sync

.github/workflows/ast-scan.yml

@@ -0,0 +1,25 @@
+name: Checkmarx One Scan
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '00 7 * * *' # Every day at 07:00
+
+jobs:
+  cx-scan:
+    name: Checkmarx One Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkmarx One CLI Action
+        uses: checkmarx/ast-github-action@03a90e7253dadd7e2fff55f5dfbce647b39040a1 # v.2.0.37
+        with:
+          base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
+          cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
+          cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
+          additional_params: --tags phoenix --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1"

.github/workflows/ci.yml

@@ -6,6 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - name: Use Node.js 22.11.0
         uses: actions/[email protected]
         with:

.github/workflows/update-cli.yml

@@ -1,53 +1,29 @@
-name: Update Checkmarx AST CLI
-
+name: Update checkmarx ast cli
 on:
   workflow_dispatch:
-    inputs:
-      new_cli_version:
-        description: 'New CLI version (optional)'
-        required: false
   schedule:
     - cron: '0 0 * * *'
 
 jobs:
   update-checkmarx-cli:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v4
 
-      # Fetch the latest Checkmarx AST CLI version
       - name: Get Latest Checkmarx API version
         id: checkmarx-ast-cli
         run: |
-          if [ "${{ github.event.inputs.new_cli_version }}" ]; then
-            LATEST_VERSION=${{ github.event.inputs.new_cli_version }}
-          else
-            LATEST_VERSION=$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
-          fi
-          CURRENT_VERSION=$(<checkmarx-ast-cli.version)
-          echo ::set-output name=release_tag::$LATEST_VERSION
-          echo ::set-output name=current_tag::$CURRENT_VERSION
+          echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
+          echo ::set-output name=current_tag::$(<checkmarx-ast-cli.version)
 
-      # Update the version file if the latest version differs
-      - name: Update Checkmarx CLI version in version file
+      - name: Update Checkmarx cli version
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
         env:
           RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
         run: |
+          # Update current release
           echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version
 
-      # Update the TypeScript file's cliDefaultVersion field
-      - name: Update cliDefaultVersion in CxInstaller.ts
-        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
-        env:
-          NEW_CLI_VERSION: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
-        run: |
-          FILE_PATH="src/main/osinstaller/CxInstaller.ts"
-          # Ensure that 'cliDefaultVersion' is updated correctly
-          sed -i "s/\(cliDefaultVersion = '\)[^']*\(';\)/\1${NEW_CLI_VERSION}\2/" $FILE_PATH
-
-      # Create a Pull Request with the version changes
       - name: Create Pull Request
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
         uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6

checkmarx-ast-cli.version

@@ -1 +1 @@
-2.3.5
+2.2.5

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@CheckmarxDev/ast-cli-javascript-wrapper-runtime-cli",
-  "version": "1.0.6",
+  "version": "1.0.1",
   "description": "AST CLI Javascript wrapper runtime CLI",
   "main": "dist/main/wrapper/CxWrapper.js",
   "typings": "dist/main/wrapper/CxWrapper.d.ts",
@@ -22,7 +22,7 @@
     "postbuild": "copyfiles -u 1 src/tests/data/* dist/;",
     "lint": "eslint . --ext .ts",
     "lint-and-fix": "eslint . --ext .ts --fix",
-    "test": "copyfiles -u 1 src/tests/data/* dist/; tsc && jest --runInBand"
+    "test": "copyfiles -u 1 src/tests/data/* dist/; tsc && jest"
   },
   "repository": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper-runtime-cli.git",
   "author": "Jay Nanduri",

src/main/vorpal/VorpalScanDetail.ts → src/main/asca/AscaScanDetail.ts

@@ -1,4 +1,4 @@
-export default class VorpalScanDetail {
+export default class AscaScanDetail {
     ruleId: number;
     language: string;
     ruleName: string;

src/main/vorpal/CxVorpal.ts → src/main/asca/CxAsca.ts

@@ -1,10 +1,10 @@
-import VorpalScanDetail from "./VorpalScanDetail";
+import AscaScanDetail from "./AscaScanDetail";
 
-export default class CxVorpal {
+export default class CxAsca {
     requestId: string;
     status: boolean;
     message: string;
-    scanDetails: VorpalScanDetail[];
+    scanDetails: AscaScanDetail[];
     error: any;
 
     constructor() {
@@ -15,16 +15,16 @@ export default class CxVorpal {
         this.error = null;
     }
 
-    static parseScan(resultObject: any): CxVorpal {
-        const scan = new CxVorpal();
+    static parseScan(resultObject: any): CxAsca {
+        const scan = new CxAsca();
         scan.requestId = resultObject.request_id;
         scan.status = resultObject.status;
         scan.message = resultObject.message;
         scan.error = resultObject.error;
 
         if (resultObject.scan_details instanceof Array) {
             scan.scanDetails = resultObject.scan_details.map((detail: any) => {
-                const scanDetail = new VorpalScanDetail();
+                const scanDetail = new AscaScanDetail();
                 scanDetail.ruleId = detail.rule_id;
                 scanDetail.language = detail.language;
                 scanDetail.ruleName = detail.rule_name;

src/main/client/AstClient.ts

@@ -27,3 +27,4 @@ export class AstClient {
         }
     }
 }
+