From d920bd5f4a88a7e3fdaa98f49e834a5282e598c4 Mon Sep 17 00:00:00 2001 From: itsKedar <37594766+itsKedar@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:25:14 +0530 Subject: [PATCH] Added SCA include pattern in Config as code (#1290) * Added SCA include pattern in Config as code * updated docs and dockerfile --- Dockerfile | 2 +- build-11.gradle | 2 +- build.gradle | 2 +- docs/CxSCA-Integration.md | 8 +++++++- .../flow/service/ScaConfigurationOverrider.java | 14 ++++++++++++++ 5 files changed, 24 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 02e6cc959..dedaf722d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,7 +21,7 @@ FROM alpine:3.18.4 AS java11 WORKDIR app RUN apk update && \ apk upgrade -RUN apk add openjdk11=11.0.20_p8-r2 --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community +RUN apk add openjdk11=11.0.21_p9-r0 --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk RUN apk add libstdc++ RUN apk add glib diff --git a/build-11.gradle b/build-11.gradle index 10432ff9b..b9482f762 100644 --- a/build-11.gradle +++ b/build-11.gradle @@ -4,7 +4,7 @@ buildscript { ext { - CxSBSDK = "0.5.64" + CxSBSDK = "0.5.65" ConfigProviderVersion = "1.0.9" //cxVersion = "8.90.5" springBootVersion = '2.7.14' diff --git a/build.gradle b/build.gradle index 338f5447f..b5861908c 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,7 @@ buildscript { ext { -CxSBSDK = "0.5.64" +CxSBSDK = "0.5.65" ConfigProviderVersion = "1.0.10" //cxVersion = "8.90.5" springBootVersion = '2.7.14' diff --git a/docs/CxSCA-Integration.md b/docs/CxSCA-Integration.md index d6cd09ee7..d379e2ff2 100644 --- a/docs/CxSCA-Integration.md +++ b/docs/CxSCA-Integration.md @@ -239,6 +239,9 @@ CxFlow supports configuration as code for CxSAST and CxSCA scans. * filterSeverity * filterScore * team (needs to be set with none empty value) + * excludeFiles + * ManifestsIncludePattern + * fingerprintsIncludePattern
Example for SCA config file content: ``` @@ -261,8 +264,11 @@ CxFlow supports configuration as code for CxSAST and CxSCA scans. "thresholdsScore": 8.5, "filterSeverity": ["high", "medium", "low"], "filterScore": 7.5, + "excludeFiles": "**/*.xml", + "manifestsIncludePattern": "!**/*.xml, **/*.yml", + "fingerprintsIncludePattern": "**/*.yml", "team": "/CxServer/MyTeam/SubTeam", - projectName : "SampleProjectName" + "projectName" : "SampleProjectName", "expPathSastProjectName": "SampleProjectName" } } diff --git a/src/main/java/com/checkmarx/flow/service/ScaConfigurationOverrider.java b/src/main/java/com/checkmarx/flow/service/ScaConfigurationOverrider.java index e1acbebd0..3636c3811 100644 --- a/src/main/java/com/checkmarx/flow/service/ScaConfigurationOverrider.java +++ b/src/main/java/com/checkmarx/flow/service/ScaConfigurationOverrider.java @@ -40,6 +40,7 @@ public class ScaConfigurationOverrider { private static final String PROJECT_NAME = "projectName"; + private final ScaProperties scaProperties; private final ScaFilterFactory scaFilterFactory; @@ -124,6 +125,19 @@ public void overrideScanRequestProperties(Sca override, ScanRequest request, Map overrideReport.put(PROJECT_NAME,projectName); }); + sca.map(Sca :: getExcludeFiles).ifPresent(excludeFiles->{ + scaConfig.setExcludeFiles(Collections.singletonList(excludeFiles)); + overrideReport.put("excludeFiles",excludeFiles); + }); + sca.map(Sca :: getFingerprintsIncludePattern).ifPresent(fingerprintsIncludePattern->{ + scaConfig.setFingerprintsIncludePattern(fingerprintsIncludePattern); + overrideReport.put("fingerprintsIncludePattern",fingerprintsIncludePattern); + }); + sca.map(Sca :: getManifestsIncludePattern).ifPresent(manifestsIncludePattern->{ + scaConfig.setManifestsIncludePattern(manifestsIncludePattern); + overrideReport.put("ManifestsIncludePattern",manifestsIncludePattern); + }); + overrideSeverityFilters(request, sca, overrideReport); overrideScoreFilter(request, sca, overrideReport);