From 5b320552f4eb4ab93fe5cd75a793cee448179558 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:18:41 +0300 Subject: [PATCH 01/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d060729..5104466 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@

AST-GITHUB-ACTIONS

-

+


Explore the docs »
From 541cf86a544330d3ad9c0623cb2aadfcaed9560f Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:24:11 +0300 Subject: [PATCH 02/12] up Redman --- Dockerfile | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 762804d..8f89c00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,8 @@ #Use AST Base image FROM checkmarx/ast-cli:2.2.3 -USER root +USER nonroot #Copy the entrypoint script and properties used for the action -COPY entrypoint.sh /app/entrypoint.sh -COPY cleanup.sh /app/cleanup.sh - -RUN chmod +x /app/entrypoint.sh \ - && chmod +x /app/cleanup.sh +COPY --chmod=555 entrypoint.sh /app/entrypoint.sh +COPY --chmod=555 cleanup.sh /app/cleanup.sh From 9bb9cc50d1423c851953b82041208b1dd2d94c12 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:27:03 +0300 Subject: [PATCH 03/12] add /var/log/ --- cleanup.sh | 2 +- entrypoint.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cleanup.sh b/cleanup.sh index a1e12a6..a2abec4 100644 --- a/cleanup.sh +++ b/cleanup.sh @@ -1,6 +1,6 @@ #!/bin/bash -cancelId=(`grep -E '"(ID)":"((\\"|[^"])*)"' ./output.log | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) +cancelId=(`grep -E '"(ID)":"((\\"|[^"])*)"' ./var/log/output.log | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) if [ -z "$cancelId" ] then diff --git a/entrypoint.sh b/entrypoint.sh index b91b39f..24117e6 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,10 +1,10 @@ #!/bin/bash -output_file=./output.log +output_file=./var/log/output.log eval "arr=(${ADDITIONAL_PARAMS})" /app/bin/cx scan create --project-name "${PROJECT_NAME}" -s "." --branch "${BRANCH#refs/heads/}" --scan-info-format json --agent "Github Action" "${arr[@]}" | tee -i $output_file -exitCode=${PIPESTATUS[0]} +exitCode=${PIPESTATUS[0]}`` scanId=(`grep -E '"(ID)":"((\\"|[^"])*)"' $output_file | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) From 77f29dc1897ef46f4642f81a5f2b60fa7cec72f0 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:31:42 +0300 Subject: [PATCH 04/12] revert --- Dockerfile | 9 ++++++--- cleanup.sh | 2 +- entrypoint.sh | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f89c00..762804d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,11 @@ #Use AST Base image FROM checkmarx/ast-cli:2.2.3 -USER nonroot +USER root #Copy the entrypoint script and properties used for the action -COPY --chmod=555 entrypoint.sh /app/entrypoint.sh -COPY --chmod=555 cleanup.sh /app/cleanup.sh +COPY entrypoint.sh /app/entrypoint.sh +COPY cleanup.sh /app/cleanup.sh + +RUN chmod +x /app/entrypoint.sh \ + && chmod +x /app/cleanup.sh diff --git a/cleanup.sh b/cleanup.sh index a2abec4..a1e12a6 100644 --- a/cleanup.sh +++ b/cleanup.sh @@ -1,6 +1,6 @@ #!/bin/bash -cancelId=(`grep -E '"(ID)":"((\\"|[^"])*)"' ./var/log/output.log | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) +cancelId=(`grep -E '"(ID)":"((\\"|[^"])*)"' ./output.log | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) if [ -z "$cancelId" ] then diff --git a/entrypoint.sh b/entrypoint.sh index 24117e6..b91b39f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,10 +1,10 @@ #!/bin/bash -output_file=./var/log/output.log +output_file=./output.log eval "arr=(${ADDITIONAL_PARAMS})" /app/bin/cx scan create --project-name "${PROJECT_NAME}" -s "." --branch "${BRANCH#refs/heads/}" --scan-info-format json --agent "Github Action" "${arr[@]}" | tee -i $output_file -exitCode=${PIPESTATUS[0]}`` +exitCode=${PIPESTATUS[0]} scanId=(`grep -E '"(ID)":"((\\"|[^"])*)"' $output_file | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) From 2fc38018f3671bd28701ffdb9db6192ea8dcff1b Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:48:14 +0300 Subject: [PATCH 05/12] change threshold to past --- .github/workflows/checkmarx-one-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-one-scan.yml b/.github/workflows/checkmarx-one-scan.yml index 0924fb3..98c3027 100644 --- a/.github/workflows/checkmarx-one-scan.yml +++ b/.github/workflows/checkmarx-one-scan.yml @@ -15,4 +15,4 @@ jobs: cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} - additional_params: --tags phoenix --threshold "sast-high=1;sca-high=1;sca-medium=3;sca-low=1" --debug + additional_params: --tags phoenix --threshold "sast-high=100;sca-high=100;sca-medium=300;sca-low=100" --debug From db15a7ec6fbc674cb1fee0b11cae858b601b51b8 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:51:53 +0300 Subject: [PATCH 06/12] trigger pipe --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5104466..d060729 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@

