From 4193b3bdfdd9c76feecfd076d8404783221a3be2 Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Thu, 29 Sep 2022 11:32:20 +0100 Subject: [PATCH 01/12] Adding new yaml file with action example --- code-scanning/checkmarx-one.yml | 40 +++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 code-scanning/checkmarx-one.yml diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml new file mode 100644 index 0000000..89dcdd6 --- /dev/null +++ b/code-scanning/checkmarx-one.yml @@ -0,0 +1,40 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This is a basic workflow to help you get started with Using Checkmarx One Action + +name: Checkmarx Scan + +# Controls when the workflow will run +on: + pull_request: + types: [opened, reopened, synchronize] + branches: [ $default-branch, $protected-branches ] + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # This step checks out a copy of your repository. + - name: Checkout repository + uses: actions/checkout@v2 + - name: Checkmarx scan + uses: checkmarx/ast-github-action@main + with: + base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx + cx_client_id: ${{ secrets.CX_CLIENT_ID }} + cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} + cx_tenant: ${{ secrets.CX_TENANT }} + additional_params: --report-format sarif --output-path . + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cx_result.sarif \ No newline at end of file From b2113622be8e2b2dbf9b32aa12af30faa65e5362 Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Thu, 29 Sep 2022 11:32:56 +0100 Subject: [PATCH 02/12] Add new properties file for Checkmarx --- code-scanning/properties/checkmarx-one.properties.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 code-scanning/properties/checkmarx-one.properties.json diff --git a/code-scanning/properties/checkmarx-one.properties.json b/code-scanning/properties/checkmarx-one.properties.json new file mode 100644 index 0000000..f5ebef8 --- /dev/null +++ b/code-scanning/properties/checkmarx-one.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Checkmarx", + "creator": "Checkmarx", + "description": "Beat vulnerabilities with more secure code.Scan your code with Checkmarx One and see results in the GitHub code scanning.", + "iconName": "checkmarx", + "categories": ["Code Scanning","code-quality", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"] +} \ No newline at end of file From 4d24769f48db2cc2d8ae87ceb69c9f5a51b32e1e Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Thu, 29 Sep 2022 11:33:34 +0100 Subject: [PATCH 03/12] Update checkmarx.svg --- icons/checkmarx.svg | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg index 6bf5ad3..ab11dad 100644 --- a/icons/checkmarx.svg +++ b/icons/checkmarx.svg @@ -1,14 +1 @@ - - - - - - + From 3031cebead8b924c888e3d7b36340bdf4f9db1df Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Thu, 29 Sep 2022 11:35:25 +0100 Subject: [PATCH 04/12] Update checkmarx.svg --- icons/checkmarx.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg index ab11dad..899b3bc 100644 --- a/icons/checkmarx.svg +++ b/icons/checkmarx.svg @@ -1 +1 @@ - + From a66a1979359eb8f01c0b728469a7c62868fa9b30 Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Wed, 12 Oct 2022 16:05:01 +0100 Subject: [PATCH 05/12] Update checkmarx-one.yml --- code-scanning/checkmarx-one.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index 89dcdd6..ffa8d85 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -3,7 +3,8 @@ # separate terms of service, privacy policy, and support # documentation. -# This is a basic workflow to help you get started with Using Checkmarx One Action +# This is a basic workflow to help you get started with Using Checkmarx One Action, +# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html name: Checkmarx Scan @@ -24,17 +25,17 @@ jobs: steps: # This step checks out a copy of your repository. - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Checkmarx scan uses: checkmarx/ast-github-action@main with: - base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx - cx_client_id: ${{ secrets.CX_CLIENT_ID }} - cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: ${{ secrets.CX_TENANT }} + base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One + cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e + cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e + cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository - sarif_file: cx_result.sarif \ No newline at end of file + sarif_file: cx_result.sarif From 4076f8b8dab71a2b12de6816f8f16f2f508dcdac Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Wed, 12 Oct 2022 16:20:46 +0100 Subject: [PATCH 06/12] Update checkmarx-one.yml --- code-scanning/checkmarx-one.