From ee08d33a5462f30cd37465c8561cf05aed7f9cc7 Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Tue, 14 Jul 2020 20:28:32 +0300 Subject: [PATCH 1/7] Add checkmarx scan github action --- .github/workflows/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..638e11a --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,18 @@ +on: + pull_request: + branches: + - master +# push: +jobs: + ast_scan: + runs-on: ubuntu-latest + name: Checkmarx scan run + steps: + - name: Run scan + uses: CheckmarxDev/ast-github-action@master + id: scan + with: + github_repo_token: ${{ secrets.GITHUB_TOKEN }} + ast_uri: ${{ secrets.AST_URI }} + ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }} + ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }} From 5641a41e407cf373550b68b8d5487c08bac5851a Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Tue, 14 Jul 2020 20:56:24 +0300 Subject: [PATCH 2/7] Increase scan timout --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 638e11a..7ca512f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,3 +16,4 @@ jobs: ast_uri: ${{ secrets.AST_URI }} ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }} ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }} + action_scan_complete_timeout_secs: 600 From 9c7ddd8524db08b8a87f56fd964f97738c5504b7 Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Tue, 14 Jul 2020 22:06:04 +0300 Subject: [PATCH 3/7] Add temp file --- high-vulnerability.js | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 high-vulnerability.js diff --git a/high-vulnerability.js b/high-vulnerability.js new file mode 100644 index 0000000..a398139 --- /dev/null +++ b/high-vulnerability.js @@ -0,0 +1,7 @@ +let output, websocket; + +function init() { + output = document.baseURI; + websocket = new WebSocket(output) +} + From 82f66b64d23b1aa0c7177365e130208646842310 Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Tue, 14 Jul 2020 22:19:07 +0300 Subject: [PATCH 4/7] Rename temp file --- high-vulnerability.js => high-vulnerability-1.js | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename high-vulnerability.js => high-vulnerability-1.js (100%) diff --git a/high-vulnerability.js b/high-vulnerability-1.js similarity index 100% rename from high-vulnerability.js rename to high-vulnerability-1.js From 9ff291ce0d126f5dfb93f07038c096beebd348c4 Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Tue, 14 Jul 2020 22:28:19 +0300 Subject: [PATCH 5/7] Change action configuration --- .github/workflows/main.yml | 3 +++ high-vulnerability-1.js | 7 ------- 2 files changed, 3 insertions(+), 7 deletions(-) delete mode 100644 high-vulnerability-1.js diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7ca512f..a0cb953 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,3 +17,6 @@ jobs: ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }} ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }} action_scan_complete_timeout_secs: 600 + high_results_threshold: 0 + medium_results_threshold: 0 + low_results_threshold: -1 diff --git a/high-vulnerability-1.js b/high-vulnerability-1.js deleted file mode 100644 index a398139..0000000 --- a/high-vulnerability-1.js +++ /dev/null @@ -1,7 +0,0 @@ -let output, websocket; - -function init() { - output = document.baseURI; - websocket = new WebSocket(output) -} - From 92f5e1793a3daf5132cd895e1c23432b86e150aa Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Wed, 15 Jul 2020 17:22:54 +0300 Subject: [PATCH 6/7] Rename workflow to cx.yml Add action badge --- .github/workflows/main.yml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index a0cb953..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -on: - pull_request: - branches: - - master -# push: -jobs: - ast_scan: - runs-on: ubuntu-latest - name: Checkmarx scan run - steps: - - name: Run scan - uses: CheckmarxDev/ast-github-action@master - id: scan - with: - github_repo_token: ${{ secrets.GITHUB_TOKEN }} - ast_uri: ${{ secrets.AST_URI }} - ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }} - ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }} - action_scan_complete_timeout_secs: 600 - high_results_threshold: 0 - medium_results_threshold: 0 - low_results_threshold: -1 From 8f2eb49072a36fbc042b02ece5a61be2d7e689d4 Mon Sep 17 00:00:00 2001 From: DavidCohen Date: Wed, 15 Jul 2020 17:46:19 +0300 Subject: [PATCH 7/7] Change cx action config --- .github/workflows/cx.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cx.yml b/.github/workflows/cx.yml index de6f7e3..b3da4e1 100644 --- a/.github/workflows/cx.yml +++ b/.github/workflows/cx.yml @@ -18,6 +18,6 @@ jobs: ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }} ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }} action_scan_complete_timeout_secs: 600 - high_results_threshold: -1 - medium_results_threshold: -1 + high_results_threshold: 0 + medium_results_threshold: 0 low_results_threshold: -1