While the scan results will always be available in the Checkmarx UI, users can also access results within the GitLab ecosystem. gitlab-ci.yml and in the provided sample above, it will be triggered on Merge Requests and on changes to the master branch.įor information on triggering a pipeline scan, please refer to GitLab: Triggering a pipelineįor information on Merge Requests, please refer to GitLab: Merge Requests To run a Checkmarx scan, you need to trigger the pipeline. Variables defined in Checkmarx template file With GitLab, the order of precedence when it comes to variables is: Please refer to GitLab: CI YAML for more info.ĬHECKMARX_EXCLUDE_FILES: "node_js/" Precedence The GitLab CI/CD pipeline is controlled by a file named ‘.gitlab-ci.yml’ located in the root directory of the project. Only needed if you have a valid license for CxSCA. For more information on CxSAST roles, please refer to Ĭheckmarx Team Name (i.e. User must have ‘SAST Scanner’ privileges. For more details on complete list of Bug Trackers, please refer to CxFlow Configuration For vulnerabilities to be exported to GitLab’s Dashboard, use ‘GitLabDashboard’ and for vulnerabilities to be added to GitLab’s Issues, use ‘GitLab’. Type of bug tracking ('GitLabDashboard' or ‘GitLab’). Give the token api, read_user, write_repository, read_registry scopes.įor additional information on creating a Personal Access Token, refer to GitLab: Personal Access Tokens To create a personal token, click your Gitlab profile in the upper right corner >settingsĬlick Access Tokens and add a personal access token. Results can be accessed within GitLab’s security dashboard, if you have access to it (Gold/Ultimate packages or if your project is public)ĪPI token to create Merge Request Overview entries, should have “api” privileges. Results can be accessed within GitLab’s Issues if configured (or can be filtered into external bug tracker tools) Results can be accessed within GitLab’s Merge Request Overview (if the scan was initiated during a Merge Request) Results will be within Checkmarx Scan Results within the Checkmarx Manager Server Results can be configured to be displayed with GitLab’s ecosystem or a supported bug tracker via CxFlow YAML configuration gitlab-ci.yml file)ĭuring the test stage of GitLab’s CI/CD pipeline, Checkmarx’s containerized CxFlow CLI is invokedĬxFlow CLI triggers a security scan via the Checkmarx Scan Manager GitLab’s CI/CD pipeline is triggered (as defined in the. The following steps represent the containerized CxFlow CLI integration flow: For more info on integrating with GitLab’s Webhook feature, please refer to CxFlow Webhook Workflows. This document specifically outlines how to integrate GitLab with Checkmarx’s Containerized CxFlow CLI. There are several ways of integrating Checkmarx security scans into GitLab’s ecosystem. For access to CxFlow’s Wiki, please refer to CxFlow Wiki. Some features of CxFlow include:įacilitates feedback channels in a closed loop natureĬhannels include GitLab Issues, GitLab Merge Requests, JIRA, Rally, and ServiceNow.Įnables customers to incorporate Checkmarx into their DevOps/Release pipelines as early as possibleĬxFlow is an open source project written and maintained by Checkmarx. It is the main automation driving the GitLab and Checkmarx integration. CxFlow OverviewĬxFlow is a Spring Boot application written by Checkmarx that enables initiations of scans and result orchestration. Both CxSAST and CxSCA are supported within the GitLab integration. Once a scan is completed, both scan summary information and a link to the Checkmarx Scan Results will be provided. GitLab integration triggers Checkmarx scans as defined by the GitLab CI/CD pipeline. Checkmarx integrates with GitLab, enabling the identification of new security vulnerabilities with proximity to their creation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |