Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add clone scan by commit hash/ID, tag or reference #792

Open
cx-scord opened this issue Jul 27, 2021 · 1 comment
Open

Add clone scan by commit hash/ID, tag or reference #792

cx-scord opened this issue Jul 27, 2021 · 1 comment
Assignees
@jbrotsos
Labels
enhancement New feature or request

Comments

@cx-scord
Copy link
Contributor

Describe the problem

It should be possible to clone scan a codebase using CxFflow CLI with --github, --gitlab, etc., (that fetches code directly from the repository into CxSAST using a project's source code Location) using a specific commit hash id or commit tag/reference to fetch a specific codebase to scan.

Proposed solution

Add parameters like --commit-hash-id=<COMMIT_HASH> or --commit-ref=<COMMIT_TAG_OR_REFERENCE> when clone scanning with CxFlow CLI using the --github or any other clone scan tag available (like --gitlab) to fetch a specific codebase to scan.

Adding those parameters should also enforce setting the commit hash and/or tag on the ScanRequest object to be able to use them on groovy scripts to allow using those commit hashes and tags to explicitly add scan comments or changing project names.

Another parameter suggestion to avoid using Groovy scripts and simplifying the process to add commit related scan comments would be to add a --commit-info-on-scan-comment=<all|ref|commit-hash> that would add the commit reference (full branch path like "refs/heads/master" or tag), the commit hash or both to the scan comment in the form of -<COMMIT_HASH>" or just "Ref: <COMMIT_TAG_OR_REFERENCE>" or "Commit ID: <COMMIT_HASH>", or probably something simpler like --commit-hash-on-scan-comment=<true|false> and --commit-ref-on-scan-comment=<true|false> that would add information of the commits on a different line of the scan comment, similar to this:

image

Additional details

The context is allowing ad-hoc scanning, SCMs and other automation servers like Jenkins, Bamboo, TeamCity, etc, to scan specific codebases using a commit hash or tag.

Having #732 and #733 implemented first or at the same time as this feature would be great to be able to clone scan all CxFlow supported SCMs.
@cx-scord cx-scord added the enhancement New feature or request label Jul 27, 2021
@cx-scord cx-scord changed the title Add clone scan by commit hash/ID. tag or reference Add clone scan by commit hash/ID, tag or reference Jul 27, 2021
@jbrotsos jbrotsos self-assigned this Jul 29, 2021
@jbrotsos jbrotsos added this to the Parking Lot milestone Aug 13, 2021
@jbrotsos jbrotsos removed this from the Parking Lot milestone Mar 5, 2022
@satyamchaurasiapersistent
Copy link
Contributor

we have added --comment Field (https://github.com/checkmarx-ltd/cx-flow/wiki/Configuration) user can append all information in comments as string.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jbrotsos jbrotsos

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbrotsos @cx-scord @satyamchaurasiapersistent