From d9f788e2221ac05f4511f8443970828774c00036 Mon Sep 17 00:00:00 2001 From: repl-neha-belwal <91696048+repl-neha-belwal@users.noreply.github.com> Date: Mon, 21 Jul 2025 11:22:43 +0530 Subject: [PATCH] Create checkmarx.yml --- .github/workflows/checkmarx.yml | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/checkmarx.yml diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml new file mode 100644 index 0000000..d772d28 --- /dev/null +++ b/.github/workflows/checkmarx.yml @@ -0,0 +1,48 @@ +on: + pull_request: {} + push: + branches: + - main + - master +name: Checkmarx SAST Scan +jobs: + checkmarx-scan: + name: Checkmarx SAST Scan + runs-on: ubuntu-latest + timeout-minutes: 300 + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Run Checkmarx SAST Scan + uses: checkmarx-ts/checkmarx-cxflow-github-action@v2.3 + with: + # Connection parameters + checkmarx_url: https://cmxext.deltek.com + checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }} + checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} + checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} + team: "/CxServer/Security/Deltek/Replicon" + + # Project configuration + project: Replicon-${{ github.event.repository.name }} + scanners: sast + # bug_tracker: GitHub + incremental: false + break_build: false + + # Scan parameters and thresholds + params: >- + --logging.level.com.checkmarx=DEBUG + --namespace=${{ github.repository_owner}} + --checkmarx.settings-override=true + --repo-name=${{ github.event.repository.name}} + --branch=${{ github.ref_name || github.head_ref}} + --checkmarx.scan-timeout=1440 + --cx-flow.filterSeverity + --cx-flow.thresholds.high=1 + --cx-flow.thresholds.medium=1 + --cx-flow.scan-resubmit=true + ${{ github.event.number && format('--merge-id={0}', github.event.number)}} +