Explore the docs »
Report Bug
·
Request Feature
Table of Contents
The Checkmarx One GitHub Action enables you to trigger Checkmarx One scans directly from the GitHub workflow. It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling scan customization using the full functionality and flexibility of the CLI tool.
The GitHub Action can be customized to trigger scans when particular actions (e.g., push, or pull request) occur on specific branches of your repo. You can also add pre and post scan steps to your workflow. For example, you can add a step to screen commits to verify if the changes made warrant running a new scan.
The plugin code can be found here.
There is an alternative method for integrating GitHub with Checkmarx One which is done directly from Checkmarx One, see GitHub Cloud. That method is easier to implement but doesn’t enable full customization of the process.
-
Automatically trigger scans from the GitHub workflow, running all Checkmarx One scanners: CxSAST, CxSCA, IaC Security, Container Security, API Security, Secret Detection and Repository Health (OSSF Scorecard).
-
Supports use of CLI arguments to customize scan configuration, enabling you to:
-
Customize filters to specify which folders and files are scanned
-
Apply preset query configurations
-
Customize SCA scans using SCA Resolver
-
Set thresholds to break build
-
-
Shows scan results summary in the GitHub build logs
-
Break build upon policy violation
-
Supports generating reports that are integrated into the GitHub Security alerts
-
Decorates pull requests with info about new vulnerabilities that were identified as well as vulnerabilities that were fixed by the code changes
-
The source code for your project is hosted on a GitHub repo (public or private)
-
You have a Checkmarx One account and you have an OAuth Client ID and Client Secret for that account. To create an OAuth client, see Creating an OAuth Client for Checkmarx One Integrations.
-
Verify that all prerequisites are in place.
-
Configure GitHub secrets for Checkmarx One authentication, as described here.
-
Configure a GitHub Action with a Checkmarx One workflow, as described here.
We’d love to hear your feedback! If you come across a bug or have a feature request, please let us know by submitting an issue in GitHub Issues.
To see how you can use our tool, please refer to the Documentation
We appreciate feedback and contribution to the Github Action! Before you get started, please see the following:
Distributed under the Apache 2.0. See LICENSE for more information.
Checkmarx - AST Integrations Team
Project Link: https://github.com/Checkmarx/ast-github-action
Find more integrations from our team here
© 2022 Checkmarx Ltd. All Rights Reserved.