From 06274b2fa19f8a9739e7c61605f1906481605dba Mon Sep 17 00:00:00 2001
From: Aslesha Nargolkar
 <210685454+cx-aslesha-nargolkar@users.noreply.github.com>
Date: Tue, 17 Jun 2025 15:16:33 +0100
Subject: [PATCH 1/5] Create main.yml

---
 .github/workflows/main.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/workflows/main.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..33e5c8c
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,18 @@
+name: Checkmarx DAST Github Action
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  checkmarx:
+  # You may pin to the exact commit or the version.
+    uses: Checkmarx/ast-github-action@2.0.23
+    with:
+          cx_client_id: ${{ secrets.OAUTH_CLIENT }}
+          cx_client_secret: ${{ secrets.OAUTH_SECRET }}
+          cx_tenant: 'aslesha-sedemo'
+          cx_base_uri: 'https://eu-2.ast.checkmarx.net/'
+        
+          

From 02ae5cb76935a00eb96964c843388aa12790d5b1 Mon Sep 17 00:00:00 2001
From: Aslesha Nargolkar
 <210685454+cx-aslesha-nargolkar@users.noreply.github.com>
Date: Tue, 17 Jun 2025 15:29:51 +0100
Subject: [PATCH 2/5] Update main.yml

---
 .github/workflows/main.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 33e5c8c..e8a9e69 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -3,13 +3,16 @@ name: Checkmarx DAST Github Action
 on:
   pull_request:
     branches:
-      - main
+      - master
 
 jobs:
-  checkmarx:
-  # You may pin to the exact commit or the version.
-    uses: Checkmarx/ast-github-action@2.0.23
-    with:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    # You may pin to the exact commit or the version.
+      - name: Checkmarx AST Github Action
+        uses: checkmarx/ast-github-action@main
+        with:
           cx_client_id: ${{ secrets.OAUTH_CLIENT }}
           cx_client_secret: ${{ secrets.OAUTH_SECRET }}
           cx_tenant: 'aslesha-sedemo'

From ca8e11272b6c48a7fd3f23ea6bd1937798a9d210 Mon Sep 17 00:00:00 2001
From: Aslesha Nargolkar
 <210685454+cx-aslesha-nargolkar@users.noreply.github.com>
Date: Wed, 18 Jun 2025 10:32:26 +0100
Subject: [PATCH 3/5] Update sarif output template

---
 .github/workflows/main.yml | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e8a9e69..dd31635 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,21 +1,37 @@
-name: Checkmarx DAST Github Action
+# This is a basic workflow to help you get started with Actions
 
+name: Checkmarx Sarif Integration
+
+# Controls when the workflow will run
 on:
   pull_request:
+    types: [opened, reopened, synchronize]
     branches:
       - master
+      - main
 
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
+  # This workflow contains a single job called "build"
   build:
+    # The type of runner that the job will run on
     runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    # You may pin to the exact commit or the version.
-      - name: Checkmarx AST Github Action
+      # This step checks out a copy of your repository.
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Checkmarx scan
         uses: checkmarx/ast-github-action@main
         with:
           cx_client_id: ${{ secrets.OAUTH_CLIENT }}
           cx_client_secret: ${{ secrets.OAUTH_SECRET }}
           cx_tenant: 'aslesha-sedemo'
           cx_base_uri: 'https://eu-2.ast.checkmarx.net/'
-        
-          
+          additional_params: --report-format sarif --output-path .
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: cx_result.sarif

From 4a97bca2187153e9ad033735d8bddff090fd5682 Mon Sep 17 00:00:00 2001
From: Aslesha Nargolkar
 <210685454+cx-aslesha-nargolkar@users.noreply.github.com>
Date: Wed, 18 Jun 2025 10:36:09 +0100
Subject: [PATCH 4/5] Update patch branch

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index dd31635..b59ccf1 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,7 +8,7 @@ on:
     types: [opened, reopened, synchronize]
     branches:
       - master
-      - main
+      - cx-aslesha-nargolkar-patch-1
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:

From 81bbcccd353c45a65879a500eb6e80dfd5383051 Mon Sep 17 00:00:00 2001
From: Aslesha Nargolkar
 <210685454+cx-aslesha-nargolkar@users.noreply.github.com>
Date: Wed, 18 Jun 2025 10:56:05 +0100
Subject: [PATCH 5/5] Update for failed scan

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b59ccf1..1b1b36e 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -28,7 +28,7 @@ jobs:
           cx_client_id: ${{ secrets.OAUTH_CLIENT }}
           cx_client_secret: ${{ secrets.OAUTH_SECRET }}
           cx_tenant: 'aslesha-sedemo'
-          cx_base_uri: 'https://eu-2.ast.checkmarx.net/'
+          base_uri: https://eu-2.ast.checkmarx.net
           additional_params: --report-format sarif --output-path .
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2