New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamic TeamID and PresetId at project creation time for Checkmarx #127
Comments
de-jcup
changed the title
Checkmarx auto apply project presets on lazy create
Dynamic TeamID and PresetId at project creation time for Checkmarx
Dec 18, 2019
de-jcup
added a commit
that referenced
this issue
Dec 18, 2019
- introducting of ScanConfig, ScanConfigService and related parts - it is now possible to define a scan configuration inside a spring value which can define mappings for checkmarx - CheckmarxInstallSetup does now use ScanConfigService to resolve mappings for teamIds and also presetIds which is given to adapter - Missing: adapter must do rest call to update presetId when project has been created.
This was referenced Dec 18, 2019
de-jcup
added a commit
that referenced
this issue
Dec 18, 2019
- checkmarx adapter is now able to setup presetId dynamically for new created projects (means no longer default preset but wanted) - changed scan config service: value now has identifier with initial in name + description. So its more clear that this is only for startup - Upgraded KubernetesTemplateFilesGenerator - Added some toString implemenations - Added debug log output
de-jcup
added a commit
that referenced
this issue
Dec 18, 2019
- integration test for scan configuration - improved Test API
de-jcup
added a commit
that referenced
this issue
Dec 18, 2019
- introducting of ScanConfig, ScanConfigService and related parts - it is now possible to define a scan configuration inside a spring value which can define mappings for checkmarx - CheckmarxInstallSetup does now use ScanConfigService to resolve mappings for teamIds and also presetIds which is given to adapter - Missing: adapter must do rest call to update presetId when project has been created.
de-jcup
added a commit
that referenced
this issue
Dec 18, 2019
- checkmarx adapter is now able to setup presetId dynamically for new created projects (means no longer default preset but wanted) - changed scan config service: value now has identifier with initial in name + description. So its more clear that this is only for startup - Upgraded KubernetesTemplateFilesGenerator - Added some toString implemenations - Added debug log output
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Situation
When a user starts a scan and a checkmarx project does not already exist, it will be created.
So far so good.
But it is always created with the default "preset". In some scenarios this is not very suitable - e.g. when creating many projects, we do not want to assign all presetIds manually to the project.
(A preset is something like a profile in Checkmarx where scope of scan can be defined at project level).
Wanted behaviour
We want to have dedicated "presets" automatically assigned to the new created checkmarx projects.
Solution
REST API
At
https://checkmarx.atlassian.net/wiki/spaces/KC/pages/223641776/Define+SAST+Scan+Settings+-+POST+sast+scanSettings+8.6.0
is described how to setup preset id on existing projects.
Introduction of ScanConfig
We want to have a solution which can be used in any product. There is always a need to provide some special profiles, identifiers etc. etc. by projects. So we orientate at the project names and introduce possibility to define namePatternIdProviders by an ID and entries for mapping from regular expressen name patterns to wanted identifiers.
An example scan configuration:
Product executor side
Checkmarx install setup will use the ScanConfigService to provide presetId and teamId to adapter.
Adapter will use presetId (if defined) and teamId(mandatory as before) when project creation is necessary
Usage inside adapter
On lazy project creation time, depending on project name in sechub, after checkmarx project creation the project will automatically be assigned to the pattern specific presetId.
For example:
project named in sechub with
my-java-project-marvelous1
will have preset id100021
and will have teamIde2e4e8f4-ba17-453b-b194-c736c605700d
.project named in sechub with
a-go-project-super-cli
will have preset id100031
and will have teamIde2e4e8f4-ba17-453b-b194-d836c605700d
.project named in sechub with
something-else
will have preset id100001
and teamIdf2c4g8f4-ba17-453b-b194-c746c605700d
First matching part will be used! So ordering is important.
The text was updated successfully, but these errors were encountered: