Merge branch 'master' into execLogChanges

cmd/checkmarxOneExecuteScan.go

@@ -419,6 +419,9 @@ func (c *checkmarxOneExecuteScanHelper) CreateScanRequest(incremental bool, uplo
 	}
 
 	branch := c.config.Branch
+	if len(branch) == 0 && len(c.config.GitBranch) > 0 {
+		branch = c.config.GitBranch
+	}
 	if len(c.config.PullRequestName) > 0 {
 		branch = fmt.Sprintf("%v-%v", c.config.PullRequestName, c.config.Branch)
 	}

cmd/detectExecuteScan.go

@@ -624,7 +624,11 @@ func createVulnerabilityReport(config detectExecuteScanOptions, vulns *bd.Vulner
 		CounterHeader: "Entry#",
 	}
 
-	vulnItems := vulns.Items
+	var vulnItems []bd.Vulnerability
+	if vulns != nil {
+		vulnItems = vulns.Items
+	}
+
 	sort.Slice(vulnItems, func(i, j int) bool {
 		return vulnItems[i].OverallScore > vulnItems[j].OverallScore
 	})
@@ -716,7 +720,12 @@ func postScanChecksAndReporting(ctx context.Context, config detectExecuteScanOpt
 	errorsOccured := []string{}
 	vulns, err := getVulnerabilitiesWithComponents(config, influx, sys)
 	if err != nil {
-		return errors.Wrap(err, "failed to fetch vulnerabilities")
+		if config.GenerateReportsForEmptyProjects &&
+			strings.Contains(err.Error(), "No Components found for project version") {
+			log.Entry().Debug(err.Error())
+		} else {
+			return errors.Wrap(err, "failed to fetch vulnerabilities")
+		}
 	}
 
 	if config.CreateResultIssue && len(config.GithubToken) > 0 && len(config.GithubAPIURL) > 0 && len(config.Owner) > 0 && len(config.Repository) > 0 {

pkg/checkmarxone/cxjson_to_sarif.go

@@ -20,6 +20,7 @@ func ConvertCxJSONToSarif(sys System, serverURL string, scanResults *[]ScanResul
 	sarif.Version = "2.1.0"
 	var checkmarxRun format.Runs
 	checkmarxRun.ColumnKind = "utf16CodeUnits"
+	checkmarxRun.Results = make([]format.Results, 0)
 	sarif.Runs = append(sarif.Runs, checkmarxRun)
 	rulesArray := []format.SarifRule{}
 
@@ -226,7 +227,17 @@ func ConvertCxJSONToSarif(sys System, serverURL string, scanResults *[]ScanResul
 		if r.VulnerabilityDetails.CweId != 0 {
 			rule.Properties.Tags = append(rule.Properties.Tags, fmt.Sprintf("external/cwe/cwe-%d", r.VulnerabilityDetails.CweId))
 		}
-		rulesArray = append(rulesArray, rule)
+
+		match := false
+		for _, r := range rulesArray {
+			if r.ID == rule.ID {
+				match = true
+				break
+			}
+		}
+		if !match {
+			rulesArray = append(rulesArray, rule)
+		}
 	}
 
 	// Handle driver object
@@ -237,7 +248,7 @@ func ConvertCxJSONToSarif(sys System, serverURL string, scanResults *[]ScanResul
 
 	// TODO: a way to fetch/store the version
 	tool.Driver.Version = "1" //strings.Split(cxxml.CheckmarxVersion, "V ")
-	tool.Driver.InformationUri = "https://checkmarx.com/resource/documents/en/34965-68571-viewing-results.html"
+	tool.Driver.InformationUri = "https://checkmarx.com/resource/documents/en/34965-165898-results-details-per-scanner.html"
 	tool.Driver.Rules = rulesArray
 	sarif.Runs[0].Tool = tool
 

resources/metadata/checkmarxOneExecuteScan.yaml

@@ -127,6 +127,17 @@ spec:
           - STAGES
           - STEPS
         type: string
+      - name: gitBranch
+        description: "Set the GitHub repository branch."
+        resourceRef:
+          - name: commonPipelineEnvironment
+            param: github/branch
+        scope:
+          - GENERAL
+          - PARAMETERS
+          - STAGES
+          - STEPS
+        type: string
       - name: clientSecret
         type: string
         description: The clientSecret to authenticate using a service account

resources/metadata/detectExecuteScan.yaml

@@ -257,6 +257,15 @@ spec:
           - STEPS
           - STAGES
           - PARAMETERS
+      - name: generateReportsForEmptyProjects
+        type: bool
+        default: false
+        description:
+          "If enabled, it will generate reports for empty projects. This could be useful to see the compliance reports in Sirius"
+        scope:
+          - STEPS
+          - STAGES
+          - PARAMETERS
       - name: pomPath
         type: string
         description: Path to the pom file which should be installed including all children.