Skip to content

Commit

Permalink
Application Version Documentation update (#1274)
Browse files Browse the repository at this point in the history
* Application Version documentation update

* PDF Documentation

* Added Documents

* Version Update

---------

Co-authored-by: satyamchaurasiapersistent <[email protected]>
Co-authored-by: satyamchaurasiapersistent <[email protected]>
  • Loading branch information
3 people authored Sep 14, 2023
1 parent b935b2a commit 9cb4abb
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 22 deletions.
2 changes: 1 addition & 1 deletion build-11.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ buildscript {
ext {


CxSBSDK = "0.5.59"
CxSBSDK = "0.5.63"
ConfigProviderVersion = "1.0.9"
//cxVersion = "8.90.5"
springBootVersion = '2.7.14'
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
buildscript {
ext {

CxSBSDK = "0.5.59"
CxSBSDK = "0.5.63"
ConfigProviderVersion = "1.0.10"
//cxVersion = "8.90.5"
springBootVersion = '2.7.14'
Expand Down
38 changes: 38 additions & 0 deletions docs/Bug-Trackers-and-Feedback-Channels.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
* [CSV](#csv)
* [Email](#email)
* [NONE|WAIT](#none)
* [PDF](#pdf)

## <a name="data">Understanding the Data</a>
Checkmarx results are processed according to the following [scheme](https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/src/main/resources/samples/cx.xsd).
Expand Down Expand Up @@ -413,6 +414,7 @@ Valid options for `bug-tracker-impl` are currently the following ones:
* Rally
* ServiceNow
* Sarif
* PDF
## <a name="azure">Azure DevOps WorkItems</a>
Azure DevOps work items only supports an issue body/description. Custom/template field values are not available at present. The available issue-type values are built/tested around issue and impediment (Scrum)
Expand Down Expand Up @@ -829,6 +831,42 @@ The Scan completed successfully report receives the following objects:
- `issue.vulnerability`
- `issue.filename`

## <a name="pdf">PDF</a>
The PDF bug-tracker (defined as PDF) is useful, if you want to retrieve the latest scan results from Checkmarx per project, Team, or the entire instance. This is the original PDF report provided by Checkmarx. When using PDF with both CxSAST and CxSCA scanners enabled, two seprate reports will be generated, one for CxSAST report and one for CxSCA report.

CxSCA currently does not support `--batch` mode, but retrieving latest scan for a particular project (project mode) is still possible.


```
cxflow:
#zip-exclude: .*\.PNG
bug-tracker: PDF
bug-tracker-impl:
# - Azure
# - Csv
# - CxXml
# - CxXml
# - GitHub
# - GitLab
# - GitLabDashboard
# - GitLab
# - Rally
# - Json
- PDF
# -JIRA
# - SonarQube
# -GITHUBPULL
# -BITBUCKETCOMMIT

pdf:
file-name-format: checkmarx.PDF
data-folder: C:\\tmp

```
The file system path as well as the file naming format is required.
From above example if SAST and SCA both enabled then file will get created by name ```SAST_checkmarx.pdf``` and ```SCA_checkmarx.pdf```.
## <a name="none">NONE | WAIT</a>
If you want to trigger scans asynchronously, use **NONE**
If you want to trigger scans, but wait for feedback | summary console output, use **WAIT | wait**
2 changes: 1 addition & 1 deletion docs/CxSAST-Version-9.0.md → docs/CxSAST-Version-9.X.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* [How to create account in CxSAST](#accountcreation)
* [Roles required for CxFlow](#rolesforcxflow)

