Epic: Provide binary code scans

[company-jcup]

Situation

FindSecurityBugs can scan java class files - means binaries.

Currently we cannot use these kind of tools because we only support source code uploads

Wanted

We want to provide binary uploads and provide these information to dedicated products

Solution

• create concept
• define syntax format for configuration
• more...

[Jeeppler]

It should be possible to upload byte code/binary code for the code scan module.

Furthermore, there should be a new module for malware analysis. The reason, malware analysis requires different settings and will produce a very different report. However, both code scan and malware analysis require the ability to upload binary files.

[de-jcup]

• With Introduce data section inside sechub configuration file #1098 we will have a data section inside SecHub configuration model which gives us the possiblity to define and use source and also binary content via different scanTypes on same configuration (so only one upload).
• With A developer shall be able to upload binaries via REST #1154 we provide the upload to server side via REST
• With Client shall be able to upload binaries and handle binary upload content #1155 we provide the upload mechanism by client
• With Implement PDS execution for binaries on SecHub Server side #1286 the sechub server will provide the binaries to PDS side
• With Introduce Variables for PDS scripts to check if extracted sources or binaries are available #1308 the sechub server will automatically callculate and provide variables to easy identify if its a binary or source scan

[de-jcup]

We have done all issues, so I close this epic.