diff --git a/.github/workflows/checkmarx.yml b/.github/workflows/checkmarx.yml index d772d28..33279ba 100644 --- a/.github/workflows/checkmarx.yml +++ b/.github/workflows/checkmarx.yml @@ -1,48 +1,22 @@ on: - pull_request: {} + pull_request: push: branches: - main - master + schedule: + - cron: '0 15 * * 0' + workflow_dispatch: name: Checkmarx SAST Scan jobs: - checkmarx-scan: - name: Checkmarx SAST Scan - runs-on: ubuntu-latest - timeout-minutes: 300 + call-reusable-checkmarx: + name: Call Reusable Checkmarx Workflow + uses: Replicon/time-intelligence-web/.github/workflows/reusable-checkmarx.yml@main + with: + timeout_minutes: 90 + scheduled_timeout_minutes: 360 + secrets: + checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }} + checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} + checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Run Checkmarx SAST Scan - uses: checkmarx-ts/checkmarx-cxflow-github-action@v2.3 - with: - # Connection parameters - checkmarx_url: https://cmxext.deltek.com - checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }} - checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} - checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} - team: "/CxServer/Security/Deltek/Replicon" - - # Project configuration - project: Replicon-${{ github.event.repository.name }} - scanners: sast - # bug_tracker: GitHub - incremental: false - break_build: false - - # Scan parameters and thresholds - params: >- - --logging.level.com.checkmarx=DEBUG - --namespace=${{ github.repository_owner}} - --checkmarx.settings-override=true - --repo-name=${{ github.event.repository.name}} - --branch=${{ github.ref_name || github.head_ref}} - --checkmarx.scan-timeout=1440 - --cx-flow.filterSeverity - --cx-flow.thresholds.high=1 - --cx-flow.thresholds.medium=1 - --cx-flow.scan-resubmit=true - ${{ github.event.number && format('--merge-id={0}', github.event.number)}} -