AST CLI 2.0.0-rc.23

Changelog

12a0bd4 Feature/sca resolver (#268)

Docker images

• docker pull cxsdlc/ast-cli:2.0.0-rc.23
• docker pull checkmarx/ast-cli:2.0.0-rc.23

AST CLI 2.0.0-rc.22

Changelog

58e1751 added cgo flag (#263)

Docker images

• docker pull cxsdlc/ast-cli:2.0.0-rc.22
• docker pull checkmarx/ast-cli:2.0.0-rc.22

AST CLI 2.0.0-rc.21

Changelog

7986568 AST-4609 mark project name as a required flag (#259)

Docker images

• docker pull cxsdlc/ast-cli:2.0.0-rc.21
• docker pull checkmarx/ast-cli:2.0.0-rc.21

AST CLI 2.0.0-rc.20

Changelog

c41d36c AST-4687 add *.yml to default inclusion list (#257)

Docker images

• docker pull cxsdlc/ast-cli:2.0.0-rc.20
• docker pull checkmarx/ast-cli:2.0.0-rc.20

2.0.0_RC13: Feature/ntlm (#220)

* - added support for ntlm.

* Added working NTLM proxy support.

This introduced the environment variable CX_PROXY_AUTH_TYPE which is associated with the CLI argument (--proxy-auth-type). The proxy type is either "basic" or "ntlm", indicating to use either basic auth or ntlm auth.

When using NTLM proxies the environment variable CX_PROXY_NTLM_DOMAIN and CLI argument (--proxy-ntlm-domain) also apply. This value is required and used to determine the NTLM domain to use.

In order to use NTLM proxy mode you need included the username and password in the proxy URL according W3C URL specs, example:

http://myuser:[email protected]:4242

* - Code cleanup.

* - Code cleanup.

* - Code cleanup.

* - Code cleanup

* - Code cleanup.

* - Code cleanup.

* - Code cleanup

* - Add "no lint" to the MD4 hash functions. These are required by NTLMv2 and we must use it for NTLM support.

* - Updated client version to RC13.

* - CX_HTTP_PROXY is now named HTTP_PROXY.
- (configure set) now accepts property name HTTP_PROXY instead of CX_HTTP_PROXY
- Added documentation for how to use NTLM proxy

* - Cleaned ntlm proxy messages.

* - Corrected issue with basic auth proxy.

* -Fixed getClient() parameter issue.

2.0.0_RC12

Added step to check the scan status and exit (#219)

2.0.0_RC11

clean readme and add cx_tenant to description (#208)

2.0.0_RC10: Feature/scan project (#201)

* The (--sources) argument can now handle GIT repo, zip, and directory scans.

- removed (-d | --directory option
- removed (-r | --repo-url) option
- NOTE: this assumes compressed files are of type (.zip)
- NOTE: this assumes GIT repo URLS start with (https:// or http://)
- Removed extra message when create scan: "ERROR SENDING THE SCAN"

* Correcting linting issues.

* Linting correction.

* - Corrected (--sources) help.

* - Updated to RC10

2.0.0_RC9: Feature/mock results (#199)

* - Added (results list-simple) command. This fetches results from AST and generates a simplified, easily consumable form.
- Current the fetching results process is mocked to look for file named "mock-results.json".

* - Results (--list-simple) has (--target) flag to indicate where output should be stored.

* - Updated CircleCI go version to 1.16.2. Units failing because of missiong functinality in 1.13.

* - The updated CircleCI executor to Ubuntu 20.

* -Updated CircleCI GoLang linter.

* - Code clean-up.

* - Refactored code to pass lint checks.

* - Turned on unit testing logging.

* - (project create) was using os.Exit() when the name wasn't found. This is fixed.

* - Removed debug message from CLI output.

* - Disabled BFL tests.

* - (project create) now correctly throws exception when project name isn't provided.

2.0.0_RC8: Resolving vulnerabilities detected by Checkmarx: (#195)

* Resolving vulnerabilities detected by Checkmarx:

* Denial_Of_Service_Resource_Exhaustion in configuration.go line 123

* SSRF in client.go line 221

* Vulnerability configuration.go

* Golang lint fixes.