checkmarx-ltd
diff --git a/‎Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml
+3-1 b/‎Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml
+3-1
diff --git a/‎Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml
+3-1 b/‎Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml
+3-1
diff --git a/‎Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml
+48-103 b/‎Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml
+48-103
diff --git a/‎Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml
+49-154 b/‎Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml
+49-154
diff --git a/‎Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml
+12-8 b/‎Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml
+12-8
diff --git a/‎Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml
+54-3 b/‎Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml
+54-3
diff --git a/‎Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml
+33-3 b/‎Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml
+33-3
@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<unload unload_date="2024-12-20 12:24:17">
+<unload unload_date="2025-02-07 05:30:05">
 <sys_script_include action="INSERT_OR_UPDATE">
 <access>public</access>
 <active>true</active>
 <api_name>x_chec3_chexone.CheckmarxOneAppListIntegration</api_name>
 <caller_access/>
 <client_callable>false</client_callable>
 <description>Integration script for use with the CheckmarxOne Application List Integration run.</description>
+<mobile_callable>false</mobile_callable>
 <name>CheckmarxOneAppListIntegration</name>
+<sandbox_callable>false</sandbox_callable>
 <script><![CDATA[var CheckmarxOneAppListIntegration = Class.create();
 CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.ApplicationVulnerabilityIntegrationBase, {
 
 
@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<unload unload_date="2024-12-20 12:24:20">
+<unload unload_date="2025-02-07 05:33:25">
 <sys_script_include action="INSERT_OR_UPDATE">
 <access>public</access>
 <active>true</active>
 <api_name>x_chec3_chexone.CheckmarxOneAppListProcessor</api_name>
 <caller_access/>
 <client_callable>false</client_callable>
 <description>Converts the appinfo xml data into a json object that can be consumed by the VR Application Vulnerability API.</description>
+<mobile_callable>false</mobile_callable>
 <name>CheckmarxOneAppListProcessor</name>
+<sandbox_callable>false</sandbox_callable>
 <script><![CDATA[var CheckmarxOneAppListProcessor = Class.create();
 CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.ApplicationVulnerabilityImportProcessorBase, {
     /*
 
@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<unload unload_date="2024-12-20 12:24:35">
+<unload unload_date="2025-02-07 05:40:43">
 <sys_script_include action="INSERT_OR_UPDATE">
 <access>package_private</access>
 <active>true</active>
 <api_name>x_chec3_chexone.CheckmarxOneConfigUtilBase</api_name>
 <caller_access/>
 <client_callable>false</client_callable>
 <description>Wrapper class to assemble the components for Checkmarx One Configuration Calls.</description>
+<mobile_callable>false</mobile_callable>
 <name>CheckmarxOneConfigUtilBase</name>
+<sandbox_callable>false</sandbox_callable>
 <script><![CDATA[var CheckmarxOneConfigUtilBase = Class.create();
 CheckmarxOneConfigUtilBase.prototype = {
     initialize: function() {},
@@ -66,22 +68,24 @@ CheckmarxOneConfigUtilBase.prototype = {
                 "checkmarxone_api_base_url": gr.getValue("checkmarxone_api_base_url"),
                 "checkmarxone_server_url": gr.getValue("checkmarxone_server_url"),
                 "include_first_detection_date": gr.getValue("include_first_detection_date") === "1",
+                "include_only_similarity_id": gr.getValue("include_only_similarity_id") === "1",
                 "import_sca": gr.getValue("import_sca") === "1",
                 "import_sast": gr.getValue("import_sast") === "1",
                 "import_kics": gr.getValue("import_kics") === "1",
-				"exclude_dev_and_test_dependencies": gr.getValue("exclude_dev_and_test_dependencies") === "1",
+                "include_container_security": gr.getValue("include_container_security") === "1",
+                "exclude_dev_and_test_dependencies": gr.getValue("exclude_dev_and_test_dependencies") === "1",
                 "triaging_in_snow": gr.getValue("triaging_in_snow") === "1",
                 "vulnerability_threshold_level": gr.getValue("vulnerability_threshold_level"),
                 "scan_synchronization": gr.getValue("scan_synchronization"),
                 "access_token": gr.access_token.getDecryptedValue(),
                 "sync_only_primary_branch": gr.getValue("sync_only_primary_branch") === "1",
                 "list_projects": gr.getValue("list_of_project_id_s"),
-				"result_states": gr.getValue("result_states"),
-				"link": gr.getValue("link"),
+                "result_states": gr.getValue("result_states"),
+                "link": gr.getValue("link"),
                 "project_filter_by_name": gr.getValue("project_filter_by_name"),
                 "filter_project": gr.getValue("filter_project"),
-				"severity": gr.getValue("severity"),
-				"scan_type" : gs.nil(gr.getValue("scan_type")) ? "" : gr.getValue("scan_type"),
+                "severity": gr.getValue("severity"),
+                "scan_type": gs.nil(gr.getValue("scan_type")) ? "" : gr.getValue("scan_type"),
             };
 