### <a name="nine">9.0 Configuration Changes</a>
### <a name="nine">9.x Configuration Changes</a>

**The Two Changes needed from 8.9:**
* Make sure to include **version: 9.0** (or higher) and **scope: access_control_api sast_rest_api**
Expand Down
16 changes: 8 additions & 8 deletions docs/Prerequisites-and-Requirements.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
The following applications are required:

| Software | Version | Notes |
| -------- |----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Java Runtime** | 8, 11 | Specific builds exist for both Java 8 and 11, or higher version. CxFlow can run anywhere with Java 1.8/11+ Runtime available. If user is using higher versions of JAVA they should append **Djava.locale.providers=COMPAT,CLDR** in JVM arguments in order to avoid **DateTimeParseException** |
| **CxSAST** | 8.8, 8.9, 9.x | CxFlow uses Checkmarx's REST APIs, available for version 8.8 and higher |
| **Jira** | 6.4, 7.x, 8.x, 9.x | Jira Cloud and Software have been tested |
| **GitHub** | Cloud and Enterprise supported versions | Both WebHook and Issue integration |
| **GitLab** | Cloud, Community and Enterprise supported versions | Both WebHook and Issue integration |
| **BitBucket** | Cloud, Server (version 7.2 and higher) | WebHook |
| Software | Version | Notes |
|------------------|----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Java Runtime** | 8, 11 ,17,18 | Specific builds exist for both Java 8 and 11, or higher version. CxFlow can run anywhere with Java 1.8/11+ Runtime available. If user is using higher versions of JAVA they should append **Djava.locale.providers=COMPAT,CLDR** in JVM arguments in order to avoid **DateTimeParseException** |
| **CxSAST** | 8.8, 8.9, 9.x | CxFlow uses Checkmarx's REST APIs, available for version 8.8 and higher |
| **Jira** | 6.4, 7.x, 8.x, 9.x | Jira Cloud and Software have been tested |
| **GitHub** | Cloud and Enterprise supported versions | Both WebHook and Issue integration |
| **GitLab** | Cloud, Community and Enterprise supported versions | Both WebHook and Issue integration |
| **BitBucket** | Cloud, Server (version 7.2 to 8.13 ) | WebHook |
| **Azure DevOps** | Cloud, Server 2019, TFS Server 2018 | Both WebHook and WorkItem integration |

## Additional Requirements
Expand Down
8 changes: 4 additions & 4 deletions docs/Thresholds-and-policies.md
Original file line number Diff line number Diff line change
Expand Up @@ -119,16 +119,16 @@ cxflow:
```
## <a name="directdependency">SCA : Direct dependency </a>
User can break build based on direct dependency vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section.
User can filter direct dependency vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section.
```yaml
sca:
filter-dependency-type: Direct
filter-out-InDirectdependency: true
```
Default value of filter-dependency-type is **All**.
## <a name="directdependency">SCA : Dev dependency</a>
User can filter out dev dependency vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section.
## <a name="directdependency">SCA : Dev & Test dependency</a>
User can filter out dev dependency & Test vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section.
```yaml
sca:
Expand Down
14 changes: 7 additions & 7 deletions src/main/java/com/checkmarx/flow/CxFlowRunner.java
Original file line number Diff line number Diff line change
Expand Up @@ -716,13 +716,13 @@ private boolean checkIfBreakBuild(ScanRequest request, ScanResults results) {

boolean breakBuildResult = false;

if(flowProperties.getEnabledVulnerabilityScanners()!=null){
if((flowProperties.getEnabledVulnerabilityScanners().stream().map(String::toLowerCase)
.collect(Collectors.toList()).contains("sca")) && thresholdValidator.thresholdsExceededDirectNDEVDependency(request, results)){
log.info("Build failed because some direct dependency issues were found.");
breakBuildResult = true;
}
}
// if(flowProperties.getEnabledVulnerabilityScanners()!=null){
// if((flowProperties.getEnabledVulnerabilityScanners().stream().map(String::toLowerCase)
// .collect(Collectors.toList()).contains("sca")) && thresholdValidator.thresholdsExceededDirectNDEVDependency(request, results)){
// log.info("Build failed because some direct dependency issues were found.");
// breakBuildResult = true;
// }
// }

if (thresholdValidator.isThresholdsConfigurationExist(request)) {
if (thresholdValidator.thresholdsExceeded(request, results)) {
Expand Down

0 comments on commit 9cb4abb

Please sign in to comment.