From 4193b3bdfdd9c76feecfd076d8404783221a3be2 Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Thu, 29 Sep 2022 11:32:20 +0100
Subject: [PATCH 01/12] Adding new yaml file with action example
---
code-scanning/checkmarx-one.yml | 40 +++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
create mode 100644 code-scanning/checkmarx-one.yml
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
new file mode 100644
index 0000000..89dcdd6
--- /dev/null
+++ b/code-scanning/checkmarx-one.yml
@@ -0,0 +1,40 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This is a basic workflow to help you get started with Using Checkmarx One Action
+
+name: Checkmarx Scan
+
+# Controls when the workflow will run
+on:
+ pull_request:
+ types: [opened, reopened, synchronize]
+ branches: [ $default-branch, $protected-branches ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "build"
+ build:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # This step checks out a copy of your repository.
+ - name: Checkout repository
+ uses: actions/checkout@v2
+ - name: Checkmarx scan
+ uses: checkmarx/ast-github-action@main
+ with:
+ base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx
+ cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+ cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+ cx_tenant: ${{ secrets.CX_TENANT }}
+ additional_params: --report-format sarif --output-path .
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: cx_result.sarif
\ No newline at end of file
From b2113622be8e2b2dbf9b32aa12af30faa65e5362 Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Thu, 29 Sep 2022 11:32:56 +0100
Subject: [PATCH 02/12] Add new properties file for Checkmarx
---
code-scanning/properties/checkmarx-one.properties.json | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 code-scanning/properties/checkmarx-one.properties.json
diff --git a/code-scanning/properties/checkmarx-one.properties.json b/code-scanning/properties/checkmarx-one.properties.json
new file mode 100644
index 0000000..f5ebef8
--- /dev/null
+++ b/code-scanning/properties/checkmarx-one.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Checkmarx",
+ "creator": "Checkmarx",
+ "description": "Beat vulnerabilities with more secure code.Scan your code with Checkmarx One and see results in the GitHub code scanning.",
+ "iconName": "checkmarx",
+ "categories": ["Code Scanning","code-quality", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
+}
\ No newline at end of file
From 4d24769f48db2cc2d8ae87ceb69c9f5a51b32e1e Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Thu, 29 Sep 2022 11:33:34 +0100
Subject: [PATCH 03/12] Update checkmarx.svg
---
icons/checkmarx.svg | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg
index 6bf5ad3..ab11dad 100644
--- a/icons/checkmarx.svg
+++ b/icons/checkmarx.svg
@@ -1,14 +1 @@
-
-
-
+
From 3031cebead8b924c888e3d7b36340bdf4f9db1df Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Thu, 29 Sep 2022 11:35:25 +0100
Subject: [PATCH 04/12] Update checkmarx.svg
---
icons/checkmarx.svg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg
index ab11dad..899b3bc 100644
--- a/icons/checkmarx.svg
+++ b/icons/checkmarx.svg
@@ -1 +1 @@
-
+
From a66a1979359eb8f01c0b728469a7c62868fa9b30 Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Wed, 12 Oct 2022 16:05:01 +0100
Subject: [PATCH 05/12] Update checkmarx-one.yml
---
code-scanning/checkmarx-one.yml | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
index 89dcdd6..ffa8d85 100644
--- a/code-scanning/checkmarx-one.yml
+++ b/code-scanning/checkmarx-one.yml
@@ -3,7 +3,8 @@
# separate terms of service, privacy policy, and support
# documentation.
-# This is a basic workflow to help you get started with Using Checkmarx One Action
+# This is a basic workflow to help you get started with Using Checkmarx One Action,
+# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html
name: Checkmarx Scan
@@ -24,17 +25,17 @@ jobs:
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Checkmarx scan
uses: checkmarx/ast-github-action@main
with:
- base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx
- cx_client_id: ${{ secrets.CX_CLIENT_ID }}
- cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
- cx_tenant: ${{ secrets.CX_TENANT }}
+ base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One
+ cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
+ cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
+ cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
additional_params: --report-format sarif --output-path .
