DefenderForCodeOrg
diff --git a/‎.checkmarx/config.yml‎
Lines changed: 19 additions & 0 deletions b/‎.checkmarx/config.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.checkmarx/cx.config‎
Lines changed: 29 additions & 0 deletions b/‎.checkmarx/cx.config‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎.github/workflows/cxflow_checkmarx-issues.yml.back‎
Lines changed: 53 additions & 0 deletions b/‎.github/workflows/cxflow_checkmarx-issues.yml.back‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎.github/workflows/cxflow_checkmarx-pr.yml.back‎
Lines changed: 53 additions & 0 deletions b/‎.github/workflows/cxflow_checkmarx-pr.yml.back‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎.github/workflows/cxflow_checkmarx-sarif.yaml.back‎
Lines changed: 57 additions & 0 deletions b/‎.github/workflows/cxflow_checkmarx-sarif.yaml.back‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 38 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,19 @@
+version: 1
+
+# checkmarx-specific related configuration
+# every value in this section is optional 
+checkmarx: 
+  # configure the checkmarx scan parameters for scanning this specific project
+  scan:
+    # configure the checkmarx scan configurations for scanning this specific project
+    configs:
+      # configure the SAST related configurations this specific project
+      sast:
+        # configure the SAST preset name used for this specific project
+        #presetName: 'Checkmarx Default'
+         # configure if this specific project will be run incrementally or will it run a full scan 
+        #incremental: 'false'
+        languageMode: 'multi'
+        engineVerbose: 'true'
+      sca:
+      kics:
@@ -0,0 +1,29 @@
+{
+	"bugTracker": "JIRA",
+	"jira": {
+		"project": "CXFLOW",
+		"issue_type": "Bug",
+		"opened_status": ["Open","Reopen"],
+		"closed_status": ["Closed","Done"],
+		"open_transition": "Reopen Issue",
+		"close_transition": "Close Issue",
+		"close_transition_field": "resolution",
+		"close_transition_value": "Done",
+		"priorities": {
+			"High": "High",
+			"Medium": "Medium",
+			"Low": "Low"
+		},
+		"fields": [{
+			"type": "result",
+			"name": "application",
+			"jira_field_type": "label"
+			},
+			{
+			"type": "result",
+			"name": "category",
+			"jira_field_name": "Category",
+			"jira_field_type": "label"
+		}]
+	}
+}
@@ -0,0 +1,53 @@
+# This is a basic workflow to create GitHub Issues using the Checkmarx CxFlow GitHub Action.  It runs on a push to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USERNAME
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#   - GH_TOKEN
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: CxFlow-GitHub-Issue-Push
+# Controls when the action will run. Triggers the workflow on push or pull request events but only for the master branch
+on:
+  push:
+    branches:
+    - main
+    - master
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
+    runs-on: ubuntu-latest
+    # Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.4
+      with:
+        project: ${{ github.event.repository.name }}
+        team: /CxServer
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }}  # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}  # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}  # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}  # To be stored in GitHub Secrets.
+        sca_api_url: https://api.scacheckmarx.com
+        sca_app_url: https://sca.scacheckmarx.com
+        sca_access_control_url: https://platform.checkmarx.net
+        sca_tenant: SCA-champions  # <-- Insert Checkmarx CxSCA Tenant
+        sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets.
+        sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets.
+        break_build: false
+        github_token: ${{secrets.GH_TOKEN}}  # To be stored in GitHub Secrets.
+        incremental: false
+        scanners: sast, sca
+        bug_tracker: GitHub
+        params: --cx-flow.zip-exclude=".github/" --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }}
+
@@ -0,0 +1,53 @@
+# This is a basic workflow to create GitHub Issues using the Checkmarx CxFlow GitHub Action.  It runs on a pull-request to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USERNAME
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#   - GH_TOKEN
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation,including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: CxFlow-GitHub-Pull-Request
+
+# Controls when the action will run. Triggers the workflow on push or pull request events but only for the master branch
+on:
+  pull_request:
+    types: [opened, reopened, synchronize] #Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation.
+    branches:
+    - master
+    - main
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
+    runs-on: ubuntu-latest
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.4
+      with:
+        project: ${{ github.event.repository.name }}-${{ github.head_ref }}
+        team: /CxServer/cxflow/jbrotsos
+        preset: Checkmarx Default
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }}   # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}  # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}  # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}  # To be stored in GitHub Secrets.
+        sca_api_url: https://api.scacheckmarx.com
+        sca_app_url: https://sca.scacheckmarx.com
+        sca_access_control_url: https://platform.checkmarx.net
+        sca_tenant: SCA-champions  # <-- Insert Checkmarx CxSCA Tenant
+        sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets.
+        sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets.
+        incremental: false
+        break_build: false
+        scanners: sast, sca
+        bug_tracker: GitHubPull
+        params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} --checkmarx.setting-override=true  --sca.filter-severity=HIGH --cx-flow.filter-severity=High
@@ -0,0 +1,57 @@
+# This is a basic workflow to create GitHub Issues using the Checkmarx CxFlow GitHub Action.  It runs on a push to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USERNAME
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#   - GH_TOKEN
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: CxFlow-GitHub-Issue-Push
+# Controls when the action will run. Triggers the workflow on push or pull request events but only for the master branch
+on:
+  push:
+    branches:
+    - main
+    - master
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
+    runs-on: ubuntu-latest
+    # Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.4
+      with:
+        project: ${{ github.event.repository.name }}
+        team: /CxServer
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }}  # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}  # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}  # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}  # To be stored in GitHub Secrets.
+        sca_api_url: https://api.scacheckmarx.com
+        sca_app_url: https://sca.scacheckmarx.com
+        sca_access_control_url: https://platform.checkmarx.net
+        sca_tenant: SCA-champions  # <-- Insert Checkmarx CxSCA Tenant
+        sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets.
+        sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets.
+        github_token: ${{secrets.GH_TOKEN}}  # To be stored in GitHub Secrets.
+        incremental: false
+        scanners: sast, sca
+        bug_tracker: Sarif
+        params: --cx-flow.zip-exclude=".github/" --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --checkmarx.settings-override=true
+   
+    # Upload the Report for CodeQL/Security Alerts
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: cx.sarif
@@ -0,0 +1,38 @@
+FROM debian:9.2
+
+LABEL maintainer "opsxcq@strm.sh"
+
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    debconf-utils && \
+    echo mariadb-server mysql-server/root_password password vulnerables | debconf-set-selections && \
+    echo mariadb-server mysql-server/root_password_again password vulnerables | debconf-set-selections && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    apache2 \
+    mariadb-server \
+    php \
+    php-mysql \
+    php-pgsql \
+    php-pear \
+    php-gd \
+    && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY php.ini /etc/php5/apache2/php.ini
+COPY dvwa /var/www/html
+
+COPY config.inc.php /var/www/html/config/
+
+RUN chown www-data:www-data -R /var/www/html && \
+    rm /var/www/html/index.html
+
+RUN service mysql start && \
+    sleep 3 && \
+    mysql -uroot -pvulnerables -e "CREATE USER app@localhost IDENTIFIED BY 'vulnerables';CREATE DATABASE dvwa;GRANT ALL privileges ON dvwa.* TO 'app'@localhost;"
+
+EXPOSE 80
+
+COPY main.sh /
+ENTRYPOINT ["/main.sh"]
@@ -0,0 +1 @@
+# GH Demo