             new sn_sec_int.Implementation().setConfiguration(instance, newconfig);
@@ -96,13 +100,13 @@ CheckmarxOneConfigUtilBase.prototype = {
 <sys_created_by>admin</sys_created_by>
 <sys_created_on>2022-11-17 05:45:19</sys_created_on>
 <sys_id>508f0d54471f1110328ca368436d43f8</sys_id>
-<sys_mod_count>64</sys_mod_count>
+<sys_mod_count>66</sys_mod_count>
 <sys_name>CheckmarxOneConfigUtilBase</sys_name>
 <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
 <sys_policy/>
 <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
 <sys_update_name>sys_script_include_508f0d54471f1110328ca368436d43f8</sys_update_name>
 <sys_updated_by>admin</sys_updated_by>
-<sys_updated_on>2024-11-05 10:44:52</sys_updated_on>
+<sys_updated_on>2025-01-21 07:27:57</sys_updated_on>
 </sys_script_include>
 </unload>
@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<unload unload_date="2024-12-20 12:24:40">
+<unload unload_date="2025-02-07 05:42:00">
 <sys_script_include action="INSERT_OR_UPDATE">
 <access>public</access>
 <active>true</active>
 <api_name>x_chec3_chexone.CheckmarxOneScanSummaryIntegration</api_name>
 <caller_access/>
 <client_callable>false</client_callable>
 <description>Integration script for the CheckmarxOne Scan Summary Integration.</description>
+<mobile_callable>false</mobile_callable>
 <name>CheckmarxOneScanSummaryIntegration</name>
+<sandbox_callable>false</sandbox_callable>
 <script><![CDATA[var CheckmarxOneScanSummaryIntegration = Class.create();
 CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.ApplicationVulnerabilityIntegrationBase, {
 
@@ -59,11 +61,13 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
             var scaScanSummaryAll = '';
             var sastScanSummaryAll = '';
             var kicsScanSummaryAll = '';
+            var containerSecurityScanSummaryAll = '';
             var includescanSummaryAll = '';
             var newoffset = offsetId - 1;
             var includesca = this.UTIL.importScaFlaw(this.IMPLEMENTATION);
             var includesast = this.UTIL.importSastFlaw(this.IMPLEMENTATION);
             var includekics = this.UTIL.importKicsFlaw(this.IMPLEMENTATION);
+            var includeContainerSecurity = this.UTIL.importContainerSecurityFlaw(this.IMPLEMENTATION);
             var config = this.UTIL._getConfig(this.IMPLEMENTATION);
             var scan_synchronization = config.scan_synchronization.toString();
             var primaryBranch = '';
@@ -93,16 +97,20 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
             var prvSastScanIdBranch = '';
             var prvScaScanIdBranch = '';
             var prvKicsScanIdBranch = '';
+            var prvConSecScanIdBranch = '';
             var sastPrvScanId = '';
             var scaPrvScanId = '';
             var kicsPrvScanId = '';
+            var conSecPrvScanId = '';
             var lastSastDate;
             var lastScaDate;
             var lastKicsDate;
+            var lastConSecDate;
             var prvBranch = '';
             var prvSastScanBranch = '';
             var prvScaScanBranch = '';
             var prvKicsScanBranch = '';
+            var prvConSecScanBranch = '';
 
