From 9cb4abb1d78f7197bb731a0301bacce8edb1d2af Mon Sep 17 00:00:00 2001 From: itsKedar <37594766+itsKedar@users.noreply.github.com> Date: Thu, 14 Sep 2023 18:38:38 +0530 Subject: [PATCH] Application Version Documentation update (#1274) * Application Version documentation update * PDF Documentation * Added Documents * Version Update --------- Co-authored-by: satyamchaurasiapersistent <102941840+satyamchaurasiapersistent@users.noreply.github.com> Co-authored-by: satyamchaurasiapersistent --- build-11.gradle | 2 +- build.gradle | 2 +- docs/Bug-Trackers-and-Feedback-Channels.md | 38 +++++++++++++++++++ ...T-Version-9.0.md => CxSAST-Version-9.X.md} | 2 +- docs/Prerequisites-and-Requirements.md | 16 ++++---- docs/Thresholds-and-policies.md | 8 ++-- .../java/com/checkmarx/flow/CxFlowRunner.java | 14 +++---- 7 files changed, 60 insertions(+), 22 deletions(-) rename docs/{CxSAST-Version-9.0.md => CxSAST-Version-9.X.md} (99%) diff --git a/build-11.gradle b/build-11.gradle index a6a29d19c..d947e14e5 100644 --- a/build-11.gradle +++ b/build-11.gradle @@ -4,7 +4,7 @@ buildscript { ext { - CxSBSDK = "0.5.59" + CxSBSDK = "0.5.63" ConfigProviderVersion = "1.0.9" //cxVersion = "8.90.5" springBootVersion = '2.7.14' diff --git a/build.gradle b/build.gradle index ed2bcbe24..6b317931d 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,7 @@ buildscript { ext { -CxSBSDK = "0.5.59" +CxSBSDK = "0.5.63" ConfigProviderVersion = "1.0.10" //cxVersion = "8.90.5" springBootVersion = '2.7.14' diff --git a/docs/Bug-Trackers-and-Feedback-Channels.md b/docs/Bug-Trackers-and-Feedback-Channels.md index b178b2e85..4c8cd1476 100644 --- a/docs/Bug-Trackers-and-Feedback-Channels.md +++ b/docs/Bug-Trackers-and-Feedback-Channels.md @@ -27,6 +27,7 @@ * [CSV](#csv) * [Email](#email) * [NONE|WAIT](#none) +* [PDF](#pdf) ## Understanding the Data Checkmarx results are processed according to the following [scheme](https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/src/main/resources/samples/cx.xsd). @@ -413,6 +414,7 @@ Valid options for `bug-tracker-impl` are currently the following ones: * Rally * ServiceNow * Sarif +* PDF ## Azure DevOps WorkItems Azure DevOps work items only supports an issue body/description. Custom/template field values are not available at present. The available issue-type values are built/tested around issue and impediment (Scrum) @@ -829,6 +831,42 @@ The Scan completed successfully report receives the following objects: - `issue.vulnerability` - `issue.filename` +## PDF +The PDF bug-tracker (defined as PDF) is useful, if you want to retrieve the latest scan results from Checkmarx per project, Team, or the entire instance. This is the original PDF report provided by Checkmarx. When using PDF with both CxSAST and CxSCA scanners enabled, two seprate reports will be generated, one for CxSAST report and one for CxSCA report. + +CxSCA currently does not support `--batch` mode, but retrieving latest scan for a particular project (project mode) is still possible. + + +``` +cxflow: + #zip-exclude: .*\.PNG + bug-tracker: PDF + bug-tracker-impl: + # - Azure + # - Csv + # - CxXml + # - CxXml + # - GitHub + # - GitLab + # - GitLabDashboard + # - GitLab + # - Rally + # - Json + - PDF + # -JIRA + # - SonarQube + # -GITHUBPULL + # -BITBUCKETCOMMIT + +pdf: + file-name-format: checkmarx.PDF + data-folder: C:\\tmp + +``` + +The file system path as well as the file naming format is required. +From above example if SAST and SCA both enabled then file will get created by name ```SAST_checkmarx.pdf``` and ```SCA_checkmarx.pdf```. + ## NONE | WAIT If you want to trigger scans asynchronously, use **NONE** If you want to trigger scans, but wait for feedback | summary console output, use **WAIT | wait** \ No newline at end of file diff --git a/docs/CxSAST-Version-9.0.md b/docs/CxSAST-Version-9.X.md similarity index 99% rename from docs/CxSAST-Version-9.0.md rename to docs/CxSAST-Version-9.X.md index 2fae99e2b..b88486c68 100644 --- a/docs/CxSAST-Version-9.0.md +++ b/docs/CxSAST-Version-9.X.md @@ -5,7 +5,7 @@ * [How to create account in CxSAST](#accountcreation) * [Roles required for CxFlow](#rolesforcxflow) -### 9.0 Configuration Changes +### 9.x Configuration Changes **The Two Changes needed from 8.9:** * Make sure to include **version: 9.0** (or higher) and **scope: access_control_api sast_rest_api** diff --git a/docs/Prerequisites-and-Requirements.md