github-actions[bot]
commented
1 year ago Internal Jira issue: AST-30582
Open jimmy-lt opened 1 year ago
github-actions[bot]
commented
1 year ago Internal Jira issue: AST-30582
pedrompflopes
commented
1 year ago Hi @jimmy-lt
Thanks for raising this request. It is a bit more complex, because in order to run the SCA resolver inside the docker container, you need to have the package managers installed, so we would need to include SCA resolver and all the package managers.
We recommend using the ast-cli directly in your pipeline. Please check the example below: https://github.com/Checkmarx/ci-cd-integrations/blob/main/CxScaResolver/github-action.yml
Thanks!
jimmy-lt
commented
1 year ago Hi @pedrompflopes,
That is correct. In this case, I recommend to fork the action to install the required packages for the resolution. But at least SCA Resolver will already be present.
In our case, we have a dedicated branch for each technology: JDK, PHP, ...
Issue
The Docker image created by this action is missing required libraries for SCA resolver to run:
libstdc++zlibProposed solution
By embedding SCA resolver, its integration with the action can readily be tested and users are be given a quick way to scan dependencies locally. This is quite useful when a local package repository which is inaccessible by Checkmarx One is used.