Skip to content

Commit

Permalink
Added SCA include pattern in Config as code (#1290)
Browse files Browse the repository at this point in the history 
* Added SCA include pattern in Config as code

* updated docs and dockerfile
  • Loading branch information
@itsKedar
itsKedar authored Nov 20, 2023
1 parent 3f45e66 commit d920bd5
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ FROM alpine:3.18.4 AS java11
WORKDIR app
RUN apk update && \
apk upgrade
RUN apk add openjdk11=11.0.20_p8-r2 --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
RUN apk add openjdk11=11.0.21_p9-r0 --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk
RUN apk add libstdc++
RUN apk add glib
Expand Down
2 changes: 1 addition & 1 deletion build-11.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ buildscript {
ext {


CxSBSDK = "0.5.64"
CxSBSDK = "0.5.65"
ConfigProviderVersion = "1.0.9"
//cxVersion = "8.90.5"
springBootVersion = '2.7.14'
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
buildscript {
ext {

CxSBSDK = "0.5.64"
CxSBSDK = "0.5.65"
ConfigProviderVersion = "1.0.10"
//cxVersion = "8.90.5"
springBootVersion = '2.7.14'
Expand Down
8 changes: 7 additions & 1 deletion docs/CxSCA-Integration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,9 @@ CxFlow supports configuration as code for CxSAST and CxSCA scans.
* filterSeverity
* filterScore
* team (needs to be set with none empty value)
* excludeFiles
* ManifestsIncludePattern
* fingerprintsIncludePattern

<br/>Example for SCA config file content:
```
Expand All @@ -261,8 +264,11 @@ CxFlow supports configuration as code for CxSAST and CxSCA scans.
"thresholdsScore": 8.5,
"filterSeverity": ["high", "medium", "low"],
"filterScore": 7.5,
"excludeFiles": "**/*.xml",
"manifestsIncludePattern": "!**/*.xml, **/*.yml",
"fingerprintsIncludePattern": "**/*.yml",
"team": "/CxServer/MyTeam/SubTeam",
projectName : "SampleProjectName"
"projectName" : "SampleProjectName",
"expPathSastProjectName": "SampleProjectName"
}
}
Expand Down
14 changes: 14 additions & 0 deletions src/main/java/com/checkmarx/flow/service/ScaConfigurationOverrider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public class ScaConfigurationOverrider {

private static final String PROJECT_NAME = "projectName";


private final ScaProperties scaProperties;
private final ScaFilterFactory scaFilterFactory;

Expand Down Expand Up @@ -124,6 +125,19 @@ public void overrideScanRequestProperties(Sca override, ScanRequest request, Map
overrideReport.put(PROJECT_NAME,projectName);
});

sca.map(Sca :: getExcludeFiles).ifPresent(excludeFiles->{
scaConfig.setExcludeFiles(Collections.singletonList(excludeFiles));
overrideReport.put("excludeFiles",excludeFiles);
});
sca.map(Sca :: getFingerprintsIncludePattern).ifPresent(fingerprintsIncludePattern->{
scaConfig.setFingerprintsIncludePattern(fingerprintsIncludePattern);
overrideReport.put("fingerprintsIncludePattern",fingerprintsIncludePattern);
});
sca.map(Sca :: getManifestsIncludePattern).ifPresent(manifestsIncludePattern->{
scaConfig.setManifestsIncludePattern(manifestsIncludePattern);
overrideReport.put("ManifestsIncludePattern",manifestsIncludePattern);
});

overrideSeverityFilters(request, sca, overrideReport);

overrideScoreFilter(request, sca, overrideReport);
Expand Down

0 comments on commit d920bd5

Please sign in to comment.