Skip to content

Commit dab12e5

Browse files
cx-noam-brendelcx-noam-brendel
authored
fix(security): restore iac-security-high threshold to 1
Reverts commit 550d8a1 which changed iac-security-high from 1 to 2, silently allowing one IaC high-severity vulnerability to pass the security gate undetected. All thresholds should be consistent at 1.
1 parent e3f1356 commit dab12e5

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/checkmarx-one-scan.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,4 @@ jobs:
2222
cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
2323
cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
2424
cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
25-
additional_params: --tags phoenix --threshold "sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;iac-security-critical=1;iac-security-high=2;iac-security-medium=1;iac-security-low=1;"
25+
additional_params: --tags phoenix --threshold "sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1;"

0 commit comments

Comments
 (0)