Skip to content

Add SCA Triage Show and Update Support (AST-14824) #933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cx-rahul-pidde wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add SCA Triage Show and Update Support (AST-14824) #933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5ae4722
Added changed to show or update SCA triage
cx-rahul-pidde Dec 4, 2025
72e02ae
removed comment
cx-rahul-pidde Dec 4, 2025
59cdaf4
updated CLI binaries
cx-rahul-pidde Dec 4, 2025
e652056
updated test
cx-rahul-pidde Dec 4, 2025
64580b9
updated test
cx-rahul-pidde Dec 4, 2025
d4a8504
updated test cases
cx-rahul-pidde Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion checkmarx-ast-cli.version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.3.40
2.3.40-sca-triage
1 change: 1 addition & 0 deletions src/main/wrapper/CxConstants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
export enum CxConstants {
VULNERABILITIES = "--vulnerabilities",
IGNORE__FILE_PATH = "--ignored-file-path",
SOURCE = "-s",
VERBOSE = "-v",
Expand Down
28 changes: 28 additions & 0 deletions src/main/wrapper/CxWrapper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,34 @@ export class CxWrapper {
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE);
}

async triageSCAShow(projectId: string, vulnerabilities: string, scanType: string): Promise<CxCommandOutput> {
const commands: string[] = [
CxConstants.CMD_TRIAGE,
CxConstants.SUB_CMD_SHOW,
CxConstants.SCAN_TYPES_SUB_CMD, scanType,
CxConstants.VULNERABILITIES, vulnerabilities,
CxConstants.PROJECT_ID, projectId
];
commands.push(...this.initializeCommands(true));
const exec = new ExecutionService();
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE);
}

async triageSCAUpdate(projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string): Promise<CxCommandOutput> {
const commands: string[] = [
CxConstants.CMD_TRIAGE,
CxConstants.SUB_CMD_UPDATE,
CxConstants.SCAN_TYPES_SUB_CMD, scanType,
CxConstants.VULNERABILITIES, vulnerabilities,
CxConstants.STATE, state,
CxConstants.COMMENT, comment,
CxConstants.PROJECT_ID, projectId
];
commands.push(...this.initializeCommands(false));
const exec = new ExecutionService();
return await exec.executeCommands(this.config.pathToExecutable, commands);
}

async triageUpdate(projectId: string, similarityId: string, scanType: string, state: string, comment: string, severity: string, stateId: number | null = null): Promise<CxCommandOutput> {
const commands: string[] = [CxConstants.CMD_TRIAGE, CxConstants.SUB_CMD_UPDATE, CxConstants.PROJECT_ID, projectId, CxConstants.SIMILARITY_ID, similarityId, CxConstants.SCAN_TYPES_SUB_CMD, scanType, CxConstants.STATE, state, CxConstants.COMMENT, comment, CxConstants.SEVERITY, severity];
if (stateId) {
Expand Down
4 changes: 2 additions & 2 deletions src/main/wrapper/resources/cx-linux
View file
Open in desktop
Git LFS file not shown
4 changes: 2 additions & 2 deletions src/main/wrapper/resources/cx-mac
View file
Open in desktop
Git LFS file not shown
4 changes: 2 additions & 2 deletions src/main/wrapper/resources/cx.exe
View file
Open in desktop
Git LFS file not shown
58 changes: 58 additions & 0 deletions src/tests/PredicateTest.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,19 @@ describe("Triage cases", () => {
);
expect(cxUpdate.exitCode).toEqual(0);
};

// Helper for SCA triage show
const handleTriageSCAShow = async (projectId: string, vulnerabilities: string, scanType: string) => {
const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
expect(cxShow.exitCode).toEqual(0);
};

// Helper for SCA triage update
const handleTriageSCAUpdate = async (projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string) => {
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
expect(cxUpdate.exitCode).toEqual(0);
};

const handlegetStates = async () => {
const cxCommandOutput: CxCommandOutput = await auth.triageGetStates(false);
console.log("Json object from states successful case: " + JSON.stringify(cxCommandOutput));
Expand All @@ -47,12 +60,57 @@ describe("Triage cases", () => {
return cxCommandOutput
};

it('SCA Triage Show and Update Successful case', async () => {
const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven";
const scanType = "sca";
const state = "To_verify";
const comment = "comment1";
await handleTriageSCAShow(projectId, vulnerabilities, scanType);
await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
});

it('SCA Triage Show and Update Failure case', async () => {
const projectId = "invalid-project-id";
const vulnerabilities = "invalid-vulnerability-string";
const scanType = "invalid";
const state = "invalid_state";
const comment = "invalid_comment";

const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
expect(cxShow.exitCode).not.toEqual(0);

const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
expect(cxUpdate.exitCode).not.toEqual(0);
});

it('SCA Triage Show and Update with empty vulnerabilities', async () => {
const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
const vulnerabilities = "";
const scanType = "sca";
const state = "To_verify";
const comment = "comment1";
const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
expect(cxShow.exitCode).not.toEqual(0);

const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
expect(cxUpdate.exitCode).not.toEqual(0);
});

it('SCA Triage Show and Update with null/undefined arguments', async () => {
const cxShow: CxCommandOutput = await auth.triageSCAShow(undefined, undefined, undefined);
expect(cxShow.exitCode).not.toEqual(0);
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(undefined, undefined, undefined, undefined, undefined);
expect(cxUpdate.exitCode).not.toEqual(0);
});

it('Triage Successful case', async () => {
const { scan, result } = await getScanAndResult();
await handleTriageShow(scan, result);
await handleTriageUpdate(scan, result, result.state, result.severity.toLowerCase() === "high" ? CxConstants.SEVERITY_MEDIUM : CxConstants.SEVERITY_HIGH);
});


it.skip('Triage with custom state Successful case', async () => {
const { scan, result } = await getScanAndResult();

Expand Down