From bf6bc0b94d33da2bd6132d81ee80c94ada5f2251 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Sat, 7 May 2022 12:12:38 +0300
Subject: [PATCH 01/23] Update b.java
---
test/b.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/b.java b/test/b.java
index 4d1c070..94d14fe 100644
--- a/test/b.java
+++ b/test/b.java
@@ -22,3 +22,4 @@ public static void testData () {
out.println (userData);
printSanitizedName(userData);
}
+#PR
From 31e17107fb579d85b0d64bfdbe83394f7b94be12 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Sat, 7 May 2022 19:55:41 +0300
Subject: [PATCH 02/23] Update pom.xml
---
pom.xml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/pom.xml b/pom.xml
index 92ef26b..79f3d5f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -144,3 +144,5 @@
+
+#PR
From 68ff4aad607eb189d773fc5c7addf015431b7bd8 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 13 Jun 2022 14:25:23 +0300
Subject: [PATCH 03/23] Create codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 72 +++++++++++++++++++++++++++
1 file changed, 72 insertions(+)
create mode 100644 .github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..9ed2bce
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ "main" ]
+ schedule:
+ - cron: '23 22 * * 4'
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'java' ]
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v2
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # If the Autobuild fails above, remove it and uncomment the following three lines.
+ # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+ # - run: |
+ # echo "Run, Build Application using script"
+ # ./location_of_script_within_repo/buildscript.sh
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
From ebd468159082d51892eb1aabcf78caca280126ec Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 13 Jun 2022 14:27:57 +0300
Subject: [PATCH 04/23] Update codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9ed2bce..f45615f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -12,13 +12,7 @@
name: "CodeQL"
on:
- push:
- branches: [ "main" ]
- pull_request:
- # The branches below must be a subset of the branches above
- branches: [ "main" ]
- schedule:
- - cron: '23 22 * * 4'
+ workflow_dispatch:
jobs:
analyze:
@@ -32,7 +26,7 @@ jobs:
strategy:
fail-fast: false
matrix:
- language: [ 'java' ]
+ language: [ 'java', 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
From 312a72385f91e6c7bd3eca7090c1557c8a1f3320 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 9 Aug 2022 19:41:23 +0300
Subject: [PATCH 05/23] Update codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 89 +++++++++------------------
1 file changed, 30 insertions(+), 59 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f45615f..fae13c2 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,66 +1,37 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
+# This is a basic workflow to help you get started with Actions
+name: Checkmarx Sarif Integration
+
+# Controls when the workflow will run
on:
- workflow_dispatch:
+ pull_request:
+ types: [opened, reopened, synchronize]
+ branches:
+ - master
+ - main
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
- analyze:
- name: Analyze
+ # This workflow contains a single job called "build"
+ build:
+ # The type of runner that the job will run on
runs-on: ubuntu-latest
- permissions:
- actions: read
- contents: read
- security-events: write
-
- strategy:
- fail-fast: false
- matrix:
- language: [ 'java', 'javascript' ]
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
- # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+ # Steps represent a sequence of tasks that will be executed as part of the job
steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
- with:
- languages: ${{ matrix.language }}
- # If you wish to specify custom queries, you can do so here or in a config file.
- # By default, queries listed here will override any specified in a config file.
- # Prefix the list here with "+" to use these queries and those in the config file.
-
- # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
- # queries: security-extended,security-and-quality
-
-
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- # If this step fails, then you should remove it and run the build manually (see below)
- - name: Autobuild
- uses: github/codeql-action/autobuild@v2
-
- # âšī¸ Command-line programs to run using the OS shell.
- # đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
- # If the Autobuild fails above, remove it and uncomment the following three lines.
- # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
- # - run: |
- # echo "Run, Build Application using script"
- # ./location_of_script_within_repo/buildscript.sh
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ # This step checks out a copy of your repository.
+ - name: Checkout repository
+ uses: actions/checkout@v2
+ - name: Checkmarx scan
+ uses: checkmarx/ast-github-action@main
+ with:
+ base_uri: https://ast-master-components.dev.cxast.net/
+ cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+ cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+ cx_tenant: ${{ secrets.CX_TENANT }}
+ additional_params: --report-format sarif --output-path .
