[JIRA:CXFLW-158] CxFlow GH Action (GHA #32): value with blank spaces …

…in quotes are interpreted as multiple parameters

Parameters in "params:" value with blank spaces in quotes are interpreted as multiple parameters.
--jira.open-status="Backlog,Selected for Development,In Progress" is actually interpreted as multiple arguments (4 in total for this example):
1. --jira.open-status="Backlog,Selected
2. for
3. Development,In
4. Progress"

action.yml

@@ -101,6 +101,44 @@ inputs:
     required: false
     description: Java options will be passed to java
     default: -XX:MaxRAMPercentage=75.0
+  ######### Jira Properties ##########
+  jira_url:
+    required: false
+    description: 'Jira URL'
+    default: ''
+  jira_username:
+    required: false
+    description: 'Jira Username'
+    default: ''
+  jira_token:
+    required: false
+    description: 'Jira Token'
+    default: ''
+  jira_project:
+    required: false
+    description: 'Jira Project'
+    default: ''
+  jira_issue_type:
+    required: false
+    description: 'Jira Issue Type'
+    default: ''
+  jira_open_transition:
+    required: false
+    description: 'Jira Open Transition'
+    default: ''
+  jira_close_transition:
+    required: false
+    description: 'Jira Close Transition'
+    default: ''
+  jira_open_status:
+    required: false
+    description: 'Jira Open Status'
+    default: ''
+  jira_closed_status:
+    required: false
+    description: 'Jira Closed Status'
+    default: ''
+
 runs:
   using: 'docker'
   image: 'Dockerfile'
@@ -128,6 +166,15 @@ runs:
     - ${{ inputs.cxgo_base_url }}
     - ${{ inputs.cxgo_portal_url }}
     - ${{ inputs.java_opts }}
+    - ${{ inputs.jira_url }}
+    - ${{ inputs.jira_username }}
+    - ${{ inputs.jira_token }}
+    - ${{ inputs.jira_project }}
+    - ${{ inputs.jira_issue_type }}
+    - ${{ inputs.jira_open_transition }}
+    - ${{ inputs.jira_close_transition }}
+    - ${{ inputs.jira_open_status }}
+    - ${{ inputs.jira_closed_status }}
 
   env:
     TEAM: "${{ inputs.team }}"
@@ -154,6 +201,15 @@ runs:
     CXGO_BASE_URL: ${{ inputs.cxgo_base_url }}
     CXGO_PORTAL_URL: ${{ inputs.cxgo_portal_url }}
     JAVA_OPTS: ${{ inputs.java_opts }}
+    JIRA_URL: ${{ inputs.jira_url }}
+    JIRA_USERNAME: ${{ inputs.jira_username }}
+    JIRA_TOKEN: ${{ inputs.jira_token }}
+    JIRA_PROJECT: ${{ inputs.jira_project }}
+    JIRA_ISSUE_TYPE: ${{ inputs.jira_issue_type }}
+    JIRA_OPEN_TRANSITION: ${{ inputs.jira_open_transition }}
+    JIRA_CLOSE_TRANSITION: ${{ inputs.jira_close_transition }}
+    JIRA_OPEN_STATUS: ${{ inputs.jira_open_status }}
+    JIRA_CLOSED_STATUS: ${{ inputs.jira_closed_status }}
 
 branding:
   icon: 'check'

entrypoint.sh

@@ -1,2 +1,2 @@
 #!/bin/sh
-java ${JAVA_OPTS} -jar /app/cx-flow.jar --spring.profiles.active="${CX_FLOW_ENABLED_VULNERABILITY_SCANNERS}" --scan --github.api-url="${GITHUB_API_URL}/repos/" --cx-team="${TEAM}" --cx-project="${PROJECT}" --app="${APP}" --f=. ${CXFLOW_PARAMS}
+java ${JAVA_OPTS} -jar /app/cx-flow.jar --spring.profiles.active="${CX_FLOW_ENABLED_VULNERABILITY_SCANNERS}" --scan --github.api-url="${GITHUB_API_URL}/repos/" --cx-team="${TEAM}" --cx-project="${PROJECT}" --app="${APP}" --jira.url="${JIRA_URL}" --jira.username="${JIRA_USERNAME}" --jira.token="${JIRA_TOKEN}" --jira.project="${JIRA_PROJECT}" --jira.issue-type="${JIRA_ISSUE_TYPE}" --jira.open-transition="${JIRA_OPEN_TRANSITION}" --jira.close-transition="${JIRA_CLOSE_TRANSITION}" --jira.open-status="${JIRA_OPEN_STATUS}" --jira.closed-status="${JIRA_CLOSED_STATUS}" --f=. ${CXFLOW_PARAMS}

sample-yml/checkmarx-sast-scan-jira-push.yml

@@ -0,0 +1,50 @@
+# This workflow is to automate Checkmarx SAST scans.  It runs on a push to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USER
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#
+# The following variables must be inserted below:
+#   - <ProjectName>
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: Checkmarx SAST Scan
+on:
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.4 #Github Action version
+      with:
+        project: ${{ secrets.CHECKMARX_PROJECT }} # <-- Insert Checkmarx SAST Project Name
+        team: ${{ secrets.CHECKMARX_TEAMS }}
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }} # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USER }} # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} # To be stored in GitHub Secrets.
+        break_build: false
+        scanners: sast
+        bug_tracker: JIRA
+        jira_url: ${{ secrets.JIRA_URL }}
+        jira_username: ${{ secrets.JIRA_USERNAME }}
+        jira_token: ${{ secrets.JIRA_TOKEN }}
+        jira_project: ${{ secrets.JIRA_PROJECT }}
+        jira_issue_type: 'Application Security Bug'
+        jira_open_transition: 'In Progress'
+        jira_close_transition: 'Done'
+        jira_open_status: 'Backlog,Selected for Development,In Progress'
+        jira_closed_status: 'Done'
+        params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory --jira.priorities.High=High --jira.priorities.Medium=Medium --jira.priorities.Low=Low --jira.priorities.Informational=Lowest