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
- sarif_file: cx_result.sarif
\ No newline at end of file
+ sarif_file: cx_result.sarif
From 4076f8b8dab71a2b12de6816f8f16f2f508dcdac Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Wed, 12 Oct 2022 16:20:46 +0100
Subject: [PATCH 06/12] Update checkmarx-one.yml
---
code-scanning/checkmarx-one.yml | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
index ffa8d85..262ed55 100644
--- a/code-scanning/checkmarx-one.yml
+++ b/code-scanning/checkmarx-one.yml
@@ -14,10 +14,18 @@ on:
types: [opened, reopened, synchronize]
branches: [ $default-branch, $protected-branches ]
+permissions:
+ contents: read
+
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif
+
# The type of runner that the job will run on
runs-on: ubuntu-latest
@@ -26,7 +34,8 @@ jobs:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v3
- - name: Checkmarx scan
+ # This step creates the Checkmarx One scan
+ - name: Checkmarx One scan
uses: checkmarx/ast-github-action@main
with:
base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One
From 0376d797710c37d032bd06418de4a56775c03882 Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Wed, 12 Oct 2022 16:48:51 +0100
Subject: [PATCH 07/12] Update checkmarx.svg
---
icons/checkmarx.svg | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg
index 899b3bc..fbdc9f3 100644
--- a/icons/checkmarx.svg
+++ b/icons/checkmarx.svg
@@ -1 +1,12 @@
-
+
+
+
From b646c9c97cd4a2e9ed23bc609e2cae25e04effb9 Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Mon, 17 Oct 2022 14:24:31 +0100
Subject: [PATCH 08/12] Update checkmarx-one.yml
---
code-scanning/checkmarx-one.yml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
index 262ed55..e666ddd 100644
--- a/code-scanning/checkmarx-one.yml
+++ b/code-scanning/checkmarx-one.yml
@@ -3,6 +3,11 @@
# separate terms of service, privacy policy, and support
# documentation.
+# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow.
+# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository
+# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling
+# scan customization using the full functionality and flexibility of the CLI tool.
+
# This is a basic workflow to help you get started with Using Checkmarx One Action,
# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html
From cef3397932c8d0fa8bf0b0d10b0e662d6d3208a9 Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Thu, 20 Oct 2022 15:14:03 +0100
Subject: [PATCH 09/12] Update checkmarx-one.yml
---
code-scanning/checkmarx-one.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml
index e666ddd..d85c0c5 100644
--- a/code-scanning/checkmarx-one.yml
+++ b/code-scanning/checkmarx-one.yml
@@ -41,7 +41,7 @@ jobs:
uses: actions/checkout@v3
# This step creates the Checkmarx One scan
- name: Checkmarx One scan
- uses: checkmarx/ast-github-action@main
+ uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
with:
base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One
cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
From b56cd5718e3a1f4ab9c35471b8a7fd4db9569fbf Mon Sep 17 00:00:00 2001
From: Mohammed Asif <87167426+asifadn9@users.noreply.github.com>
Date: Thu, 27 Oct 2022 16:59:58 +0530
Subject: [PATCH 10/12] Update apisec-scan.yml
---
code-scanning/apisec-scan.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml
index 5a9b751..fc09be3 100644
--- a/code-scanning/apisec-scan.yml
+++ b/code-scanning/apisec-scan.yml
@@ -53,7 +53,7 @@ jobs:
steps:
- name: APIsec scan
- uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
+ uses: apisec-inc/apisec-run-scan@f748a240d69ca6cd7e9532fd0a47bec4ccd6a73c
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
From 84381b5f5ca76d70f5041ab1b484b4e8bf267c7b Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Thu, 3 Nov 2022 17:29:01 +0000
Subject: [PATCH 11/12] Update checkmarx-one.properties.json
---
code-scanning/properties/checkmarx-one.properties.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/code-scanning/properties/checkmarx-one.properties.json b/code-scanning/properties/checkmarx-one.properties.json
index f5ebef8..c1b2eea 100644
--- a/code-scanning/properties/checkmarx-one.properties.json
+++ b/code-scanning/properties/checkmarx-one.properties.json
@@ -3,5 +3,5 @@
"creator": "Checkmarx",
"description": "Beat vulnerabilities with more secure code.Scan your code with Checkmarx One and see results in the GitHub code scanning.",
"iconName": "checkmarx",
- "categories": ["Code Scanning","code-quality", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
-}
\ No newline at end of file
+ "categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
+}
From ad25137ca3ada5e5c710879bb33862cb3f6c9edd Mon Sep 17 00:00:00 2001
From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com>
Date: Mon, 7 Nov 2022 10:21:52 -0600
Subject: [PATCH 12/12] Update checkmarx.svg
---
icons/checkmarx.svg | 81 +++++++++++++++++++++++++++++++++++++++------
1 file changed, 71 insertions(+), 10 deletions(-)
diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg
index fbdc9f3..7c5b4d9 100644
--- a/icons/checkmarx.svg
+++ b/icons/checkmarx.svg
@@ -1,12 +1,73 @@
-
-
-