-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sast results analysis #645
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pedrompflopes
requested review from
a team,
sshay77 and
helderfvieira
and removed request for
a team
January 23, 2024 08:53
sshay77
approved these changes
Jan 23, 2024
helderfvieira
approved these changes
Jan 26, 2024
OrShamirCM
added a commit
that referenced
this pull request
Apr 4, 2024
* adding minio feature flag (#646) * Rename gpt fix (#648) * Add "*.cmp" extension (#647) * Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#650) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](google/uuid@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Sast results analysis (#645) * Add result show --prioritize-sast flag & implementation * Fix linter errors * Add tests and fix linter * Change prioritize-sast help text and priority values * Fix line-too-long lint issue * Update result integration test for --prioritize-sast * Change prioritize-sast to sast-prioritization * Change UnknownReference to a more informational value * Chage sast-prioritization to sast-redundancy * Add newlines to response if necessary * Fix lint errors in new code * Refactor for better coverage on chat-sast code * initialize array (#651) * AST-35649 | fix ast-cli vulnerabilities (#655) * fix vulnerabilities * fix vulnerabilities * fix vulnerabilities * fix vulnerabilities * fix vulnerabilities * alpine:3.17.0 * 19 * sha * kics vulnerabilities * kics and lint problems * delete if * ignore 0666 number * fix vulnerabilities * permission const * 666 * AST-34271 | improve result summary table in cli (#656) * AST-34271 | improve result summary table in cli * AST-34271 | fixing pr decoration test * AST-34271 | fixing triage test, removing uneeded project remove * AST-34271 | solve getRoot function test bugs * Update release.yml (#660) * remove sca optin from scan log description (#661) * remove sca option from scan log description * AST-35664 | Enhance AI Guided Remediation answers (#662) * AST-35664 | Enhance AI Guided Remediation answers * AST-35664 | improved test readability * Encode client ID and secret (#654) * Add policy violation to PR/MR decoration (#643) * AST-35640 | Create Groups Assignment (#663) * create groups assignment * lint * lint issues * import order * import order * do not send groups when FF = on * code review * lint issues * load feature flags * Or review fixes * Integration Tests * Integration Tests-update project * groups.go * lint * fix PrintIfVerbose * fix PrintfIfVerbose * findGroupByName fix * fix nul error in find group * fixing linter --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> Co-authored-by: tiagobcx <[email protected]> * CLI | Support the application-name flag and add association to the project (AST-35636 , AST-35637) (#664) * Add application name flag * fixes * AST-35637 | add project association to application functionality * Renamed integration test * AST-35637 | added create project with app-name test * added NoPermissionApp case * Added constants to mock flags and error messages * added test * passing application Id to project * AST-35637 | added unit tests for create scan/project under application * Added integration tests + handling of forbidden status * extracted fail message to const + handled error model * AST-35637 | handle 403 status code in update and create project * AST-35637 | fix github linter applicationId param * AST-35637 | initialize projModel applicationIds in updateProject func * AST-35637 | fix github linter problem - change Id to ID * AST-35637 | fix github linter problem - change Id to ID * removed ErroModelUsage + formatting errors * AST-35637 | fix github linter problem - shadowing errors * AST-35637 | fix github linter problem - shadowing errors * AST-35637 | fix github linter problem - change package applicationErrors to applicationerrors * AST-35637 | fix github linter problem - change FakeHttpStatus to FakeHTTPStatus * AST-35637 | fix github linter problem * AST-35637 | fix integration tests * AST-35637 | add checked returned error when deffering * AST-35637 | fix tests * AST-35637 | go linter imports order * AST-35637 | make createApplicationIds func more readable * reduced the limit count * fix * fixes * AST-35637 | change prameter type of applicationId from string to []string * AST-35637 | resolved conflict * AST-35637 | resolved github linter errors --------- Co-authored-by: checkmarx-kobi-hagmi <[email protected]> Co-authored-by: AlvoBen <[email protected]> * AST-36339 | enable Ai Guided Remediation only if the tenant has permission (#666) * enable Ai Guided Remediation only if the tenant has permission * trigger unit test * fix test * hide chat command from help (#668) * Update Get Application by Name with Exact Match and Update Permissions Log Message (AST-36823) (#669) * the application name passed to application-name flag must match application name exactly * Changed ApplicationDoesntExist and ApplicationNoPermission to ApplicationDoesntExistOrNoPermission * Fixed lint error --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * AST-36690 | cleanup integration test (#671) * fix test * fix test * names * crypto * crypto * adding assert * adding application ids to project creation print --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * Update Confidence Description (AST-37132) (#676) * Update Confidence Description (AST-37132) * Update Confidence Description (AST-37132) * fix tests * Fix "About this vulnerability" link Fix "About this vulnerability" link * Update result.go * Update result.go * Add Directory.Packages.props for Nuget Central Package Management (#652) * Update filters.go Added Directory.Packages.props file used by Nuget Central Package Management for dependency management in SCA * Fixed linting issue --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * Update CI.yml to Use GitLab Env Vars (#681) * Update CI.yml to Use GitLab Env Vars * Update CI.yml to Use GitLab Env Vars * Update CI.yml to Use GitLab Env Vars * AST-37225 Shared Containers Constants (#684) * AST-37225 const * containers type --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * Bump alpine from 3.19.0 to 3.19.1 (#649) Bumps alpine from 3.19.0 to 3.19.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pedro Lopes <[email protected]> Co-authored-by: Or Shamir Checkmarx <[email protected]> * update-gon-test (#686) * Update gonMac.hcl * Update release.yml * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update result_test.go fix test * Update result_test.go * CLI | Add Missing PackageManager Types (AST-38138) (#691) * add package manager types * add unit test * Change createDependencyMapFromDependencyResolution signature to fix linter errors * fix lint errors * Resolve pr review conversation --------- Co-authored-by: AlvoBen <[email protected]> * changes after merge and testcases --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Tiago Baptista <[email protected]> Co-authored-by: Margarita <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ittai Gilat <[email protected]> Co-authored-by: Pedro Lopes <[email protected]> Co-authored-by: tamarleviCm <[email protected]> Co-authored-by: AlvoBen <[email protected]> Co-authored-by: Or Shamir Checkmarx <[email protected]> Co-authored-by: tiagobcx <[email protected]> Co-authored-by: checkmarx-kobi-hagmi <[email protected]> Co-authored-by: AlvoBen <[email protected]> Co-authored-by: checkmarx-kobi-hagmi <[email protected]> Co-authored-by: elchananarb <[email protected]> Co-authored-by: Phillip Dade <[email protected]> Co-authored-by: elchananarb <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
Many SAST results share matching sub-flows, which as a result share the same fix. This feature locates these sub-flows and filters out redundant results that don't need to be fixed since a fix for other results will fix them as well. This feature is activated by
$ cx results show --scan-id <scan-id> --sast-redundancy
. Activating prioritization will populate adata.redundancy
field asfix
for results that need to be fixed, andredundant
for results that do not need to be fixed.References
#645
Testing
Added unit tests that execute the redundancy logic
Checklist