By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
This contribution ensures proper invocation of the SCA Resolver:
Make sure that arguments are properly parsed.
Expect a list of arguments instead of a String. Arguments parsing a delegated to the user.
Properly log the output from SCA Resolver.
Store log files along with the SCA Resolver results.
Testing
This change change was tested using the Bamboo plugin (pull request to come):
simple 25-Nov-2022 16:41:30 Executing SCA Resolver flow.
simple 25-Nov-2022 16:41:30 Path to Sca Resolver: /opt/checkmarx/sca/bin
simple 25-Nov-2022 16:41:30 Path to the evidence file: /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/.cxsca-results.json
simple 25-Nov-2022 16:41:30 Starting build CMD command
simple 25-Nov-2022 16:41:30 Command: /opt/checkmarx/sca/bin/ScaResolver
simple 25-Nov-2022 16:41:30 offline
simple 25-Nov-2022 16:41:30 --log-level Debug
simple 25-Nov-2022 16:41:30 --cxpassword *************
simple 25-Nov-2022 16:41:30 --resolver-result-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/.cxsca-results.json
simple 25-Nov-2022 16:41:30 --sast-result-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolversast
simple 25-Nov-2022 16:41:30 --cxserver https://beevehoxcmx10.newextranet.be.tme.com
simple 25-Nov-2022 16:41:30 --cxprojectname OCD - TEST - WebGoat - Checkmarx - Default Job
simple 25-Nov-2022 16:41:30 --scan-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1
simple 25-Nov-2022 16:41:30 --project-name OCD - TEST - WebGoat - Checkmarx - Default Job
simple 25-Nov-2022 16:41:30 --cxuser bamboo
simple 25-Nov-2022 16:41:30 --config-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/Configuration.ini
simple 25-Nov-2022 16:41:30 Finished created CMD command
simple 25-Nov-2022 16:41:30 Checking that next file has -rwxrwxrwx permissions ls /opt/checkmarx/sca/bin/ScaResolver -ltr
simple 25-Nov-2022 16:41:30 -r-xr-xr-x. 1 root root 83461965 Oct 27 11:34 /opt/checkmarx/sca/bin/ScaResolver
simple 25-Nov-2022 16:41:30 Executing ScaResolver command.
simple 25-Nov-2022 16:41:31 Writing logs to /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/log
simple 25-Nov-2022 16:41:31
simple 25-Nov-2022 16:41:31 2022-11-25T16:41:31+01:00 Information Program "Tool version: 1.13.4"
simple 25-Nov-2022 16:41:32 2022-11-25T16:41:31+01:00 Debug Program "Command-line arguments: [offline --log-level Debug --cxpassword ************* --resolver-result-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/.cxsca-results.json --sast-result-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolversast --cxserver https://beevehoxcmx10.newextranet.be.tme.com --cxprojectname OCD - TEST - WebGoat - Checkmarx - Default Job --scan-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1 --project-name OCD - TEST - WebGoat - Checkmarx - Default Job --cxuser bamboo --config-path /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/Configuration.ini ], working directory: /, location: /opt/checkmarx/sca/bin/ScaResolver.dll"
simple 25-Nov-2022 16:41:32 2022-11-25T16:41:32+01:00 Information Program "Starting scan from: /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1"
simple 25-Nov-2022 16:41:32 2022-11-25T16:41:32+01:00 Information Program "Starting project folder scan" {["ScanPath"]="/srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1"} [("ScanPath": "/srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1")]
simple 25-Nov-2022 16:41:32 2022-11-25T16:41:32+01:00 Information Program "Metric" {["Name"]="ScanTime", ["Value"]=722} [("Name": "ScanTime"), ("Value": 722)]
simple 25-Nov-2022 16:41:32 2022-11-25T16:41:32+01:00 Debug Program "On prem mode enabled, running with local SAST server mode"
simple 25-Nov-2022 16:41:34 2022-11-25T16:41:32+01:00 Information SastProxyProvider "Preparing SAST scan" {["sastScanId"]=4f42582e-f292-44a2-85e4-8b4616c77af6} [("sastScanId": 4f42582e-f292-44a2-85e4-8b4616c77af6)]
simple 25-Nov-2022 16:41:34 2022-11-25T16:41:34+01:00 Warning SastServerProvider "an error occured during GetExploitablePathResultsAsync, proceeding without results" {["sast_scan_url"]="https://beevehoxcmx10.newextranet.be.tme.com", ["on_pre_scan"]=True} [("sast_scan_url": "https://beevehoxcmx10.newextranet.be.tme.com"), ("on_pre_scan": True)] System.Exception: an error occured during GetExploitablePathResultsAsync
simple 25-Nov-2022 16:41:34 ---> System.Exception: the results for project 2 do not exists or are too old
simple 25-Nov-2022 16:41:34 at Lumo.SastCorrelationInfra.SastServerProvider.ValidateScanDate(RestClient client, String authToken, String projectId)
simple 25-Nov-2022 16:41:34 at Lumo.SastCorrelationInfra.SastServerProvider.ValidateResultExistence(RestClient client, String authToken, String projectId)
simple 25-Nov-2022 16:41:34 at Lumo.SastCorrelationInfra.SastServerProvider.GetExploitablePathResultsAsync(SastServerSettings settings, String projectId)
simple 25-Nov-2022 16:41:34 --- End of inner exception stack trace ---
simple 25-Nov-2022 16:41:34 at Lumo.SastCorrelationInfra.SastServerProvider.GetExploitablePathResultsAsync(SastServerSettings settings, String projectId)
simple 25-Nov-2022 16:41:34 at Lumo.SastCorrelationInfra.SastServerProvider.TryGetExploitablePathResultsAsync(SastServerSettings settings, Action`1 results)
simple 25-Nov-2022 16:41:34
simple 25-Nov-2022 16:41:34 2022-11-25T16:41:34+01:00 Warning SastProxyProvider "ExecuteResultsOnlyScanAsync failed" {} []
simple 25-Nov-2022 16:41:34 2022-11-25T16:41:34+01:00 Information Program "Scan Id: 9dc8caca-ae83-4334-ab65-2f81e0af3018"
simple 25-Nov-2022 16:41:34
simple 25-Nov-2022 16:41:34 Resolved packages information was saved in the /srv/data/atlassian/bamboo/local-working-dir/WG-CX-JOB1/.cxscaresolver/.cxsca-results.json file.
simple 25-Nov-2022 16:41:34 SCA resolution completed successfully.
By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
This contribution ensures proper invocation of the SCA Resolver:
String. Arguments parsing a delegated to the user.Testing
This change change was tested using the Bamboo plugin (pull request to come):