From a109039a5450237e077be24cf6f9e236390f5ee5 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Thu, 28 Jul 2022 23:42:13 -0400 Subject: [PATCH 01/11] sarif output test --- .github/workflows/sarif-output.yml | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/sarif-output.yml diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml new file mode 100644 index 0000000..26f2c74 --- /dev/null +++ b/.github/workflows/sarif-output.yml @@ -0,0 +1,35 @@ +# This is a basic workflow to help you get started with Actions + +name: Sarif + +# Controls when the workflow will run +on: + push: + branches: + - sarif-output + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # This step checks out a copy of your repository. + - name: Checkout repository + uses: actions/checkout@v2 + - name: Checkmarx scan + uses: checkmarx/ast-github-action@AST-12645-pr-decoration-from-gh-action + with: + base_uri: https://ast-master-components.dev.cxast.net/ + cx_client_id: ${{ secrets.CX_CLIENT_ID }} + cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} + cx_tenant: master_tenant + additional_params: --report-format sarif --output-path . + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cx_result.sarif \ No newline at end of file From a1a5d003356a786eeb25bafcfd04bdf5d7ae15e7 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Fri, 29 Jul 2022 13:31:36 -0400 Subject: [PATCH 02/11] change action version --- .github/workflows/sarif-output.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index 26f2c74..fbb0af9 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -4,9 +4,11 @@ name: Sarif # Controls when the workflow will run on: - push: + pull_request: + types: [opened, reopened, synchronize] branches: - - sarif-output + - master + - main # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -21,7 +23,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Checkmarx scan - uses: checkmarx/ast-github-action@AST-12645-pr-decoration-from-gh-action + uses: checkmarx/ast-github-action@2.0.7 with: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} From 31f708d6aaf31abc5a8ba14facb399514cc16a18 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:09:34 -0400 Subject: [PATCH 03/11] change action version and tenant --- .github/workflows/sarif-output.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index fbb0af9..793c8cb 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: Sarif +name: Checkmarx Sarif Integration # Controls when the workflow will run on: @@ -23,12 +23,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Checkmarx scan - uses: checkmarx/ast-github-action@2.0.7 + uses: checkmarx/ast-github-action@latest with: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: master_tenant + cx_tenant: ${{ secrets.CX_TENANT }} additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 From 0921de54b462396cdb777470696da9ddd9588575 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:10:41 -0400 Subject: [PATCH 04/11] and action version --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index 793c8cb..4f14377 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -23,7 +23,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Checkmarx scan - uses: checkmarx/ast-github-action@latest + uses: checkmarx/ast-github-action@2.0.7 with: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} From da860714e03ca491e0d7bdc1f36b9353131ac3df Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:16:12 -0400 Subject: [PATCH 05/11] add tenant --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index 4f14377..be76736 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -28,7 +28,7 @@ jobs: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: ${{ secrets.CX_TENANT }} + cx_tenant: master_tenant additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 From 419482cbd2abcdb3aee69c931c7801d7d688ee8e Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:20:19 -0400 Subject: [PATCH 06/11] add tenant env variable --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index be76736..4f14377 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -28,7 +28,7 @@ jobs: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: master_tenant + cx_tenant: ${{ secrets.CX_TENANT }} additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 From 02b13b84ecea395b3898b2660f7f38c1d4362dad Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:22:41 -0400 Subject: [PATCH 07/11] CHANGE tenant env variable --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index 4f14377..cae2b18 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -28,7 +28,7 @@ jobs: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: ${{ secrets.CX_TENANT }} + cx_tenant: ${{ secrets.CX_CLIENT_TENANT }} additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 From cfd1bf1ee41464bd439f5a1198a092bf477a9e55 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:27:25 -0400 Subject: [PATCH 08/11] CHANGE tenant env variable --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index cae2b18..be76736 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -28,7 +28,7 @@ jobs: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: ${{ secrets.CX_CLIENT_TENANT }} + cx_tenant: master_tenant additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 From 7abfbc6a22a4843662685f7446b72701fc98e918 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:43:57 -0400 Subject: [PATCH 09/11] CHANGE tenant env variable --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index be76736..4f14377 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -28,7 +28,7 @@ jobs: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} - cx_tenant: master_tenant + cx_tenant: ${{ secrets.CX_TENANT }} additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 From 8d5074791b506bc6276fe46ce995446d9154b680 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:48:18 -0400 Subject: [PATCH 10/11] CHANGE action version to Latest --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index 4f14377..861e2a3 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -23,7 +23,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Checkmarx scan - uses: checkmarx/ast-github-action@2.0.7 + uses: checkmarx/ast-github-action@Latest with: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }} From 45d49712fa6a8e1f7b7d65f1d2032df011987ce3 Mon Sep 17 00:00:00 2001 From: Jay Nanduri Date: Tue, 2 Aug 2022 09:50:36 -0400 Subject: [PATCH 11/11] CHANGE action version to main --- .github/workflows/sarif-output.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sarif-output.yml b/.github/workflows/sarif-output.yml index 861e2a3..9c3f8f2 100644 --- a/.github/workflows/sarif-output.yml +++ b/.github/workflows/sarif-output.yml @@ -23,7 +23,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Checkmarx scan - uses: checkmarx/ast-github-action@Latest + uses: checkmarx/ast-github-action@main with: base_uri: https://ast-master-components.dev.cxast.net/ cx_client_id: ${{ secrets.CX_CLIENT_ID }}