diff --git a/build-11.gradle b/build-11.gradle index b267a66d6..67a1db9ee 100644 --- a/build-11.gradle +++ b/build-11.gradle @@ -4,7 +4,7 @@ buildscript { ext { - CxSBSDK = "0.5.56" + CxSBSDK = "0.5.59" ConfigProviderVersion = "1.0.9" //cxVersion = "8.90.5" springBootVersion = '2.7.14' diff --git a/build.gradle b/build.gradle index 16fc77cb7..1da6e514b 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ buildscript { ext { - CxSBSDK = "0.5.56" + CxSBSDK = "0.5.59" ConfigProviderVersion = "1.0.10" //cxVersion = "8.90.5" springBootVersion = '2.7.14' diff --git a/src/main/java/com/checkmarx/flow/CxFlowRunner.java b/src/main/java/com/checkmarx/flow/CxFlowRunner.java index 4420ae309..734970116 100644 --- a/src/main/java/com/checkmarx/flow/CxFlowRunner.java +++ b/src/main/java/com/checkmarx/flow/CxFlowRunner.java @@ -209,6 +209,7 @@ private void commandLineRunner(ApplicationArguments args) throws ExitThrowable { boolean usingBitBucketCloud = args.containsOption("bb"); boolean usingBitBucketServer = args.containsOption("bbs"); boolean disableCertificateValidation = args.containsOption("trust-cert"); + boolean disablePolicyViolation = args.containsOption("sca-policy-disable"); disableBreakbuild=args.containsOption("disable-break-build"); branchProtectionEnabled = args.containsOption("branch-protection-enabled"); sbom = args.containsOption("sbom"); @@ -381,6 +382,7 @@ private void commandLineRunner(ApplicationArguments args) throws ExitThrowable { .commentSAST(commentSAST) .disableBreakbuild(disableBreakbuild) .sbom(sbom) + .disablePolicyViolation(disablePolicyViolation) .build(); if (projectId != null) { diff --git a/src/main/java/com/checkmarx/flow/dto/ScanRequest.java b/src/main/java/com/checkmarx/flow/dto/ScanRequest.java index 49857d2c3..be435450b 100644 --- a/src/main/java/com/checkmarx/flow/dto/ScanRequest.java +++ b/src/main/java/com/checkmarx/flow/dto/ScanRequest.java @@ -63,6 +63,8 @@ public class ScanRequest { @Getter @Setter private String scanResubmit; private Boolean incremental; + @Getter @Setter + private Boolean disablePolicyViolation=true; private String scanPreset; /** diff --git a/src/main/java/com/checkmarx/flow/service/JiraService.java b/src/main/java/com/checkmarx/flow/service/JiraService.java index 6670f51cc..7aa863d97 100644 --- a/src/main/java/com/checkmarx/flow/service/JiraService.java +++ b/src/main/java/com/checkmarx/flow/service/JiraService.java @@ -67,6 +67,8 @@ public class JiraService { private static final String ACCOUNT_ID = "accountId"; private static final String JIRA_ISSUE_LABEL_SCA = "scanner:SCA"; private static final String JIRA_ISSUE_LABEL_SAST = "scanner:SAST"; + private static final String JIRA_DEV_LABEL ="DEV"; + private static final String JIRA_PROD_LABEL ="PROD"; private static final String CASCADE_PARENT_CHILD_DELIMITER = ";"; private static final int MAX_RESULTS_ALLOWED = 1000000; private static final String SEARCH_ASSIGNABLE_USER = "%s/rest/api/latest/user/assignable/search?project={projectKey}&query={assignee}"; @@ -368,6 +370,13 @@ public String createIssue(ScanResults.XIssue issue, ScanRequest request) throws } if (null != scaDetails) { labels.add(JIRA_ISSUE_LABEL_SCA); + if(issue.getScaDetails().get(0).getVulnerabilityPackage().isIsDevelopmentDependency() || issue.getScaDetails().get(0).getVulnerabilityPackage().isIsTestDependency()) + { + labels.add(JIRA_DEV_LABEL); + } + else{ + labels.add(JIRA_PROD_LABEL); + } }else{ labels.add(JIRA_ISSUE_LABEL_SAST); } diff --git a/src/main/java/com/checkmarx/flow/service/ThresholdValidatorImpl.java b/src/main/java/com/checkmarx/flow/service/ThresholdValidatorImpl.java index 81f650e2d..0c42bd32e 100644 --- a/src/main/java/com/checkmarx/flow/service/ThresholdValidatorImpl.java +++ b/src/main/java/com/checkmarx/flow/service/ThresholdValidatorImpl.java @@ -194,7 +194,10 @@ private boolean isAllowedSca(ScanResults scanResults, ScanRequest request) { boolean isAllowedSca; // isPolicyViolated flag gets the top priority whether to the break build or not SCAResults scaResults = scanResults.getScaResults(); - if (scaResults.isPolicyViolated()) { + if(request!=null && request.getDisablePolicyViolation()){ + scaProperties.setEnablePolicyViolation(false); + } + if (scaResults.isPolicyViolated() && scaProperties.isEnablePolicyViolation()) { printViolatedPoliciesNames(scaResults.getViolatedPolicies()); isAllowedSca = false; } else { diff --git a/src/test/java/com/checkmarx/flow/cucumber/integration/cli/sca/ScaCliSteps.java b/src/test/java/com/checkmarx/flow/cucumber/integration/cli/sca/ScaCliSteps.java index 4d3116911..bb61ac3f1 100644 --- a/src/test/java/com/checkmarx/flow/cucumber/integration/cli/sca/ScaCliSteps.java +++ b/src/test/java/com/checkmarx/flow/cucumber/integration/cli/sca/ScaCliSteps.java @@ -106,7 +106,7 @@ public void runningWithBreakBuild(String input) { setFilters("High"); switch (input) { case "success": - commandBuilder.append("--scan --severity=High --app=MyApp --cx-project=test").append(GITHUB_REPO_ARGS); + commandBuilder.append("--scan --sca-policy-disable=true --severity=High --app=MyApp --cx-project=test").append(GITHUB_REPO_ARGS); scaProperties.setThresholdsScore(10.0); break; case "break-build":