Skip to content

Update checkmarx.yml #140

Update checkmarx.yml

Update checkmarx.yml #140

Workflow file for this run

name: CxFlow
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '39 15 * * 1'
permissions:
contents: read
jobs:
build:
name: CHECKMARX
permissions:
contents: read
issues: write
pull-requests: write
security-events: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Node.js environment
uses: actions/[email protected]
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/[email protected]
env:
SCA_SCARESOLVERADDPARAMETERS_CUSTOM-PARAMETER : "--gradle-parameters=-Paws.codeartifact.username=abc -Paws.codeartifact.token=bcd"
SCA_SCARESOLVERADDPARAMETERS_LOG-LEVEL : Debug
JIRA_FIELDS_0_JIRA_DEFAULT_VALUE : APPSEC-2371
JIRA_FIELDS_0_JIRA_FIELD_NAME : "Epic Link"
JIRA_FIELDS_0_JIRA_FIELD_TYPE : text
JIRA_FIELDS_0_TYPE : static
with:
project: ${{ github.repository }}-PR
team: ${{ secrets.CHECKMARX_TEAMS }}
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
scanners: sast
extra_certificates: ${{ secrets.CERT }}
break_build: true
bug_tracker: WAIT
sca_api_url: ${{ secrets.SCA_API_URL }}
sca_app_url: ${{ secrets.SCA_APP_URL }}
sca_access_control_url: ${{ secrets.SCA_ACCESS_CONTROL_URL }}
sca_tenant: ${{ secrets.SCA_TENANT }}
sca_username: ${{ secrets.SCA_USERNAME }}
sca_password: ${{ secrets.SCA_PASSWORD }}
jira_url : 'https://kedarbhujade.atlassian.net'
jira_username : '[email protected]'
jira_token : ${{ secrets.JIRA_TOKEN }}
jira_project : 'APPSEC'
jira_issue_type : 'Bug'
jira_open_transition : 'In Progress'
jira_close_transition : 'Done'
jira_open_status : 'Selected for Development,In Progress'
jira_closed_status : 'Done'
params: '--github --namespace=${{ github.repository_owner }} --checkmarx.settings-override=true --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --merge-id=${{ github.event.number }} --logging.level.com.checkmarx.*=DEBUG --cx-flow.filterSeverity --cx-flow.filterCategory'