Cx sean patch 1

.github/workflows/cx.yml

@@ -1,24 +1,55 @@
-name: cx
+# This is a basic workflow to create GitHub Issues using the Checkmarx CxFlow GitHub Action.  It runs on a pull-request to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USER
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#   - GH_TOKEN
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation,including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: CxFlow-GitHub-Pull-Request
+
+# Controls when the action will run. Triggers the workflow on push or pull request events but only for the master branch
 on:
   pull_request:
+    types: [opened, reopened, synchronize] #Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation.
     branches:
-      - master
-#  push:
+    - master
+    - main
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
 jobs:
-  ast_scan:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
     runs-on: ubuntu-latest
-    name: Checkmarx scan run
     steps:
-      - name: Run scan
-        uses: CheckmarxDev/ast-github-action@more_engines
-        id: scan
-        with:
-          github_repo_token: ${{ secrets.GITHUB_TOKEN }}
-          ast_uri: ${{ secrets.AST_URI }}
-          ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }}
-          ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }}
-          sca_user: ${{ secrets.SCA_USER }}
-          sca_password: ${{ secrets.SCA_PASSWORD }}
-          action_scan_complete_timeout_secs: 600
-          high_results_threshold: 0
-          medium_results_threshold: 10
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: '3.x' # Version range or exact version of a Python version to use, using SemVer's version range syntax
+        architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - run: python my_script.py
+    - uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/[email protected]
+      with:
+        project: ${{ secrets.CHECKMARX_PROJECT }} 
+        team: /CxServer
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }}   # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}  # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}  # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}  # To be stored in GitHub Secrets.
+        sca_tenant: ${{ secrets.SCA_TENANT }}
+        sca_username: ${{ secrets.SCA_USERNAME }}
+        sca_password: ${{ secrets.SCA_PASSWORD }}  
+        incremental: false
+        break_build: false
+        scanners: sca, sast
+        bug_tracker: GITHUBPULL
+        params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }}

README.md

@@ -2,12 +2,12 @@
 
 This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code.123
 
-**The full course content is now available on Github for free:**
+***The full course content is now available on Github for free:***
 
 https://github.com/CSPF-Founder/JavaSecurityCourse
 
-
-**The full course on Hacking and Securing Web Java Programs is available in** 
+**Test
+***The full course on Hacking and Securing Web Java Programs is available in***
 
 https://www.udemy.com/hacking-securing-java-web-programming/