Skip to content

Commit d069b61

Browse files
cx-leonardo-fontescx-leonardo-fontes
committed
update checkmarx scan workflow
1 parent 9cce7db commit d069b61

2 files changed

Lines changed: 26 additions & 25 deletions

File tree

.github/workflows/ast-scan.yml

Lines changed: 0 additions & 25 deletions
This file was deleted.

.github/workflows/cx-one-scan.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
name: cx-one-scan
2+
3+
on:
4+
workflow_dispatch:
5+
pull_request:
6+
push:
7+
branches:
8+
- master
9+
schedule:
10+
- cron: '00 7 * * *'
11+
12+
jobs:
13+
cx-one-scan:
14+
name: cx-one-scan
15+
runs-on: ubuntu-latest
16+
steps:
17+
- name: Checkout
18+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
19+
- name: Checkmarx One CLI Action
20+
uses: checkmarx/ast-github-action@86e9ae570a811f9a1fb85903647a307aa3bf6253 # 2.0.44
21+
with:
22+
base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
23+
cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
24+
cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
25+
cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
26+
additional_params: --tags scs --threshold "sast-critical=1; sast-high=1; sast-medium=1; sast-low=1; sca-critical=1; sca-high=1; sca-medium=1; sca-low=1; iac-security-critical=1; iac-security-high=1; iac-security-medium=1;iac-security-low=1"

0 commit comments

Comments
 (0)