From f9df435e2fa38780be86b6971b418eeacc3e8556 Mon Sep 17 00:00:00 2001 From: DhavalPatelPersistent Date: Fri, 18 Mar 2022 16:21:05 +0530 Subject: [PATCH] [JIRA:CXFLW-158] CxFlow GH Action (GHA #32): value with blank spaces in quotes are interpreted as multiple parameters Parameters in "params:" value with blank spaces in quotes are interpreted as multiple parameters. --jira.open-status="Backlog,Selected for Development,In Progress" is actually interpreted as multiple arguments (4 in total for this example): 1. --jira.open-status="Backlog,Selected 2. for 3. Development,In 4. Progress" --- action.yml | 56 ++++++++++++++++++++ entrypoint.sh | 2 +- sample-yml/checkmarx-sast-scan-jira-push.yml | 50 +++++++++++++++++ 3 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 sample-yml/checkmarx-sast-scan-jira-push.yml diff --git a/action.yml b/action.yml index 267c199..fbe1307 100644 --- a/action.yml +++ b/action.yml @@ -101,6 +101,44 @@ inputs: required: false description: Java options will be passed to java default: -XX:MaxRAMPercentage=75.0 + ######### Jira Properties ########## + jira_url: + required: false + description: 'Jira URL' + default: '' + jira_username: + required: false + description: 'Jira Username' + default: '' + jira_token: + required: false + description: 'Jira Token' + default: '' + jira_project: + required: false + description: 'Jira Project' + default: '' + jira_issue_type: + required: false + description: 'Jira Issue Type' + default: '' + jira_open_transition: + required: false + description: 'Jira Open Transition' + default: '' + jira_close_transition: + required: false + description: 'Jira Close Transition' + default: '' + jira_open_status: + required: false + description: 'Jira Open Status' + default: '' + jira_closed_status: + required: false + description: 'Jira Closed Status' + default: '' + runs: using: 'docker' image: 'Dockerfile' @@ -128,6 +166,15 @@ runs: - ${{ inputs.cxgo_base_url }} - ${{ inputs.cxgo_portal_url }} - ${{ inputs.java_opts }} + - ${{ inputs.jira_url }} + - ${{ inputs.jira_username }} + - ${{ inputs.jira_token }} + - ${{ inputs.jira_project }} + - ${{ inputs.jira_issue_type }} + - ${{ inputs.jira_open_transition }} + - ${{ inputs.jira_close_transition }} + - ${{ inputs.jira_open_status }} + - ${{ inputs.jira_closed_status }} env: TEAM: "${{ inputs.team }}" @@ -154,6 +201,15 @@ runs: CXGO_BASE_URL: ${{ inputs.cxgo_base_url }} CXGO_PORTAL_URL: ${{ inputs.cxgo_portal_url }} JAVA_OPTS: ${{ inputs.java_opts }} + JIRA_URL: ${{ inputs.jira_url }} + JIRA_USERNAME: ${{ inputs.jira_username }} + JIRA_TOKEN: ${{ inputs.jira_token }} + JIRA_PROJECT: ${{ inputs.jira_project }} + JIRA_ISSUE_TYPE: ${{ inputs.jira_issue_type }} + JIRA_OPEN_TRANSITION: ${{ inputs.jira_open_transition }} + JIRA_CLOSE_TRANSITION: ${{ inputs.jira_close_transition }} + JIRA_OPEN_STATUS: ${{ inputs.jira_open_status }} + JIRA_CLOSED_STATUS: ${{ inputs.jira_closed_status }} branding: icon: 'check' diff --git a/entrypoint.sh b/entrypoint.sh index 6d4d570..4df6ef2 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,2 +1,2 @@ #!/bin/sh -java ${JAVA_OPTS} -jar /app/cx-flow.jar --spring.profiles.active="${CX_FLOW_ENABLED_VULNERABILITY_SCANNERS}" --scan --github.api-url="${GITHUB_API_URL}/repos/" --cx-team="${TEAM}" --cx-project="${PROJECT}" --app="${APP}" --f=. ${CXFLOW_PARAMS} +java ${JAVA_OPTS} -jar /app/cx-flow.jar --spring.profiles.active="${CX_FLOW_ENABLED_VULNERABILITY_SCANNERS}" --scan --github.api-url="${GITHUB_API_URL}/repos/" --cx-team="${TEAM}" --cx-project="${PROJECT}" --app="${APP}" --jira.url="${JIRA_URL}" --jira.username="${JIRA_USERNAME}" --jira.token="${JIRA_TOKEN}" --jira.project="${JIRA_PROJECT}" --jira.issue-type="${JIRA_ISSUE_TYPE}" --jira.open-transition="${JIRA_OPEN_TRANSITION}" --jira.close-transition="${JIRA_CLOSE_TRANSITION}" --jira.open-status="${JIRA_OPEN_STATUS}" --jira.closed-status="${JIRA_CLOSED_STATUS}" --f=. ${CXFLOW_PARAMS} diff --git a/sample-yml/checkmarx-sast-scan-jira-push.yml b/sample-yml/checkmarx-sast-scan-jira-push.yml new file mode 100644 index 0000000..58eb369 --- /dev/null +++ b/sample-yml/checkmarx-sast-scan-jira-push.yml @@ -0,0 +1,50 @@ +# This workflow is to automate Checkmarx SAST scans. It runs on a push to the main branch. +# +# The following GitHub Secrets must be first defined: +# - CHECKMARX_URL +# - CHECKMARX_USER +# - CHECKMARX_PASSWORD +# - CHECKMARX_CLIENT_SECRET +# +# The following variables must be inserted below: +# - +# +# Update the 'team' field to reflect the team name used in Checkmarx. +# +# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action + +name: Checkmarx SAST Scan +on: + push: + branches: + - main + - master + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Checkmarx CxFlow Action + uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.4 #Github Action version + with: + project: ${{ secrets.CHECKMARX_PROJECT }} # <-- Insert Checkmarx SAST Project Name + team: ${{ secrets.CHECKMARX_TEAMS }} + checkmarx_url: ${{ secrets.CHECKMARX_URL }} # To be stored in GitHub Secrets. + checkmarx_username: ${{ secrets.CHECKMARX_USER }} # To be stored in GitHub Secrets. + checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} # To be stored in GitHub Secrets. + checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} # To be stored in GitHub Secrets. + break_build: false + scanners: sast + bug_tracker: JIRA + jira_url: ${{ secrets.JIRA_URL }} + jira_username: ${{ secrets.JIRA_USERNAME }} + jira_token: ${{ secrets.JIRA_TOKEN }} + jira_project: ${{ secrets.JIRA_PROJECT }} + jira_issue_type: 'Application Security Bug' + jira_open_transition: 'In Progress' + jira_close_transition: 'Done' + jira_open_status: 'Backlog,Selected for Development,In Progress' + jira_closed_status: 'Done' + params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory --jira.priorities.High=High --jira.priorities.Medium=Medium --jira.priorities.Low=Low --jira.priorities.Informational=Lowest \ No newline at end of file