From b97bdc48854648c6547e62fbc73ef84551f7dfce Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:12:26 -0500 Subject: [PATCH 01/16] Create checkmarx-sca-scan-on-pr.yml --- .../workflows/checkmarx-sca-scan-on-pr.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/checkmarx-sca-scan-on-pr.yml diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml new file mode 100644 index 0000000..6fc6a46 --- /dev/null +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -0,0 +1,40 @@ +# This workflow is to automate Checkmarx SCA scans. It runs on a push to the main branch. +# +# The following GitHub Secrets must be first defined: +# - CHECKMARX_SCA_USERNAME +# - CHECKMARX_SCA_PASSWORD +## +# The following variables must be inserted below: +# - +# - +# +# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action + +name: Checkmarx SCA Scan (Pull Request) +on: + pull_request: + types: [opened, reopened, synchronize] # Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation. + branches: + - master + - main + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Checkmarx CxFlow Action + uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version + with: + project: # <-- Insert Checkmarx CxSCA Project Name + sca_api_url: https://api.scacheckmarx.com + sca_app_url: https://sca.scacheckmarx.com + sca_access_control_url: https://platform.checkmarx.net + sca_tenant: SCA-Champions # <-- Insert Checkmarx CxSCA Tenant + sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets. + sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. + break_build: false + scanners: sca + bug_tracker: GITHUBPULL + params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} From b14cde3e70b77358360f6dffde65f66fdd543b32 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:13:08 -0500 Subject: [PATCH 02/16] Create checkmarx-sca-scan-on-push.yml --- .../workflows/checkmarx-sca-scan-on-push.yml | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/checkmarx-sca-scan-on-push.yml diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml new file mode 100644 index 0000000..3f042b1 --- /dev/null +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -0,0 +1,39 @@ +# This workflow is to automate Checkmarx SCA scans. It runs on a push to the main branch. +# +# The following GitHub Secrets must be first defined: +# - CHECKMARX_SCA_USERNAME +# - CHECKMARX_SCA_PASSWORD +## +# The following variables must be inserted below: +# - +# - +# +# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action + +name: Checkmarx SCA Scan (Push) +on: + push: + branches: + - main + - master + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Checkmarx CxFlow Action + uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version + with: + project: # <-- Insert Checkmarx CxSCA Project Name + sca_api_url: https://api.scacheckmarx.com + sca_app_url: https://sca.scacheckmarx.com + sca_access_control_url: https://platform.checkmarx.net + sca_tenant: SCA-Champions # <-- Insert Checkmarx CxSCA Tenant + sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets. + sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. + break_build: false + scanners: sca + bug_tracker: GitHub + params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From bcb60c2595a4493fd07267e7ab855057ba819ee8 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:14:24 -0500 Subject: [PATCH 03/16] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 3f042b1..97c0f31 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -26,11 +26,11 @@ jobs: - name: Checkmarx CxFlow Action uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version with: - project: # <-- Insert Checkmarx CxSCA Project Name + project: RyanW_SCA_Enablement_Lab sca_api_url: https://api.scacheckmarx.com sca_app_url: https://sca.scacheckmarx.com sca_access_control_url: https://platform.checkmarx.net - sca_tenant: SCA-Champions # <-- Insert Checkmarx CxSCA Tenant + sca_tenant: SCA-Champions sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets. sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. break_build: false From 18ba34dc8f8e2221fa42d2c2f1cce2fc49a4ac1a Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:15:17 -0500 Subject: [PATCH 04/16] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index 6fc6a46..e906bb0 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -27,11 +27,11 @@ jobs: - name: Checkmarx CxFlow Action uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version with: - project: # <-- Insert Checkmarx CxSCA Project Name + project: RyanW_SCA_Enablement_Lab sca_api_url: https://api.scacheckmarx.com sca_app_url: https://sca.scacheckmarx.com sca_access_control_url: https://platform.checkmarx.net - sca_tenant: SCA-Champions # <-- Insert Checkmarx CxSCA Tenant + sca_tenant: SCA-Champions sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets. sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. break_build: false From a30205ded901c4b6e110d88f034d626a6da4ac29 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:16:01 -0500 Subject: [PATCH 05/16] Update footer.jsp --- src/main/webapp/footer.jsp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/webapp/footer.jsp b/src/main/webapp/footer.jsp index 02cfeec..57a0b58 100644 --- a/src/main/webapp/footer.jsp +++ b/src/main/webapp/footer.jsp @@ -5,8 +5,8 @@

Copyrights © Cyber Security & Privacy Foundation

