runCxSASTScan

Initiates an SAST scan using the given account credentials. Also automatically creates a project in Checkmarx if none exists with the given name.

Inputs

Input NameInput CodeRequiredDescription
Checkmarx Account CodeFDCX_INP_ANALYSIS_TOOL_ACCOUNT_CODEYThe Checkmarx account with all required properties such as URL, Username and Password.
Checkmarx Project NameFDCX_INP_PROJECT_NAMEYThe project name to use in Checkmarx. If no project exists with this name one will be created.
Wait for Scan to CompleteFDCX_INP_WAIT_SCAN_COMPLETEYWhether to wait for the scan to complete or not. If set to false you will need to use getSASTScanResults to see results.
Report TypeFDCX_INP_REPORT_TYPEYType of report to be generated. Only applies if Wait for Completion is set to true.
Incremental ScanFDCX_INP_INCREMENTAL_SCANYWhether to perform an Incremental Scan.
Source LocationFDCX_INP_SOURCE_CODE_LOCATIONY

Where to derive the source code from. If upload is used, any contents in FD_TEMP_DIR will be uploaded to Checkmarx. If Git is selected it will use first configured git scm. Only token based authentication is supported for git. If none is selected whatever is configured already on the project in Checkmarx will be used.

Exclude filesFDCX_INP_EXCLUDE_FILESYFiles (including wildcards) to exclude from the scan.
Exclude foldersFDCX_INP_EXCLUDE_FOLDERSYFolders (including wildcards) to exclude from the scan.
Is PublicFDCX_INP_IS_PUBLICYWhether the scan is public or not.
Force ScanFDCX_INP_FORCE_SCANYWhether to force a scan or not.
Team NameFDCX_INP_TEAM_NAMENTeam name to use to create project if none exists. If this value is not set, default team name on checkmarx account will be used instead.

Outputs

Output NameDescription
FDCX_OUT_SCAN_IDID of the scan.
FDCX_OUT_SCAN_RESULT_LINKLink to the scan results. Only applies if wait for scan is true.
FDCX_OUT_HIGH_VULNERABILITIY_COUNTNumber of High Vulnerabilities. Only applies if wait for scan is true.
FDCX_OUT_MEDIUM_VULNERABILITIY_COUNTNumber of Medium Vulnerabilities. Only applies if wait for scan is true.
FDCX_OUT_LOW_VULNERABILITIY_COUNTNumber of Low Vulnerabilities. Only applies if wait for scan is true.

Artifacts

This operation doesn’t consume or produce any artifacts.

Endpoint Selection

This operation delegates the selection to the workflow developer to determine.

Endpoint Execution

This operation will execute on any one of the selected endpoints and will be random in the determination of which one.