b/docs/Prerequisites-and-Requirements.md index afa0d6b93..b64b6c7ca 100644 --- a/docs/Prerequisites-and-Requirements.md +++ b/docs/Prerequisites-and-Requirements.md @@ -1,13 +1,13 @@ The following applications are required: -| Software | Version | Notes | -| -------- |----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Java Runtime** | 8, 11 | Specific builds exist for both Java 8 and 11, or higher version. CxFlow can run anywhere with Java 1.8/11+ Runtime available. If user is using higher versions of JAVA they should append **Djava.locale.providers=COMPAT,CLDR** in JVM arguments in order to avoid **DateTimeParseException** | -| **CxSAST** | 8.8, 8.9, 9.x | CxFlow uses Checkmarx's REST APIs, available for version 8.8 and higher | -| **Jira** | 6.4, 7.x, 8.x, 9.x | Jira Cloud and Software have been tested | -| **GitHub** | Cloud and Enterprise supported versions | Both WebHook and Issue integration | -| **GitLab** | Cloud, Community and Enterprise supported versions | Both WebHook and Issue integration | -| **BitBucket** | Cloud, Server (version 7.2 and higher) | WebHook | +| Software | Version | Notes | +|------------------|----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Java Runtime** | 8, 11 ,17,18 | Specific builds exist for both Java 8 and 11, or higher version. CxFlow can run anywhere with Java 1.8/11+ Runtime available. If user is using higher versions of JAVA they should append **Djava.locale.providers=COMPAT,CLDR** in JVM arguments in order to avoid **DateTimeParseException** | +| **CxSAST** | 8.8, 8.9, 9.x | CxFlow uses Checkmarx's REST APIs, available for version 8.8 and higher | +| **Jira** | 6.4, 7.x, 8.x, 9.x | Jira Cloud and Software have been tested | +| **GitHub** | Cloud and Enterprise supported versions | Both WebHook and Issue integration | +| **GitLab** | Cloud, Community and Enterprise supported versions | Both WebHook and Issue integration | +| **BitBucket** | Cloud, Server (version 7.2 to 8.13 ) | WebHook | | **Azure DevOps** | Cloud, Server 2019, TFS Server 2018 | Both WebHook and WorkItem integration | ## Additional Requirements diff --git a/docs/Thresholds-and-policies.md b/docs/Thresholds-and-policies.md index 770411f0d..964dd548f 100644 --- a/docs/Thresholds-and-policies.md +++ b/docs/Thresholds-and-policies.md @@ -119,16 +119,16 @@ cxflow: ``` ## SCA : Direct dependency -User can break build based on direct dependency vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section. +User can filter direct dependency vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section. ```yaml sca: - filter-dependency-type: Direct + filter-out-InDirectdependency: true ``` Default value of filter-dependency-type is **All**. -## SCA : Dev dependency -User can filter out dev dependency vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section. +## SCA : Dev & Test dependency +User can filter out dev dependency & Test vulnerabilities present in project. User need to add below code in YML file or pass it as command line parameter under SCA section. ```yaml sca: diff --git a/src/main/java/com/checkmarx/flow/CxFlowRunner.java b/src/main/java/com/checkmarx/flow/CxFlowRunner.java index 348610d5f..d20fcd1de 100644 --- a/src/main/java/com/checkmarx/flow/CxFlowRunner.java +++ b/src/main/java/com/checkmarx/flow/CxFlowRunner.java @@ -716,13 +716,13 @@ private boolean checkIfBreakBuild(ScanRequest request, ScanResults results) { boolean breakBuildResult = false; - if(flowProperties.getEnabledVulnerabilityScanners()!=null){ - if((flowProperties.getEnabledVulnerabilityScanners().stream().map(String::toLowerCase) - .collect(Collectors.toList()).contains("sca")) && thresholdValidator.thresholdsExceededDirectNDEVDependency(request, results)){ - log.info("Build failed because some direct dependency issues were found."); - breakBuildResult = true; - } - } +// if(flowProperties.getEnabledVulnerabilityScanners()!=null){ +// if((flowProperties.getEnabledVulnerabilityScanners().stream().map(String::toLowerCase) +// .collect(Collectors.toList()).contains("sca")) && thresholdValidator.thresholdsExceededDirectNDEVDependency(request, results)){ +// log.info("Build failed because some direct dependency issues were found."); +// breakBuildResult = true; +// } +// } if (thresholdValidator.isThresholdsConfigurationExist(request)) { if (thresholdValidator.thresholdsExceeded(request, results)) {