Update xss-example.js #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Mobb/Checkamrx Fixer on pull requests | |
| # This workflow defines the needed steps to run Checkmarx on every pull request and pass the results to Mobb Fixer. | |
| # | |
| # Secrets in use (add your missing ones): | |
| # CX_TENANT - your Checkmarx tenant name (found in your Checkmarx settings) | |
| # CX_API_TOKEN - your Checkmarx credentials (find how to get it here: https://checkmarx.com/resource/documents/en/34965-68775-generating-a-refresh-token--api-key-.html) | |
| # CX_BASE_URI - your Checkmarx app url, e.g. "https://ast.checkmarx.net/" | |
| # CX_BASE_AUTH_URI - your Checkmarx auth url, e.g. "https://iam.checkmarx.net/" | |
| # MOBB_API_TOKEN - your mobb user credentials (autumatially set if you used the Mobb app to configure the integration) | |
| # GITHUB_TOKEN - automatically set by GitHub | |
| name: "Mobb/Checkmarx" | |
| on: | |
| pull_request: | |
| branches: ["*"] | |
| jobs: | |
| scan-and-fix: | |
| name: Scan with Checkmarx and fix with Mobb | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 360 | |
| permissions: | |
| pull-requests: write | |
| statuses: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Download and configure Checkmarx CLI | |
| run: | | |
| wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz | |
| tar -xf checkmarx.tar.gz | |
| ./cx configure set --prop-name cx_apikey --prop-value ${{ secrets.CX_API_TOKEN }} | |
| ./cx configure set --prop-name cx_base_auth_uri --prop-value ${{ secrets.CX_BASE_AUTH_URI }} | |
| ./cx configure set --prop-name cx_base_uri --prop-value ${{ secrets.CX_BASE_URI }} | |
| ./cx configure set --prop-name cx_tenant --prop-value ${{ secrets.CX_TENANT }} | |
| shell: bash -l {0} | |
| - name: Run Checkmarx SAST scan | |
| run: ./cx scan create --project-name ${{ github.repository }} -s ./ --report-format json --scan-types sast --branch nobranch --threshold "sast-high=1; sast-medium=1; sast-low=1" | |
| shell: bash -l {0} | |
| - name: Run Mobb on the findings and get fixes | |
| if: always() | |
| uses: mobb-dev/action/[email protected] | |
| with: | |
| report-file: cx_result.json | |
| api-key: ${{ secrets.MOBB_API_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| scanner: checkmarx |