AST-GITHUB-ACTIONS

-

+


Explore the docs »
From 5537b24ce90daf6336e91e3875e6c256107a3053 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:53:40 +0300 Subject: [PATCH 07/12] Mkdir /log in docker file --- Dockerfile | 7 ++++--- cleanup.sh | 2 +- entrypoint.sh | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 762804d..2524176 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,12 @@ #Use AST Base image FROM checkmarx/ast-cli:2.2.3 -USER root +USER nonroot +run mkdir /log #Copy the entrypoint script and properties used for the action -COPY entrypoint.sh /app/entrypoint.sh -COPY cleanup.sh /app/cleanup.sh +COPY --chmod=555 entrypoint.sh /app/entrypoint.sh +COPY --chmod=555 cleanup.sh /app/cleanup.sh RUN chmod +x /app/entrypoint.sh \ && chmod +x /app/cleanup.sh diff --git a/cleanup.sh b/cleanup.sh index a1e12a6..d7ab4aa 100644 --- a/cleanup.sh +++ b/cleanup.sh @@ -1,6 +1,6 @@ #!/bin/bash -cancelId=(`grep -E '"(ID)":"((\\"|[^"])*)"' ./output.log | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) +cancelId=(`grep -E '"(ID)":"((\\"|[^"])*)"' ./log/output.log | cut -d',' -f1 | cut -d':' -f2 | tr -d '"'`) if [ -z "$cancelId" ] then diff --git a/entrypoint.sh b/entrypoint.sh index b91b39f..d4d9952 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -output_file=./output.log +output_file=./log/output.log eval "arr=(${ADDITIONAL_PARAMS})" /app/bin/cx scan create --project-name "${PROJECT_NAME}" -s "." --branch "${BRANCH#refs/heads/}" --scan-info-format json --agent "Github Action" "${arr[@]}" | tee -i $output_file From 66752d5e729519a5ef36f07c056c21979179abd7 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 13:54:37 +0300 Subject: [PATCH 08/12] rm chmod +x --- Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2524176..d455e72 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,3 @@ run mkdir /log #Copy the entrypoint script and properties used for the action COPY --chmod=555 entrypoint.sh /app/entrypoint.sh COPY --chmod=555 cleanup.sh /app/cleanup.sh - -RUN chmod +x /app/entrypoint.sh \ - && chmod +x /app/cleanup.sh From d98bd6d04ed238b87b5e6c7bf58dfc9f8e4c32ee Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 14:03:19 +0300 Subject: [PATCH 09/12] change WORKDIR from makdir --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d455e72..a1f3632 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,10 @@ FROM checkmarx/ast-cli:2.2.3 USER nonroot -run mkdir /log +RUN WORKDIR /log #Copy the entrypoint script and properties used for the action COPY --chmod=555 entrypoint.sh /app/entrypoint.sh COPY --chmod=555 cleanup.sh /app/cleanup.sh + +RUN chmod +x /app/entrypoint.sh \ + && chmod +x /app/cleanup.sh From 9a682ce336f5130e2833f9961967a9d8e4dbc3b2 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 14:06:58 +0300 Subject: [PATCH 10/12] add root before mkdir --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a1f3632..99b4d8b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,12 @@ #Use AST Base image FROM checkmarx/ast-cli:2.2.3 +USER root + +RUN mkdir -p /var + USER nonroot -RUN WORKDIR /log #Copy the entrypoint script and properties used for the action COPY --chmod=555 entrypoint.sh /app/entrypoint.sh COPY --chmod=555 cleanup.sh /app/cleanup.sh From fa0e1fa9f044cb676badd4ae3ad9e7e2664959db Mon Sep 17 00:00:00 2001 From: elchananarb Date: Tue, 10 Sep 2024 14:12:08 +0300 Subject: [PATCH 11/12] rm chmod +x --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 99b4d8b..a93aadb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,5 +11,3 @@ USER nonroot COPY --chmod=555 entrypoint.sh /app/entrypoint.sh COPY --chmod=555 cleanup.sh /app/cleanup.sh -RUN chmod +x /app/entrypoint.sh \ - && chmod +x /app/cleanup.sh From 1db3dce8d54824f042189c7841baefdc78edf5f8 Mon Sep 17 00:00:00 2001 From: elchananarb Date: Mon, 16 Sep 2024 19:24:34 +0300 Subject: [PATCH 12/12] mkdir /log --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a93aadb..b449d54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM checkmarx/ast-cli:2.2.3 USER root -RUN mkdir -p /var +RUN mkdir -p /log USER nonroot