Skip to content

Fixed containers-local-resolution for private registry images #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cx-anurag-dalke merged 2 commits into from
Aug 22, 2025
Merged

Fixed containers-local-resolution for private registry images #266

cx-anurag-dalke merged 2 commits into from
Aug 22, 2025

Conversation

@cx-kedar-bhujade
Copy link
Contributor

@cx-kedar-bhujade cx-kedar-bhujade commented Aug 13, 2025

Description

Updated entrypoint.sh so that customer can provide env variables for registry and its username and password or token

steps:
      - name :  Checkout repository
        uses: actions/checkout@v4

      - name: Checkmarx One scan
        uses: Checkmarx/ast-github-action@version/SHA
        env:
          REGISTRIES: "docker.io ghcr.io mycompany.jfrog.io"
          USERNAME_DOCKER_IO: ${{ secrets.DOCKER_USERNAME }}
          PASSWORD_DOCKER_IO: ${{ secrets.DOCKER_PASSWORD }}
          USERNAME_GHCR_IO: ${{ secrets.GHCR_USERNAME }}
          PASSWORD_GHCR_IO: ${{ secrets.GHCR_TOKEN }}
          USERNAME_MYCOMPANY_JFROG_IO: ${{ secrets.JFROG_USERNAME }}
          PASSWORD_MYCOMPANY_JFROG_IO: ${{ secrets.JFROG_ACCESS_TOKEN }}
        with:
          base_uri: https://eu.ast.checkmarx.net  # This should be replaced by your base uri for Checkmarx One
          cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
          cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
          additional_params: --scan-types container-security --container-images "<private docker image>" --containers-local-resolution --debug

Testing

Tested for private docker image with password and token

@github-actions
Copy link

github-actions bot commented Aug 13, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsd042823f-1352-4ae5-95bb-276f3ce54231

Policy Management Violations (1)
Policy Name Rule(s) Break Build
FluentAssertions v8 true

cx-anurag-dalke
cx-anurag-dalke approved these changes Aug 22, 2025
View reviewed changes
Copy link
Collaborator

@cx-anurag-dalke cx-anurag-dalke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@cx-anurag-dalke cx-anurag-dalke merged commit bed737d into main Aug 22, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-anurag-dalke cx-anurag-dalke cx-anurag-dalke approved these changes

@cx-umesh-waghode cx-umesh-waghode Awaiting requested review from cx-umesh-waghode

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cx-kedar-bhujade @cx-anurag-dalke