)
Severity: error
URL: <no information>
File: classes/com/optum/sourcehawk/cli/Sourcehawk.class
Backtrace:
classes/com/optum/sourcehawk/cli/Sourcehawk.class:50:in main
com.optum.sourcehawk.cli.Sourcehawk$main:-1:in call
test-classes/com/optum/sourcehawk/cli/SourcehawkSpec.class:52:in $spock_feature_1_3
jdk.internal.reflect.NativeMethodAccessorImpl:-2:in invoke0
jdk.internal.reflect.NativeMethodAccessorImpl:62:in invoke
jdk.internal.reflect.DelegatingMethodAccessorImpl:43:in invoke
java.lang.reflect.Method:566:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/util/ReflectionUtil.class:198:in invokeMethod
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/model/MethodInfo.class:47:in lambda$new$0
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/model/MethodInfo.class:148:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:409:in invokeRaw
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:392:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:326:in runFeatureMethod
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/IterationNode.class:48:in execute
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/IterationNode.class:11:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:139:in lambda$executeRecursively$5
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/ThrowableCollector.class:73:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:129:in lambda$executeRecursively$7
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/SpockNode.class:40:in sneakyInvoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/IterationNode.class:63:in lambda$around$0
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:238:in lambda$createMethodInfoForDoRunIteration$5
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/model/MethodInfo.class:148:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:409:in invokeRaw
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:392:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:220:in runIteration
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/IterationNode.class:63:in around
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/IterationNode.class:11:in around
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:127:in lambda$executeRecursively$8
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/ThrowableCollector.class:73:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:126:in executeRecursively
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:84:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/SameThreadHierarchicalTestExecutorService.class:32:in submit
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask$DefaultDynamicTestExecutor.class:212:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask$DefaultDynamicTestExecutor.class:192:in execute
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/ParameterizedFeatureChildExecutor.class:53:in execute
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformParameterizedSpecRunner.class:186:in runIterations
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformParameterizedSpecRunner.class:45:in runParameterizedFeature
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/ParameterizedFeatureNode.class:40:in execute
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/ParameterizedFeatureNode.class:16:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:139:in lambda$executeRecursively$5
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/ThrowableCollector.class:73:in execute
junit-platform-engine-1.7.2.jar!/org/junit/platform/engine/support/hierarchical/NodeTestTask.class:129:in lambda$executeRecursively$7
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/SpockNode.class:40:in sneakyInvoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/FeatureNode.class:29:in lambda$around$0
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:201:in lambda$createMethodInfoForDoRunFeature$4
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/model/MethodInfo.class:148:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:409:in invokeRaw
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:392:in invoke
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/PlatformSpecRunner.class:194:in runFeature
spock-core-2.0-groovy-3.0.jar!/org/spockframework/runtime/FeatureNode.class:29:in around
...
Visit Airbrake error to view the full backtrace.
Has been recently hanging indefinitely on builds for no reason
Currently only supports static value not regex
if (fromToken.getImage().equals(expectedFromImage)) {
return EnforcerResult.passed();
}Example error today:
Error: **/*attribution.txt :: Error enforcing file protocol: glob patterns can only be used when there is at least one enforcer
Need to update https://github.com/Optum/sourcehawk-docs
This feature should work just like the maven flatten pom where all remote hierarchy configs are YAML merged down to the single output that will be used.
Should support output to:
Add support for scanning remote SourceForge repositories
<configuration>
<excludes>
<exclude>module-info.class</exclude>
</excludes>
</configuration>Add ability to scan infrastructure or rules that interrogate remote assets, ports, hosts
By default don't fail scan on warnings, allow this to be configurable.
File name: sourcehawk.toml
config-locations = [
"https://raw.githubusercontent.com/optum/sourcehawk-parent/.sourcehawk/config.toml"
]
[[file-protocols]]
repository-path = "lombok.config"
severity = "ERROR"
[[file-protocols.enforcers]]
enforcer = "STRING_PROPERTY_EQUALS"
name = "config.stopBubbling"
value = true
[[file-protocols.enforcers]]
enforcer = "string-property-equals"
name = "lombok.addLombokGeneratedAnnotation"
value = trueCodecov report publish to codecov.io is failing
Bintray will be decommissioned, so need to update scripts to deploy packages to Artifactory OSS.
https://www.jfrog.com/confluence/display/BT/JFrog+Bintray+Migration+Guide
https://www.jfrog.com/confluence/display/JFROG/Migrating+to+the+JFrog+Artifactory+API+and+CLI
Need to replace tests that reference remote config locations with mock server implementations to avoid flaky tests.
For example:
config-locations:
- https://raw.githubusercontent.com/optum/sourcehawk-parent/main/.sourcehawk/config.yml
Would be replaced with:
config-locations:
- http://localhost:8080/optum/sourcehawk-parent/main/.sourcehawk/config.yml
And a mock server would be setup during test to respond with required content...
All commands to be exposed to maven should provide a [Command]Executor so calling from Maven plugin is easier
The windows executable should be created.
The native-image jar needs to be build with Java11 and the GraalVM Java11 distro needs to be used to compile it into a native-image.
Necessary github worfklows are already defined (and commented out).
Upgrade from java 8 to java 11
Similar to the scan command, support glob pattern matching when performing a fix command.
Implementation to be completed here:
sourcehawk/exec/src/main/java/com/optum/sourcehawk/exec/FixExecutor.java
Lines 101 to 115 in 62cb614
Comparable example:
sourcehawk/exec/src/main/java/com/optum/sourcehawk/exec/ScanExecutor.java
Lines 114 to 128 in 62cb614
Add the javabrake dependency through your IDE or directly to your pom.xml file:
<dependency>
<groupId>io.airbrake</groupId>
<artifactId>javabrake</artifactId>
<version>0.2.3</version>
</dependency>Add javabrake to your Gradle dependencies:
compile 'io.airbrake:javabrake:0.2.3'
Add javabrake to your Ivy dependencies:
<dependency org='io.airbrake' name='javabrake' rev='0.2.3'>
<artifact name='javabrake' ext='pom'></artifact>
</dependency>Import the javabrake library and copy the three configuration lines into your
app to send all uncaught exceptions to Airbrake:
(You can find your project ID and API key in your project's settings)
// Import the library:
import io.airbrake.javabrake.Notifier;
public class ExampleApp {
public static void main(String[] args) {
// Copy configuration lines:
int projectId = <Your project ID>;
String projectKey = "<Your project API KEY>";
Notifier notifier = new Notifier(projectId, projectKey);
}
}Example of reporting a caught exception:
try {
int i = 1/0;
} catch (ArithmeticException e) {
notifier.report(e);
}Visit our official GitHub repo for advanced information and integrations like log4j, log4j2, and logback.
The following error is produced on a MacBook M1 when running
docker run -v "$(pwd):/home/sourcehawk" optumopensource/sourcehawk:0.6.0 scan
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.