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: cx_result.sarif
From 82cd159fe35a6dcf163555dbac3ee6c80f4894b2 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 9 Aug 2022 19:45:21 +0300
Subject: [PATCH 06/23] Update codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index fae13c2..6217bc4 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -25,7 +25,7 @@ jobs:
- name: Checkmarx scan
uses: checkmarx/ast-github-action@main
with:
- base_uri: https://ast-master-components.dev.cxast.net/
+ base_uri: https://deu.ast.checkmarx.net/
cx_client_id: ${{ secrets.CX_CLIENT_ID }}
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
cx_tenant: ${{ secrets.CX_TENANT }}
From db90c27e514ed639afb5ec24cf4374c792b729fd Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 9 Aug 2022 19:59:59 +0300
Subject: [PATCH 07/23] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 8742f77..12e93c9 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,2 @@
# GH Demo
+main
From 5eb45e95b05e170efd51db34159d618f3aaf65f3 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Wed, 7 Sep 2022 12:16:44 +0300
Subject: [PATCH 08/23] Update pom.xml
---
pom.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/pom.xml b/pom.xml
index 79f3d5f..bf7f522 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,6 +139,11 @@
1.7.7
jar
+
+ com.github.codingandcoding
+ servlet-api
+ 3.2.0
+
From 6064f5183dd4bd939b099469884cf82767d68738 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 13 Dec 2022 19:56:16 +0200
Subject: [PATCH 09/23] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 12e93c9..3807fb0 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,3 @@
# GH Demo
main
+test
From 37ebbca7b7729e08c70b926ab7c379b0b2c599ca Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 10 Jan 2023 11:46:43 +0200
Subject: [PATCH 10/23] Set up CI with Azure Pipelines
[skip ci]
---
azure-pipelines.yml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
create mode 100644 azure-pipelines.yml
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 0000000..b6d9a4e
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,29 @@
+# Docker
+# Build a Docker image
+# https://docs.microsoft.com/azure/devops/pipelines/languages/docker
+
+trigger:
+- main
+
+resources:
+- repo: self
+
+variables:
+ tag: '$(Build.BuildId)'
+
+stages:
+- stage: Build
+ displayName: Build image
+ jobs:
+ - job: Build
+ displayName: Build
+ pool:
+ vmImage: ubuntu-latest
+ steps:
+ - task: Docker@2
+ displayName: Build an image
+ inputs:
+ command: build
+ dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
+ tags: |
+ $(tag)
From 52afddbb28d59659094b0432339b1e047f1abb80 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 27 Feb 2023 12:48:16 +0200
Subject: [PATCH 11/23] Create Feedbackapp.yml
---
.github/workflows/Feedbackapp.yml | 34 +++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
create mode 100644 .github/workflows/Feedbackapp.yml
diff --git a/.github/workflows/Feedbackapp.yml b/.github/workflows/Feedbackapp.yml
new file mode 100644
index 0000000..390510a
--- /dev/null
+++ b/.github/workflows/Feedbackapp.yml
@@ -0,0 +1,34 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Checkmarx Sarif Integration
+
+# Controls when the workflow will run
+on: [push,pull_request,workflow_dispatch]
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "build"
+ build:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # This step checks out a copy of your repository.
+ - name: Checkout repository
+ uses: actions/checkout@v2
+ - name: Checkmarx scan
+ uses: checkmarx/ast-github-action@main
+ with:
+ base_uri: https://ast-master-components.dev.cxast.net/
+ cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+ cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+ cx_tenant: ${{ secrets.CX_TENANT }}
+ additional_params: --project-tags 'feedback_assignee:Yoav ast' --tags 'feedback_assignee:Vered Shahar'
+
+
+
+
+
+
+
+
From a927c2ab59ab5407f59a48805fdb3fdcc553f7e9 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 27 Feb 2023 12:49:27 +0200
Subject: [PATCH 12/23] Update Feedbackapp.yml
---
.github/workflows/Feedbackapp.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/Feedbackapp.yml b/.github/workflows/Feedbackapp.yml
index 390510a..98592d8 100644
--- a/.github/workflows/Feedbackapp.yml
+++ b/.github/workflows/Feedbackapp.yml
