From 1796bfcdf9bd2b5e14a4bb8572b5c9eb3a0a6050 Mon Sep 17 00:00:00 2001 From: CE Bot <94433571+cx-cebot@users.noreply.github.com> Date: Thu, 6 Nov 2025 10:31:32 +0200 Subject: [PATCH 1/2] Update and rename ast-scan.yml to cx-one-scan.yaml --- .github/workflows/ast-scan.yml | 25 ------------------------- .github/workflows/cx-one-scan.yaml | 25 +++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 25 deletions(-) delete mode 100644 .github/workflows/ast-scan.yml create mode 100644 .github/workflows/cx-one-scan.yaml diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml deleted file mode 100644 index 82aa28c5..00000000 --- a/.github/workflows/ast-scan.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Checkmarx One Scan -on: - workflow_dispatch: - pull_request: - push: - branches: - - main - schedule: - - cron: '00 7 * * *' # Every day at 07:00 - -jobs: - cx-scan: - name: Checkmarx One Scan - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Checkmarx One CLI Action - uses: checkmarx/ast-github-action@03a90e7253dadd7e2fff55f5dfbce647b39040a1 # v.2.0.37 - with: - base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} - cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} - cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} - cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} - additional_params: --tags phoenix --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1" \ No newline at end of file diff --git a/.github/workflows/cx-one-scan.yaml b/.github/workflows/cx-one-scan.yaml new file mode 100644 index 00000000..674720f3 --- /dev/null +++ b/.github/workflows/cx-one-scan.yaml @@ -0,0 +1,25 @@ +name: cx-one-scan +on: + workflow_dispatch: + pull_request: + push: + branches: + - main + schedule: + - cron: '00 5 * * *' # Every day at 05:00 + +jobs: + cx-one-scan: + name: cx-one-scan + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkmarx One CLI Action + uses: checkmarx/ast-github-action@9fda4ab4c1b67c35de380552a972a82997d97731 # https://github.com/Checkmarx/ast-github-action/releases/tag/2.0.42 + with: + base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} + cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} + cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} + cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} + additional_params: --scan-types sast,iac-security,sca --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1" From 96d47da5906bff9ce715f8b1ef6caee8b98eb8ea Mon Sep 17 00:00:00 2001 From: Lior Poterman <191881919+cx-lior-poterman@users.noreply.github.com> Date: Thu, 6 Nov 2025 10:35:28 +0200 Subject: [PATCH 2/2] Update Checkmarx GitHub Action version --- .github/workflows/cx-one-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cx-one-scan.yaml b/.github/workflows/cx-one-scan.yaml index 674720f3..fcd1f281 100644 --- a/.github/workflows/cx-one-scan.yaml +++ b/.github/workflows/cx-one-scan.yaml @@ -16,7 +16,7 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Checkmarx One CLI Action - uses: checkmarx/ast-github-action@9fda4ab4c1b67c35de380552a972a82997d97731 # https://github.com/Checkmarx/ast-github-action/releases/tag/2.0.42 + uses: checkmarx/ast-github-action@2c828f1e313608ddb4ae8fe5524cfd7b9344dd79 # https://github.com/Checkmarx/ast-github-action/releases/tag/2.3.27 with: base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}