             while (scanSummary.hasNext()) {
                 scanSummary.next();
@@ -165,6 +173,19 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                             prvKicsScanIdBranch += prvBranch + ':::' + prvScanId + ':::' + lastUpdatedDate;
                         }
                     }
+
+                    if (prvScanId.indexOf('CS') != -1 && isBranchMatched == 'true') {
+                        if ((null == lastConSecDate || '' == lastConSecDate || 'undefined' == lastConSecDate) || (lastConSecDate && lastUpdatedDate >= lastConSecDate)) {
+                            conSecPrvScanId = prvScanId;
+                            prvConSecScanBranch = prvBranch;
+                            lastConSecDate = lastUpdatedDate;
+                        }
+                        if (null != scan_synchronization && '' != scan_synchronization && 'undefined' != scan_synchronization && scan_synchronization == 'latest scan from each branch') {
+                            if (prvConSecScanIdBranch != '')
+                                prvConSecScanIdBranch += '|||';
+                            prvConSecScanIdBranch += prvBranch + ':::' + prvScanId + ':::' + lastUpdatedDate;
+                        }
+                    }
                 }
             }
             
@@ -258,6 +279,33 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                             '" app_name="' + appId + '"/>';
                     }
                 }
+
+                //Container Security scan summary
+                if (includeContainerSecurity && jsonLastScanSummResp.scans[item].engines.toString().indexOf("containers") != -1 && branch.indexOf(jsonLastScanSummResp.scans[item].branch) == -1) {
+                    var containerSecurityResponseVul = this.UTIL.getContainerSecurityScanSummaryInfo(this.IMPLEMENTATION, jsonLastScanSummResp.scans[item].id);
+                    var scanType = "Full Scan";
+                    if (containerSecurityResponseVul != -1) {
+
+                       if (null != scan_synchronization && '' != scan_synchronization && 'undefined' != scan_synchronization && scan_synchronization == 'latest scan from each branch') {
+                            conSecPrvScanId = this._getPrvScanIdForSpecificBranch(prvConSecScanIdBranch, jsonLastScanSummResp.scans[item].branch);
+                            if (conSecPrvScanId == '')
+                                prvConSecScanBranch = '';
+                            else
+                                prvConSecScanBranch = '' + jsonLastScanSummResp.scans[item].branch;
+                        } 
+                        containerSecurityScanSummaryAll += '<scan id="' + 'CS' + jsonLastScanSummResp.scans[item].id + '" app_id="' + appId +
+                            '" last_scan_date="' + this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt) +
+                            '" total_no_flaws="' + containerSecurityResponseVul +
+                            '" branch="' + jsonLastScanSummResp.scans[item].branch +
+                            '" prvScanId="' + conSecPrvScanId +
+                            '" scan_origin="' + jsonLastScanSummResp.scans[item].sourceOrigin +
+                            '" scan_source="' + jsonLastScanSummResp.scans[item].sourceType +
+                            '" scan_type="' + scanType +
+                            '" prvBranch="' + prvConSecScanBranch +
+                            '" app_name="' + appId + '"/>';
+                    }
+                }
+
                 branch.push(jsonLastScanSummResp.scans[item].branch);
 
                 var date = new GlideDateTime(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt));
@@ -273,6 +321,9 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
             if (includekics) {
                 includescanSummaryAll += "<kicsScanData><scans>" + kicsScanSummaryAll + "</scans></kicsScanData>";
             }
+            if (includeContainerSecurity) {
+                includescanSummaryAll += "<conSecScanData><scans>" + containerSecurityScanSummaryAll + "</scans></conSecScanData>";
+            }
 