@@ -1,6 +1,6 @@
# This is a basic workflow to help you get started with Actions
-name: Checkmarx Sarif Integration
+name: feedbackapp
# Controls when the workflow will run
on: [push,pull_request,workflow_dispatch]
@@ -23,7 +23,7 @@ jobs:
cx_client_id: ${{ secrets.CX_CLIENT_ID }}
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
cx_tenant: ${{ secrets.CX_TENANT }}
- additional_params: --project-tags 'feedback_assignee:Yoav ast' --tags 'feedback_assignee:Vered Shahar'
+ additional_params: --project-tags 'feedback_assignee:Yoav ast' --tags 'feedback_assignee:Vered Shahar' --debug
From 27350ae4025c26236097ebb689276df656658600 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 27 Feb 2023 14:15:43 +0200
Subject: [PATCH 13/23] Update Feedbackapp.yml
---
.github/workflows/Feedbackapp.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/Feedbackapp.yml b/.github/workflows/Feedbackapp.yml
index 98592d8..5256cac 100644
--- a/.github/workflows/Feedbackapp.yml
+++ b/.github/workflows/Feedbackapp.yml
@@ -23,7 +23,7 @@ jobs:
cx_client_id: ${{ secrets.CX_CLIENT_ID }}
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
cx_tenant: ${{ secrets.CX_TENANT }}
- additional_params: --project-tags 'feedback_assignee:Yoav ast' --tags 'feedback_assignee:Vered Shahar' --debug
+ additional_params: --project-tags 'feedback-assignee:Yoav ast' --tags 'feedback-assignee:Vered Shahar' --debug
From 13309493ea9fe8a1b9c01321190bf499a4bb30d7 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Thu, 13 Apr 2023 11:47:22 +0300
Subject: [PATCH 14/23] Update codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 6217bc4..35e4326 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -3,12 +3,7 @@
name: Checkmarx Sarif Integration
# Controls when the workflow will run
-on:
- pull_request:
- types: [opened, reopened, synchronize]
- branches:
- - master
- - main
+on: [push,pull_request,workflow_dispatch]
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
From 3a805885a8157bb1460249af3ae2f2164b3a2dfa Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Thu, 13 Apr 2023 11:50:27 +0300
Subject: [PATCH 15/23] Update codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 35e4326..53a76c5 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -20,7 +20,7 @@ jobs:
- name: Checkmarx scan
uses: checkmarx/ast-github-action@main
with:
- base_uri: https://deu.ast.checkmarx.net/
+ base_uri: https://ast-master-components.dev.cxast.net/
cx_client_id: ${{ secrets.CX_CLIENT_ID }}
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
cx_tenant: ${{ secrets.CX_TENANT }}
From d2b456389a81d4910e9c3f79e24820ce8f746370 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Thu, 13 Apr 2023 12:31:50 +0300
Subject: [PATCH 16/23] Update codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 53a76c5..9e9041f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,7 +26,7 @@ jobs:
cx_tenant: ${{ secrets.CX_TENANT }}
additional_params: --report-format sarif --output-path .
- name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@v1
+ uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: cx_result.sarif
From 52adee10cef5385796144ef223eb6793e0ef173f Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 23 May 2023 15:01:13 +0300
Subject: [PATCH 17/23] Update azure-pipelines.yml for Azure Pipelines
---
azure-pipelines.yml | 47 +++++++++++++++++++--------------------------
1 file changed, 20 insertions(+), 27 deletions(-)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index b6d9a4e..beb1fa6 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -1,29 +1,22 @@
-# Docker
-# Build a Docker image
-# https://docs.microsoft.com/azure/devops/pipelines/languages/docker
+pool:
+ name: Azure Pipelines
-trigger:
-- main
+jobs:
+- job: Test
+ pool:
+ vmImage: 'windows-2019'
+ steps:
+ # - task: PowerShell@2
+ # env:
+ # CX_APIKEY: $(CX_APIKEY)
+ # inputs:
+ # targetType: 'inline'
+ # script: './cx.exe scan create -s . --project-name myadotest --branch main --debug'
-resources:
-- repo: self
-
-variables:
- tag: '$(Build.BuildId)'
-
-stages:
-- stage: Build
- displayName: Build image
- jobs:
- - job: Build
- displayName: Build
- pool:
- vmImage: ubuntu-latest
- steps:
- - task: Docker@2
- displayName: Build an image
- inputs:
- command: build
- dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
- tags: |