- + - \ No newline at end of file + From 0cb5ce56f883218c45ea6fb8c120b9a2db3e47d0 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:23:02 -0500 Subject: [PATCH 06/16] Update footer.jsp --- src/main/webapp/footer.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/webapp/footer.jsp b/src/main/webapp/footer.jsp index 57a0b58..9f168b5 100644 --- a/src/main/webapp/footer.jsp +++ b/src/main/webapp/footer.jsp @@ -1,5 +1,5 @@ - +
From 9dd6687c7ca044ef041bb846477411fb38348c0c Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:27:07 -0500 Subject: [PATCH 07/16] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 97c0f31..a56d28c 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -36,4 +36,4 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + params: --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From c90013830a84c4f97a4f2bbd2d98d7be8e91fb1d Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:29:38 -0500 Subject: [PATCH 08/16] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index a56d28c..bdba0a4 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -36,4 +36,4 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + params: --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From 6b23c0cb443a123c7e454792493fee1137966a55 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:32:23 -0500 Subject: [PATCH 09/16] Update checkmarx-sca-scan-on-push.yml From 19ffe8882b05f0c3934c93073881b375cd320f43 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:36:32 -0500 Subject: [PATCH 10/16] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index e906bb0..82f64d9 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -37,4 +37,4 @@ jobs: break_build: false scanners: sca bug_tracker: GITHUBPULL - params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} + params: --sca.thresholds-score=8.5 --github.block-merge=true --github.error-merge=true --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} From 9798357292c70248c2da383bcae4c5957843ac02 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:39:34 -0500 Subject: [PATCH 11/16] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index bdba0a4..db4c086 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -36,4 +36,5 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + params: --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + From b021d04324588ca54bb1d0e8cc053de843592a0d Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:41:50 -0500 Subject: [PATCH 12/16] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index db4c086..47d07ba 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -36,5 +36,4 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} - + params: --sca.includeSources=true --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From 08a3e134172b136265966d29244c1c27b00e0269 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Tue, 8 Jun 2021 13:46:47 -0500 Subject: [PATCH 13/16] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 47d07ba..ac28db3 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -26,7 +26,7 @@ jobs: - name: Checkmarx CxFlow Action uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version with: - project: RyanW_SCA_Enablement_Lab + project: RyanW_SCA_Enablement_Lab_2 sca_api_url: https://api.scacheckmarx.com sca_app_url: https://sca.scacheckmarx.com sca_access_control_url: https://platform.checkmarx.net @@ -36,4 +36,4 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --sca.includeSources=true --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + params: --sca.team-for-new-projects='/CxServer/SCA-PM/Champions/SamQbush' --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From afa4fd1d8c28c48e97ad1b73b60eac9634b1c563 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Mon, 14 Jun 2021 14:39:09 -0500 Subject: [PATCH 14/16] Update Register.jsp --- src/main/webapp/Register.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/webapp/Register.jsp b/src/main/webapp/Register.jsp index 2a7c086..2be535d 100644 --- a/src/main/webapp/Register.jsp +++ b/src/main/webapp/Register.jsp @@ -48,4 +48,4 @@ -<%@ include file="footer.jsp" %> \ No newline at end of file +<%@ include file="footer.jsp" %> From 7638c323438e48e681306df24a5096172c006d29 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Mon, 14 Jun 2021 14:52:44 -0500 Subject: [PATCH 15/16] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index 82f64d9..1e61be1 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -37,4 +37,4 @@ jobs: break_build: false scanners: sca bug_tracker: GITHUBPULL - params: --sca.thresholds-score=8.5 --github.block-merge=true --github.error-merge=true --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} + params: --github.block-merge=true --github.error-merge=true --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} From a0075f7dcb478f08bc9b21ea73523c8d6d1c26e6 Mon Sep 17 00:00:00 2001 From: CxRW <85182216+CxRW@users.noreply.github.com> Date: Mon, 14 Jun 2021 14:55:34 -0500 Subject: [PATCH 16/16] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index 1e61be1..5659ae3 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -37,4 +37,4 @@ jobs: break_build: false scanners: sca bug_tracker: GITHUBPULL - params: --github.block-merge=true --github.error-merge=true --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} + params: --codebash-url='true' --github.error-merge=true --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }}