From de1b01651196ccd9b447628d88b9a52c5f9252cc Mon Sep 17 00:00:00 2001 From: itsKedar <37594766+itsKedar@users.noreply.github.com> Date: Thu, 19 Sep 2024 13:28:52 +0530 Subject: [PATCH] Updated documentation --- README.md | 81 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 9c50376..99af72f 100644 --- a/README.md +++ b/README.md @@ -25,44 +25,49 @@ The GitHub action [![Latest Release](https://img.shields.io/github/v/release/ch *Note:* Please use [cx-flow-debian](https://github.com/checkmarx-ts/checkmarx-cxflow-github-debian) GitHub action for using cx-flow with the Debian operating system. This GitHub action supports Alpine OS. Every parameter is the same in both. ## Inputs -| Variable | Example Value   | Description   | Type | Required | Default | -|-------------------------|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|----------|--------------------------------| -| checkmarx_url | https://checkmarx.company.com | Checkmarx Server URL | String | Yes | N/A | -| checkmarx_username | ${{ secrets.CHECKMARX_USERNAME }} | Checkmarx Username | String | Yes | N/A | -| checkmarx_password | ${{ secrets.CHECKMARX_PASSWORD }} | Checkmarx Password | Secure String | Yes | N/A | -| checkmarx_client_secret | ${{ secrets.CHECKMARX_CLIENT_SECRET }} | Checkmarx OIDC Client Secret Reference [1](https://checkmarx.atlassian.net/wiki/spaces/KC/pages/1187774721/Using+the+CxSAST+REST+API+v8.6.0+and+up), [2](https://checkmarx.atlassian.net/wiki/spaces/KC/pages/1187774721/Using+the+CxSAST+REST+API+v8.6.0+and+up) | Secure String | Yes | | -| team | /CxServer/SP/Company | Checkmarx Team for Project | String | No | /CxServer/SP/Company | -| project | ProjectName | Checkmarx Project | String | Yes | N/A | -| app | AppID-1234 | Unique Application Identifier used by downstream bug trackers (i.e. Jira) | String | No | SampleApp | -| preset | Checkmarx Express | Checkmarx scan preset (SAST) | String | No | High and Medium | -| break_build | true | Break build based on results? | Boolean | No | false | -| bug_tracker | Sarif, GitHubPull, GitHub | Bug-tracker used for scan results | String | No | Sarif | -| incremental | true | Trigger scan as incremental? (SAST) | Boolean | No | true | -| github_token | ${{ secrets.GITHUB_TOKEN }} | GitHub API Token, used for PR Feedback or GitHub Issue Feedback | String | No | ${{ github.token }} | -| repo-url | ${{ github.event.repository.url }} | GitHub Repository URL, used for Issue Feedback | String | Yes | NA | -| scanners | sast, cxgo, sca | Vulnerability Scanners (sast, sca, cxgo). Multiple comma seperated values allowed. | String | Yes | None | -| extra_certificates | certificates | Workspace subdirectory containing additional CxFlow X509 certificates (.crt) | String | No | None | -| sca_api_url | https://api-sca.checkmarx.net | API URL for SCA scan | String | No | https://api-sca.checkmarx.net | -| sca_app_url | https://sca.checkmarx.net | APP URL for SCA scan | String | No | https://sca.checkmarx.net | -| sca_access_control_url | https://platform.checkmarx.net | Access control URL for SCA scan | String | No | https://platform.checkmarx.net | -| sca_tenant | SCA-COMPANY_NAME | Tenant for the SCA project | String | No | N/A | -| sca_username | ${{ secrets.SCA_USERNAME }} | Username for SCA scan | String | No | N/A | -| sca_password | ${{ secrets.SCA_PASSWORD }} | Password for SCA scan | Secure String | No | N/A | -| cxgo_base_url | https://api.checkmarx.net | Base URL for CxGo Scan | String | No | https://api.checkmarx.net | -| cxgo_portal_url | https://cloud.checkmarx.net | Portal URL for CxGo Scan | String | No | https://cloud.checkmarx.net | -| cxgo_client_secret | ${{ secrets.CXGO_CLIENT_SECRET }} | CxGo Client secret | Secure String | No | N/A | -| jira_url | ${{ secrets.JIRA_URL }} | Jira Url | Secure String | No | N/A | -| jira_username | ${{ secrets.JIRA_USERNAME }} | Jira Username | Secure String | No | N/A | -| jira_token | ${{ secrets.JIRA_TOKEN }} | Jira Secret. This is personal access token, not password. | Secure String | No | N/A | -| jira_project | ${{ secrets.JIRA_PROJECT }} | Jira Project Name | Secure String | No | N/A | -| jira_issue_type | 'Application Security Bug' | Jira Issue Type | String | No | N/A | -| jira_open_transition | 'In Progress' | Jira Open Transition Status | String | No | N/A | -| jira_close_transition | 'Done' | Jira Close Transition Status | String | No | N/A | -| jira_open_status | 'Backlog,Selected for Development,In Progress' | Jira Open Status | String | No | N/A | -| jira_closed_status | 'Done' | Jira Closed Status | String | No | N/A | -| params | --severity=High --branch=${{ github.ref }} | Any additional parameters for CxFlow. For a full list of all the parameters, see the [following](https://github.com/checkmarx-ltd/cx-flow/wiki/Configuration). Special note about [filtering](#Filters) | String | No | N/A | -| java_opts | -Xms512m | Any Java options | String | No | N/A | - +| Variable | Example Value   | Description   | Type | Required | Default | +|----------------------------|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|----------|--------------------------------| +| checkmarx_url | https://checkmarx.company.com | Checkmarx Server URL | String | Yes | N/A | +| checkmarx_username | ${{ secrets.CHECKMARX_USERNAME }} | Checkmarx Username | String | Yes | N/A | +| checkmarx_password | ${{ secrets.CHECKMARX_PASSWORD }} | Checkmarx Password | Secure String | Yes | N/A | +| checkmarx_client_secret | ${{ secrets.CHECKMARX_CLIENT_SECRET }} | Checkmarx OIDC Client Secret Reference [1](https://checkmarx.atlassian.net/wiki/spaces/KC/pages/1187774721/Using+the+CxSAST+REST+API+v8.6.0+and+up), [2](https://checkmarx.atlassian.net/wiki/spaces/KC/pages/1187774721/Using+the+CxSAST+REST+API+v8.6.0+and+up) | Secure String | Yes | | +| team | /CxServer/SP/Company | Checkmarx Team for Project | String | No | /CxServer/SP/Company | +| project | ProjectName | Checkmarx Project | String | Yes | N/A | +| app | AppID-1234 | Unique Application Identifier used by downstream bug trackers (i.e. Jira) | String | No | SampleApp | +| preset | Checkmarx Express | Checkmarx scan preset (SAST) | String | No | High and Medium | +| break_build | true | Break build based on results? | Boolean | No | false | +| bug_tracker | Sarif, GitHubPull, GitHub | Bug-tracker used for scan results | String | No | Sarif | +| incremental | true | Trigger scan as incremental? (SAST) | Boolean | No | true | +| github_token | ${{ secrets.GITHUB_TOKEN }} | GitHub API Token, used for PR Feedback or GitHub Issue Feedback | String | No | ${{ github.token }} | +| repo-url | ${{ github.event.repository.url }} | GitHub Repository URL, used for Issue Feedback | String | Yes | NA | +| scanners | sast, cxgo, sca | Vulnerability Scanners (sast, sca, cxgo). Multiple comma seperated values allowed. | String | Yes | None | +| extra_certificates | certificates | Workspace subdirectory containing additional CxFlow X509 certificates (.crt) | String | No | None | +| sca_api_url | https://api-sca.checkmarx.net | API URL for SCA scan | String | No | https://api-sca.checkmarx.net | +| sca_app_url | https://sca.checkmarx.net | APP URL for SCA scan | String | No | https://sca.checkmarx.net | +| sca_access_control_url | https://platform.checkmarx.net | Access control URL for SCA scan | String | No | https://platform.checkmarx.net | +| sca_tenant | SCA-COMPANY_NAME | Tenant for the SCA project | String | No | N/A | +| sca_username | ${{ secrets.SCA_USERNAME }} | Username for SCA scan | String | No | N/A | +| sca_password | ${{ secrets.SCA_PASSWORD }} | Password for SCA scan | Secure String | No | N/A | +| cxgo_base_url | https://api.checkmarx.net | Base URL for CxGo Scan | String | No | https://api.checkmarx.net | +| cxgo_portal_url | https://cloud.checkmarx.net | Portal URL for CxGo Scan | String | No | https://cloud.checkmarx.net | +| cxgo_client_secret | ${{ secrets.CXGO_CLIENT_SECRET }} | CxGo Client secret | Secure String | No | N/A | +| jira_url | ${{ secrets.JIRA_URL }} | Jira Url | Secure String | No | N/A | +| jira_username | ${{ secrets.JIRA_USERNAME }} | Jira Username | Secure String | No | N/A | +| jira_token | ${{ secrets.JIRA_TOKEN }} | Jira Secret. This is personal access token, not password. | Secure String | No | N/A | +| jira_project | ${{ secrets.JIRA_PROJECT }} | Jira Project Name | Secure String | No | N/A | +| jira_issue_type | 'Application Security Bug' | Jira Issue Type | String | No | N/A | +| jira_open_transition | 'In Progress' | Jira Open Transition Status | String | No | N/A | +| jira_close_transition | 'Done' | Jira Close Transition Status | String | No | N/A | +| jira_open_status | 'Backlog,Selected for Development,In Progress' | Jira Open Status | String | No | N/A | +| jira_closed_status | 'Done' | Jira Closed Status | String | No | N/A | +| project_custom_field_key | 'test' | project custom field key that is mentioned in Checkmarx SAST | String | No | N/A | +| project_custom_field_value | 'test1' | project custom field value that needs to be updated or added in checkmarx SAST | String | No | N/A | +| scan_custom_field_key | 'test' | scan custom field key that is mentioned in Checkmarx SAST Scan. | String | No | N/A | +| scan_custom_field_value | 'test1' | scan custom field value that needs to be added in Checkmarx SAST Scan. | String | No | N/A | +| params | --severity=High --branch=${{ github.ref }} | Any additional parameters for CxFlow. For a full list of all the parameters, see the [following](https://github.com/checkmarx-ltd/cx-flow/wiki/Configuration). Special note about [filtering](#Filters) | String | No | N/A | +| java_opts | -Xms512m | Any Java options | String | No | N/A | + +*Note:* Please use `--checkmarx.settings-override=true` in params while using `project-custom-field` or `scan-custom-field`. Make sure project_custom_field_key and project_custom_field_value both are mentioned. ## Secrets _Note: It is recommended to leverage secrets for any sensitive inputs_