- $(tag)
+ - task: Checkmarx AST@2
+ inputs:
+ CheckmarxService: 'EU PROD21'
+ projectName: '$(Build.Repository.Name)'
+ branchName: '$(Build.SourceBranchName)'
+ tenantName: 'cxast_rnd_projects_scans'
+ additionalParams: '--debug'
\ No newline at end of file
From 8a97d37e05edb5e094b7016ea0c0e35b4d79737e Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Wed, 24 May 2023 00:14:46 +0300
Subject: [PATCH 18/23] Update azure-pipelines.yml for Azure Pipelines
---
azure-pipelines.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index beb1fa6..3b2b99b 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -15,7 +15,7 @@ jobs:
- task: Checkmarx AST@2
inputs:
- CheckmarxService: 'EU PROD21'
+ CheckmarxService: 'APIKEY'
projectName: '$(Build.Repository.Name)'
branchName: '$(Build.SourceBranchName)'
tenantName: 'cxast_rnd_projects_scans'
From b89447ba29223a8113926c05396d33a9611cd91a Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Wed, 24 May 2023 11:44:15 +0300
Subject: [PATCH 19/23] Update azure-pipelines.yml for Azure Pipelines
---
azure-pipelines.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 3b2b99b..557052e 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -15,8 +15,8 @@ jobs:
- task: Checkmarx AST@2
inputs:
- CheckmarxService: 'APIKEY'
+ CheckmarxService: 'CxONE'
projectName: '$(Build.Repository.Name)'
branchName: '$(Build.SourceBranchName)'
tenantName: 'cxast_rnd_projects_scans'
- additionalParams: '--debug'
\ No newline at end of file
+ additionalParams: '--debugg'
\ No newline at end of file
From 97d74473a8131368d7db36a2f1090b2031a0a204 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 30 May 2023 11:45:12 +0300
Subject: [PATCH 20/23] Update azure-pipelines.yml for Azure Pipelines
---
azure-pipelines.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 557052e..2b279e8 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -19,4 +19,4 @@ jobs:
projectName: '$(Build.Repository.Name)'
branchName: '$(Build.SourceBranchName)'
tenantName: 'cxast_rnd_projects_scans'
- additionalParams: '--debugg'
\ No newline at end of file
+ additionalParams: '--debug'
\ No newline at end of file
From 62ea6758e850deec9e04da3855b0c3bc1252def1 Mon Sep 17 00:00:00 2001
From: Yoavast <98748304+Yoavast@users.noreply.github.com>
Date: Tue, 30 May 2023 11:45:51 +0300
Subject: [PATCH 21/23] Update azure-pipelines.yml for Azure Pipelines
---
azure-pipelines.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 2b279e8..e8f7e64 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -18,5 +18,5 @@ jobs:
CheckmarxService: 'CxONE'
projectName: '$(Build.Repository.Name)'
branchName: '$(Build.SourceBranchName)'
- tenantName: 'cxast_rnd_projects_scans'
+ tenantName: ''
additionalParams: '--debug'
\ No newline at end of file
From 32a3364f32f1690c0becc53dd80437801ab03558 Mon Sep 17 00:00:00 2001
From: Yoav Ast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 28 Aug 2023 16:50:37 +0300
Subject: [PATCH 22/23] Create PR.yml
---
.github/workflows/PR.yml | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 .github/workflows/PR.yml
diff --git a/.github/workflows/PR.yml b/.github/workflows/PR.yml
new file mode 100644
index 0000000..7e092d8
--- /dev/null
+++ b/.github/workflows/PR.yml
@@ -0,0 +1,17 @@
+name: Checkmarx AST Scan
+on: [pull_request]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ - name: Checkmarx AST CLI Action
+ uses: checkmarx/ast-github-action@main #Github Action version
+ with:
+ base_uri: https://eu.ast.checkmarx.net/
+ cx_tenant: cx_ast_pm_yoav_ast
+ cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+ cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+ additional_params: --debug --scan-types sast
From a746cd455d46cce3af35fc85db24013bb5ec8439 Mon Sep 17 00:00:00 2001
From: Yoav Ast <98748304+Yoavast@users.noreply.github.com>
Date: Mon, 28 Aug 2023 16:55:42 +0300
Subject: [PATCH 23/23] Update PR.yml
---
.github/workflows/PR.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/PR.yml b/.github/workflows/PR.yml
index 7e092d8..9547056 100644
--- a/.github/workflows/PR.yml
+++ b/.github/workflows/PR.yml
@@ -14,4 +14,4 @@ jobs:
cx_tenant: cx_ast_pm_yoav_ast
cx_client_id: ${{ secrets.CX_CLIENT_ID }}
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
- additional_params: --debug --scan-types sast
+ additional_params: --debug --scan-types iac-security