             reportContent = scanSummaryRootNodeStart + includescanSummaryAll + scanSummaryRootNodeEnd;
         } catch (err) {
@@ -464,13 +515,13 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
 <sys_created_by>admin</sys_created_by>
 <sys_created_on>2022-11-18 05:18:19</sys_created_on>
 <sys_id>d7f2d2e447131110328ca368436d4321</sys_id>
-<sys_mod_count>267</sys_mod_count>
+<sys_mod_count>271</sys_mod_count>
 <sys_name>CheckmarxOneScanSummaryIntegration</sys_name>
 <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
 <sys_policy/>
 <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
 <sys_update_name>sys_script_include_d7f2d2e447131110328ca368436d4321</sys_update_name>
 <sys_updated_by>admin</sys_updated_by>
-<sys_updated_on>2024-12-11 16:31:25</sys_updated_on>
+<sys_updated_on>2024-12-31 08:00:01</sys_updated_on>
 </sys_script_include>
 </unload>
@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<unload unload_date="2024-12-20 12:24:45">
+<unload unload_date="2025-02-07 05:43:01">
 <sys_script_include action="INSERT_OR_UPDATE">
 <access>public</access>
 <active>true</active>
 <api_name>x_chec3_chexone.CheckmarxOneScanSummaryProcessor</api_name>
 <caller_access/>
 <client_callable>false</client_callable>
 <description>This script process the payload from CheckmarxOne app summary endpoint.</description>
+<mobile_callable>false</mobile_callable>
 <name>CheckmarxOneScanSummaryProcessor</name>
+<sandbox_callable>false</sandbox_callable>
 <script><![CDATA[var CheckmarxOneScanSummaryProcessor = Class.create();
 CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.ApplicationVulnerabilityImportProcessorBase, {
     MSG: 'CheckmarxOne Scan Summary Processor: ',
@@ -29,6 +31,9 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica
                 if (node.toString().indexOf("kicsScanData") != -1) {
                     var kicsnodes = doc.getNode('/scanData/kicsScanData/scans');
                 }
+                if (node.toString().indexOf("conSecScanData") != -1) {
+                    var containerSecurityNodes = doc.getNode('/scanData/conSecScanData/scans');
+                }
 
             } catch (ex) {
                 gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex);
@@ -112,6 +117,31 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica
                     }
                 }
             }
+            if (containerSecurityNodes) {
+                var conSecData = {};
+                var conSecIteration = containerSecurityNodes.getChildNodeIterator();
+                while (conSecIteration.hasNext()) {
+                    try {
+                        var conSecAppNode = conSecIteration.next();
+                        var conSecAttributes = conSecAppNode.getAttributes();
+                        var conSecPrvScanId = conSecAttributes.prvScanId;
+                        //map attributes from CheckmarxOne into the servicenow scan summary table
+                        conSecData['source_app_id'] = conSecAttributes.app_id;
+                        conSecData['source_scan_id'] = conSecAttributes.id;
+                        conSecData['detected_flaw_count'] = +conSecAttributes.total_no_flaws;
+                        conSecData['last_scan_date'] = new GlideDateTime(conSecAttributes.last_scan_date);
+                        conSecData['scan_summary_name'] = conSecAttributes.id + ' ' + conSecData['last_scan_date'];
+                        conSecData['tags'] = "Branch: " + conSecAttributes.branch + " | Old ScanId: " + conSecPrvScanId  + " | Old Branch: " + prvBranch;
+                        conSecData['scan_submitted_by'] = 'Scan Origin: ' + conSecAttributes.scan_origin + '\n' + 'Scan Source: ' + conSecAttributes.scan_source + '\n' + 'Scan Type: ' + conSecAttributes.scan_type + '\n';
+                        this._upsert(conSecData);
+                    } catch (ex) {
+                        errorMessage = gs.getMessage("Error in retriving data for scan list integration!");
+                        gs.error(this.MSG + "errorMessage " + ex);
+                        errorProcess += " | " + ex.getMessage();
+                        //throw ex;
+                    }
+                }
+            }
             if (!gs.nil(errorProcess))
                 gs.error(this.MSG + "All errors that occurred while processing scan summary: " + errorProcess);
             this.completeProcess(this.integrationProcessGr, this.import_counts);
@@ -164,13 +194,13 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica
 <sys_created_by>admin</sys_created_by>
 <sys_created_on>2023-02-08 12:56:43</sys_created_on>
 <sys_id>ec0e828f47f42110328ca368436d433b</sys_id>
-<sys_mod_count>25</sys_mod_count>
+<sys_mod_count>29</sys_mod_count>
 <sys_name>CheckmarxOneScanSummaryProcessor</sys_name>
 <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
 <sys_policy/>
 <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
 <sys_update_name>sys_script_include_ec0e828f47f42110328ca368436d433b</sys_update_name>
 <sys_updated_by>admin</sys_updated_by>
-<sys_updated_on>2024-11-27 10:02:47</sys_updated_on>
+<sys_updated_on>2024-12-31 08:05:21</sys_updated_on>
 </sys_script_include>
 </unload>