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index ffa8d85..262ed55 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -14,10 +14,18 @@ on: types: [opened, reopened, synchronize] branches: [ $default-branch, $protected-branches ] +permissions: + contents: read + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" build: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif + # The type of runner that the job will run on runs-on: ubuntu-latest @@ -26,7 +34,8 @@ jobs: # This step checks out a copy of your repository. - name: Checkout repository uses: actions/checkout@v3 - - name: Checkmarx scan + # This step creates the Checkmarx One scan + - name: Checkmarx One scan uses: checkmarx/ast-github-action@main with: base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One From 0376d797710c37d032bd06418de4a56775c03882 Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Wed, 12 Oct 2022 16:48:51 +0100 Subject: [PATCH 07/12] Update checkmarx.svg --- icons/checkmarx.svg | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg index 899b3bc..fbdc9f3 100644 --- a/icons/checkmarx.svg +++ b/icons/checkmarx.svg @@ -1 +1,12 @@ - + + + + + + + + + + + + From b646c9c97cd4a2e9ed23bc609e2cae25e04effb9 Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Mon, 17 Oct 2022 14:24:31 +0100 Subject: [PATCH 08/12] Update checkmarx-one.yml --- code-scanning/checkmarx-one.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index 262ed55..e666ddd 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -3,6 +3,11 @@ # separate terms of service, privacy policy, and support # documentation. +# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow. +# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository +# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling +# scan customization using the full functionality and flexibility of the CLI tool. + # This is a basic workflow to help you get started with Using Checkmarx One Action, # documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html From cef3397932c8d0fa8bf0b0d10b0e662d6d3208a9 Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Thu, 20 Oct 2022 15:14:03 +0100 Subject: [PATCH 09/12] Update checkmarx-one.yml --- code-scanning/checkmarx-one.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index e666ddd..d85c0c5 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v3 # This step creates the Checkmarx One scan - name: Checkmarx One scan - uses: checkmarx/ast-github-action@main + uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc with: base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e From b56cd5718e3a1f4ab9c35471b8a7fd4db9569fbf Mon Sep 17 00:00:00 2001 From: Mohammed Asif <87167426+asifadn9@users.noreply.github.com> Date: Thu, 27 Oct 2022 16:59:58 +0530 Subject: [PATCH 10/12] Update apisec-scan.yml --- code-scanning/apisec-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml index 5a9b751..fc09be3 100644 --- a/code-scanning/apisec-scan.yml +++ b/code-scanning/apisec-scan.yml @@ -53,7 +53,7 @@ jobs: steps: - name: APIsec scan - uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993 + uses: apisec-inc/apisec-run-scan@f748a240d69ca6cd7e9532fd0a47bec4ccd6a73c with: # The APIsec username with which the scans will be executed apisec-username: ${{ secrets.apisec_username }} From 84381b5f5ca76d70f5041ab1b484b4e8bf267c7b Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Thu, 3 Nov 2022 17:29:01 +0000 Subject: [PATCH 11/12] Update checkmarx-one.properties.json --- code-scanning/properties/checkmarx-one.properties.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/properties/checkmarx-one.properties.json b/code-scanning/properties/checkmarx-one.properties.json index f5ebef8..c1b2eea 100644 --- a/code-scanning/properties/checkmarx-one.properties.json +++ b/code-scanning/properties/checkmarx-one.properties.json @@ -3,5 +3,5 @@ "creator": "Checkmarx", "description": "Beat vulnerabilities with more secure code.Scan your code with Checkmarx One and see results in the GitHub code scanning.", "iconName": "checkmarx", - "categories": ["Code Scanning","code-quality", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"] -} \ No newline at end of file + "categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"] +} From ad25137ca3ada5e5c710879bb33862cb3f6c9edd Mon Sep 17 00:00:00 2001 From: Tiago Baptista <92083272+tiagobcx@users.noreply.github.com> Date: Mon, 7 Nov 2022 10:21:52 -0600 Subject: [PATCH 12/12] Update checkmarx.svg --- icons/checkmarx.svg | 81 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 71 insertions(+), 10 deletions(-) diff --git a/icons/checkmarx.svg b/icons/checkmarx.svg index fbdc9f3..7c5b4d9 100644 --- a/icons/checkmarx.svg +++ b/icons/checkmarx.svg @@ -1,12 +1,73 @@ - - - + + - - - - - - - + + + + + + + + + + + + + +