Send PR markdown feedback once CxFlow receives a scan request & keep updating the PR

[cx-scord]

Describe the problem

When a PR is created, there can be a period of time between CxFlow receiving the scan request for that PR and actually triggering scans, especially when there are many scan requests sent to that same CxFlow instance.

Sometimes we can observe a longer waiting time between the PR triggering and the first message, (can be minutes or 1 to +2 hours if the requests amount is big) without understanding if CxFlow was processing the scan and the developers had no cue of if the scan is still on its way to be triggered or if something went wrong.

This is a sample log between the time you receive the ticket request and the time is actually triggered on a very busy pipeline, you can see it took more than 8 minutes to get the first feedback on the PR of CxFlow actually processing anything because CxFlow's only sends feedback to the PR once the scan is triggered and the 2nd message is shown:

2022-01-14 11:55:32.744 DEBUG 1 --- [nio-8080-exec-3] c.c.f.s.ConfigurationOverrider            [pOOINv8y] : No scan request property overrides were detected.
2022-01-14 12:04:12.369 DEBUG 1 --- [      flow-web3] c.c.f.s.ProjectNameGenerator              [pOOINv8y] : Determining project name for vulnerability scanner.

Also, there's no feedback on the PR to understand if it's taking long than usual to trigger the scan, so the developer doesn't know if the scan is still to be processed or if CxFlow has an issue, there could be a message sent each X minutes to the PR stating the scan is still to be processed.

Proposed solution

There should be feedback on the PR from CxFlow:

1. Immediately once a PR scan request is received successfully by CxFlow
2. (If possible) If the scan is taking longer than X minutes to actually be triggered in CxSAST.
   • This could be set as a configuration for each SCM config block for how much seconds between warning messages stating, zero be no waiting messages should be sent, like:

     • github:
         (...)
         pr-feedback-loop-wait-time: 0

[satyamchaurasiapersistent]

@cx-scord I have gone through the issue we need to make changes in code and put logs in SDK code as well as in cx-flow code. but in order to understand complete flow of logs we require complete logs. Please share logs so that we can go through the CLI parameters and all info and debug related logs and provide solution quickly.

[cx-scord]

@cx-scord I have gone through the issue we need to make changes in code and put logs in SDK code as well as in cx-flow code. but in order to understand complete flow of logs we require complete logs. Please share logs so that we can go through the CLI parameters and all info and debug related logs and provide solution quickly.

@satyamchaurasiapersistent I'll reach out to you, thanks.

[satyamchaurasiapersistent]

@cx-scord we made changes in existing code and deployed as prerelease. It will help us to understand and rectify exact issue.
So kindly use docker Image : satyam9889331154/githubaction123:cxflowlogger
it is public repo docker image.
If you are using github action then you just need to make single line change in checkmarx.yml file as shown below and then do the pull request.

Git Repo Name : satyamchaurasiapersistent/gitHubActionIssue@237ee02b6371f966a33ec1a3afd1c36d54b4b009

After making changes please rerun pipeline and provide us logs.