Merge pull request #6 from replicon/RTI-40

repl-neha-belwal · web-flow · commit 41f37689798d · 2025-12-04T14:01:10.000+05:30
RTI-40: Update Checkmarx workflow with scheduled scan support
diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml
@@ -1,48 +1,22 @@
 on:
-  pull_request: {}
+  pull_request:
   push:
     branches:
     - main
     - master
+  schedule:
+    - cron: '0 15 * * 0'
+  workflow_dispatch:
 name: Checkmarx SAST Scan
 jobs:
-  checkmarx-scan:
-       name: Checkmarx SAST Scan
-       runs-on: ubuntu-latest
-       timeout-minutes: 300
+  call-reusable-checkmarx:
+    name: Call Reusable Checkmarx Workflow
+    uses: Replicon/time-intelligence-web/.github/workflows/reusable-checkmarx.yml@main
+    with:
+      timeout_minutes: 90
+      scheduled_timeout_minutes: 360
+    secrets:
+      checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
+      checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
+      checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
 
-       steps:
-            - name: Checkout Code
-              uses: actions/checkout@v4
-
-            - name: Run Checkmarx SAST Scan
-              uses: checkmarx-ts/checkmarx-cxflow-github-action@v2.3
-              with:
-                # Connection parameters
-                checkmarx_url: https://cmxext.deltek.com
-                checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
-                checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
-                checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
-                team: "/CxServer/Security/Deltek/Replicon"
-
-                # Project configuration
-                project: Replicon-${{ github.event.repository.name }}
-                scanners: sast
-                # bug_tracker: GitHub
-                incremental: false
-                break_build: false
-
-                # Scan parameters and thresholds
-                params: >-
-                  --logging.level.com.checkmarx=DEBUG
-                  --namespace=${{ github.repository_owner}}
-                  --checkmarx.settings-override=true
-                  --repo-name=${{ github.event.repository.name}}
-                  --branch=${{ github.ref_name || github.head_ref}}
-                  --checkmarx.scan-timeout=1440
-                  --cx-flow.filterSeverity
-                  --cx-flow.thresholds.high=1
-                  --cx-flow.thresholds.medium=1
-                  --cx-flow.scan-resubmit=true
-                  ${{ github.event.number && format('--merge-id={0}', github.event.number)}}
-  
