GitHub Action | Fix SAST & IAC Vul + Threshold (AST-47971) #356
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Checkmarx One Github Action CI | |
on: [ pull_request ] | |
jobs: | |
integration-tests: | |
runs-on: ubuntu-latest | |
name: Integration Testing | |
steps: | |
- name: Checkout the repository | |
uses: actions/[email protected] | |
- name: Create source file | |
run: | | |
echo "testcode"> source.py | |
- name: Run with empty client and secret | |
id: empty_client_secret | |
continue-on-error: true | |
uses: ./ | |
with: | |
project_name: ${{ github.event.repository.name }}-tests | |
base_uri: https://fake.com | |
cx_client_id: "" | |
cx_client_secret: "" | |
- name: Check if failed authentication | |
if: ${{contains( steps.empty_client_secret.outcome, 'success')}} | |
run: | | |
echo "The authentication must fail if invalid client id or password is used" | |
echo "${{ steps.empty_client_secret.outcome}}" | |
exit 1 | |
- name: Valid scenario | |
id: valid_scenario | |
continue-on-error: true | |
uses: ./ | |
with: | |
project_name: ${{ github.event.repository.name }}-tests | |
base_uri: ${{ secrets.CX_BASE_URI }} | |
cx_tenant: ${{ secrets.CX_TENANT }} | |
cx_client_id: ${{ secrets.CX_CLIENT_ID }} | |
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} | |
additional_params: --file-include *.sh,Dockerfile --scan-types kics --report-format summaryJSON | |
- name: Check if completed | |
if: ${{ contains( steps.valid_scenario.outcome, 'success') == false}} | |
run: | | |
echo "The action outcome should be success." | |
echo "${{ steps.valid_scenario.outcome}}" | |
exit 1 | |
- name: Check if output scan ID is not empty | |
if: steps.valid_scenario.outputs.cxScanID == '' | |
run: | | |
echo "Scan ID empty." | |
exit 1 | |
- name: Printing output Scan ID | |
run: | | |
echo "${{ steps.valid_scenario.outputs.cxScanID }}" | |
- name: Check if output log is not empty | |
if: steps.valid_scenario.outputs.cxcli == '' | |
run: | | |
echo "Output log empty." | |
exit 1 | |
- name: Printing cli output | |
run: | | |
echo "${{ steps.valid_scenario.outputs.cxcli }}" | |
- name: Test with preset name | |
id: preset_name_test | |
continue-on-error: true | |
uses: ./ | |
with: | |
project_name: ${{ github.event.repository.name }}-tests | |
base_uri: ${{ secrets.CX_BASE_URI }} | |
cx_tenant: ${{ secrets.CX_TENANT }} | |
cx_client_id: ${{ secrets.CX_CLIENT_ID }} | |
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} | |
additional_params: --sast-preset-name ChekmarxDefaultFake --scan-types sast | |
- name: Check if preset name completed | |
if: ${{contains( steps.preset_name_test.outcome, 'success')}} | |
run: | | |
echo "The cli should fail. Wrong preset name provided" | |
echo "${{ steps.preset_name_test.outcome}}" | |
exit 1 |