Additional permissions required to retrieve SAST scan statistics - Githubissues

checkmarx-ts / CxAnalytix

Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.

Other

20 stars 10 forks source link

Additional permissions required to retrieve SAST scan statistics #225

Closed nleach999 closed 1 year ago

nleach999 commented 1 year ago

Description

The permissions in the manual state the required permissions are:

SAST->Project & Scans->Save Sast Scan
Reports->Generate Scan Reports

But during the scan, 403 errors are reported trying to access the scan statistics endpoint. Additional permissions need to be added:

Scan Results->View Results

Expected Behavior

No 403 errors for:

/cxrestapi/sast/scans/.../statistics
/cxrestapi/sast/scans/.../parsedFiles
/cxrestapi/sast/scans/.../failedQueries
/cxrestapi/sast/scans/.../failedGeneralQueries
/cxrestapi/sast/scans/.../succeededGeneralQueries

Actual Behavior

403 errors are reported, delaying the crawl since each needs to timeout after retry.

Reproduction

Create a service account with the documented permissions
Perform a scan.

Environment Details

CxAnalytix 2.1.1 SAST 9.5.5 HF8