Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic TeamID and PresetId at project creation time for Checkmarx #127

Closed
de-jcup opened this issue Dec 17, 2019 · 0 comments
Closed

Dynamic TeamID and PresetId at project creation time for Checkmarx #127

de-jcup opened this issue Dec 17, 2019 · 0 comments
Assignees
@de-jcup
Labels
administration enhancement New feature or request
Milestone
Server 0.13.1

Comments

@de-jcup
Copy link
Member

de-jcup commented Dec 17, 2019
edited

Situation

When a user starts a scan and a checkmarx project does not already exist, it will be created.
So far so good.

But it is always created with the default "preset". In some scenarios this is not very suitable - e.g. when creating many projects, we do not want to assign all presetIds manually to the project.
(A preset is something like a profile in Checkmarx where scope of scan can be defined at project level).

Wanted behaviour

We want to have dedicated "presets" automatically assigned to the new created checkmarx projects.

Solution

REST API

At
https://checkmarx.atlassian.net/wiki/spaces/KC/pages/223641776/Define+SAST+Scan+Settings+-+POST+sast+scanSettings+8.6.0
is described how to setup preset id on existing projects.

Introduction of ScanConfig

We want to have a solution which can be used in any product. There is always a need to provide some special profiles, identifiers etc. etc. by projects. So we orientate at the project names and introduce possibility to define namePatternIdProviders by an ID and entries for mapping from regular expressen name patterns to wanted identifiers.

An example scan configuration:

{
    "apiVersion": "1.0",
    "type" : "scanConfig",

    "namePatternIdProviders": {
        "checkmarx.newproject.presetid": [
            {
                "namePattern": "my-java-project-.*",
                "id": "100021"
            },
            {
                "namePattern": "a-go-project-.*",
                "id": "100031"
            },
            {
                "namePattern": ".*",
                "id": "100001"
            }
        ],
        "checkmarx.newproject.teamid": [
            {
                "namePattern": "my-java-project-.*",
                "id": "e2e4e8f4-ba17-453b-b194-c736c605700d"
            },
            {
                "namePattern": "a-go-project-.*",
                "id": "e2e4e8f4-ba17-453b-b194-d836c605700d"
            },
            {
                "namePattern": ".*",
                "id": "f2c4g8f4-ba17-453b-b194-c746c605700d"
            }
        ]
    }
}

Product executor side

Checkmarx install setup will use the ScanConfigService to provide presetId and teamId to adapter.
Adapter will use presetId (if defined) and teamId(mandatory as before) when project creation is necessary

Usage inside adapter

On lazy project creation time, depending on project name in sechub, after checkmarx project creation the project will automatically be assigned to the pattern specific presetId.

For example:
project named in sechub with my-java-project-marvelous1 will have preset id 100021 and will have teamId e2e4e8f4-ba17-453b-b194-c736c605700d.
project named in sechub with a-go-project-super-cli will have preset id 100031 and will have teamId e2e4e8f4-ba17-453b-b194-d836c605700d.
project named in sechub with something-elsewill have preset id 100001 and teamId f2c4g8f4-ba17-453b-b194-c746c605700d

First matching part will be used! So ordering is important.
@de-jcup de-jcup added enhancement New feature or request administration labels Dec 17, 2019
@de-jcup de-jcup added this to the Server 0.13.1 milestone Dec 17, 2019
@de-jcup de-jcup self-assigned this Dec 17, 2019
@de-jcup de-jcup changed the title Checkmarx auto apply project presets on lazy create Dynamic TeamID and PresetId at project creation time for Checkmarx Dec 18, 2019
de-jcup added a commit that referenced this issue Dec 18, 2019
@de-jcup
Introducing scan config parts #127
caf2263 
- introducting of ScanConfig, ScanConfigService and related parts
- it is now possible to define a scan configuration inside a spring
  value which can define mappings for checkmarx
- CheckmarxInstallSetup does now use ScanConfigService to resolve
  mappings for teamIds and also presetIds which is given to adapter
- Missing: adapter must do rest call to update presetId when project
  has been created.
This was referenced Dec 18, 2019
Closed
Closed
de-jcup added a commit that referenced this issue Dec 18, 2019
@de-jcup
Checkmarx adapter, scan config + generators #127
ef048bb 
- checkmarx adapter is now able to setup presetId dynamically for
  new created projects (means no longer default preset but wanted)
- changed scan config service: value now has identifier with initial
  in name + description. So its more clear that this is only for startup
- Upgraded KubernetesTemplateFilesGenerator
- Added some toString implemenations
- Added debug log output
de-jcup added a commit that referenced this issue Dec 18, 2019
@de-jcup
Integration tests + some changes, closes #127
d5a7769 
- integration test for scan configuration
- improved Test API
de-jcup added a commit that referenced this issue Dec 18, 2019
@de-jcup
Introducing scan config parts #127
bef02e4 
- introducting of ScanConfig, ScanConfigService and related parts
- it is now possible to define a scan configuration inside a spring
  value which can define mappings for checkmarx
- CheckmarxInstallSetup does now use ScanConfigService to resolve
  mappings for teamIds and also presetIds which is given to adapter
- Missing: adapter must do rest call to update presetId when project
  has been created.
de-jcup added a commit that referenced this issue Dec 18, 2019
@de-jcup
Checkmarx adapter, scan config + generators #127
29b084b 
- checkmarx adapter is now able to setup presetId dynamically for
  new created projects (means no longer default preset but wanted)
- changed scan config service: value now has identifier with initial
  in name + description. So its more clear that this is only for startup
- Upgraded KubernetesTemplateFilesGenerator
- Added some toString implemenations
- Added debug log output
@de-jcup de-jcup mentioned this issue Jan 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@de-jcup de-jcup

Labels
administration enhancement New feature or request
Projects
None yet
Milestone
Server 0.13.1
Development

No branches or pull requests
1 participant
@de-jcup