Skip to content

RTI-40 : Set Scan-Resubmit to True #4

RTI-40 : Set Scan-Resubmit to True

RTI-40 : Set Scan-Resubmit to True #4

Workflow file for this run

on:
pull_request: {}
push:
branches:
- main
- master
schedule:
# Run on the 28th of every month at 2 AM UTC (safe for all months)
- cron: '0 2 28 * *'
workflow_dispatch:
name: Checkmarx SAST Scan
jobs:
checkmarx-scan:
name: Checkmarx SAST Scan
runs-on: ubuntu-latest
timeout-minutes: 90
if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' # Skip this job on scheduled runs
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Run Checkmarx SAST Scan
uses: checkmarx-ts/[email protected]
with:
# Connection parameters
checkmarx_url: https://cmxext.deltek.com
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
team: "/CxServer/Security/Deltek/Replicon"
# Project configuration
project: Replicon-${{ github.event.repository.name }}
scanners: sast
# bug_tracker: GitHub
incremental: true
break_build: false
# Scan parameters and thresholds
params: >-
--namespace=${{ github.repository_owner}}
--checkmarx.settings-override=true
--repo-name=${{ github.event.repository.name}}
--branch=${{ github.ref_name || github.head_ref}}
--cx-flow.filterSeverity
--cx-flow.thresholds.high=1
--cx-flow.thresholds.medium=1
--cx-flow.scan-resubmit=true
${{ github.event.number && format('--merge-id={0}', github.event.number)}}
checkmarx-scheduled-scan:
name: Checkmarx scheduled SAST Scan
runs-on: ubuntu-latest
timeout-minutes: 360
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
- name: Run Checkmarx SAST Scan
uses: checkmarx-ts/[email protected]
with:
# Connection parameters
checkmarx_url: https://cmxext.deltek.com
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
team: "/CxServer/Security/Deltek/Replicon"
# Project configuration
project: Replicon-${{ github.event.repository.name }}
scanners: sast
# bug_tracker: GitHub
incremental: false
break_build: false
# Scan parameters and thresholds
params: >-
--namespace=${{ github.repository_owner}}
--checkmarx.settings-override=true
--repo-name=${{ github.event.repository.name}}
--branch=${{ github.event.repository.default_branch }}
--cx-flow.filterSeverity
--cx-flow.thresholds.high=1
--cx-flow.thresholds.medium=1
--cx-flow.scan-resubmit=true