From 6a3b146ae32d89663444d161c3bc26564d808ff3 Mon Sep 17 00:00:00 2001 From: felix Date: Mon, 22 Sep 2025 20:07:43 +0000 Subject: [PATCH 1/4] chore: upgrade org.jsoup:jsoup --- pom.xml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index c62d938c..27ee696b 100644 --- a/pom.xml +++ b/pom.xml @@ -1,7 +1,5 @@ - + 4.0.0 sec @@ -227,7 +225,7 @@ org.jsoup jsoup - 1.10.2 + 1.15.3 @@ -428,4 +426,4 @@ - \ No newline at end of file + From 0806cc8f49fe0e92276f40c8c36d21c6f5db188e Mon Sep 17 00:00:00 2001 From: zperdy Date: Thu, 16 Oct 2025 13:25:42 -0400 Subject: [PATCH 2/4] Add Checkmarx One GitHub Action to docker-compose --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 7e9c878e..4d31a883 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,3 +13,5 @@ services: image: joychou/jsc_mysql:latest ports: - "3306:3306" +- name: Checkmarx One++ GitHub Action + uses: checkmarx-ts/cxone-plusplus-github-action@v2 From fa437c1f5adc3d7a2b89e9a3212824c7128622c2 Mon Sep 17 00:00:00 2001 From: zperdy Date: Thu, 16 Oct 2025 13:26:58 -0400 Subject: [PATCH 3/4] Add Checkmarx One GitHub Action workflow This workflow triggers Checkmarx One scans on pull requests to the master branch, integrating SAST, SCA, and KICS scans. --- .github/workflows/checkmarx-one.yml | 55 +++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/checkmarx-one.yml diff --git a/.github/workflows/checkmarx-one.yml b/.github/workflows/checkmarx-one.yml new file mode 100644 index 00000000..dfe485c2 --- /dev/null +++ b/.github/workflows/checkmarx-one.yml @@ -0,0 +1,55 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow. +# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository +# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling +# scan customization using the full functionality and flexibility of the CLI tool. + +# This is a basic workflow to help you get started with Using Checkmarx One Action, +# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html + +name: Checkmarx Scan + +# Controls when the workflow will run +on: + pull_request: + types: [opened, reopened, synchronize] + branches: [ "master" ] + +permissions: + contents: read + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif + + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # This step checks out a copy of your repository. + - name: Checkout repository + uses: actions/checkout@v4 + # This step creates the Checkmarx One scan + - name: Checkmarx One scan + uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc + with: + base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One + cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e + cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e + cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One + additional_params: --report-format sarif --output-path . + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cx_result.sarif From a97e478f9a01c142a21e96e780abf4ebeb689919 Mon Sep 17 00:00:00 2001 From: zperdy Date: Thu, 16 Oct 2025 13:27:39 -0400 Subject: [PATCH 4/4] Remove duplicate MySQL port mapping --- docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4d31a883..7e9c878e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,5 +13,3 @@ services: image: joychou/jsc_mysql:latest ports: - "3306:3306" -- name: Checkmarx One++ GitHub Action - uses: checkmarx-ts/cxone-plusplus-github-action@v2