runCxSASTScan
Initiates an SAST scan using the given account credentials. Also automatically creates a project in Checkmarx if none exists with the given name.
Inputs
| Input Name | Input Code | Required | Description |
|---|---|---|---|
| Checkmarx Account Code | FDCX_INP_ANALYSIS_TOOL_ACCOUNT_CODE | Y | The Checkmarx account with all required properties such as URL, Username and Password. |
| Checkmarx Project Name | FDCX_INP_PROJECT_NAME | Y | The project name to use in Checkmarx. If no project exists with this name one will be created. |
| Wait for Scan to Complete | FDCX_INP_WAIT_SCAN_COMPLETE | Y | Whether to wait for the scan to complete or not. If set to false you will need to use getSASTScanResults to see results. |
| Report Type | FDCX_INP_REPORT_TYPE | Y | Type of report to be generated. Only applies if Wait for Completion is set to true. |
| Incremental Scan | FDCX_INP_INCREMENTAL_SCAN | Y | Whether to perform an Incremental Scan. |
| Source Location | FDCX_INP_SOURCE_CODE_LOCATION | Y | Where to derive the source code from. If upload is used, any contents in FD_TEMP_DIR will be uploaded to Checkmarx. If Git is selected it will use first configured git scm. Only token based authentication is supported for git. If none is selected whatever is configured already on the project in Checkmarx will be used. |
| Exclude files | FDCX_INP_EXCLUDE_FILES | Y | Files (including wildcards) to exclude from the scan. |
| Exclude folders | FDCX_INP_EXCLUDE_FOLDERS | Y | Folders (including wildcards) to exclude from the scan. |
| Is Public | FDCX_INP_IS_PUBLIC | Y | Whether the scan is public or not. |
| Force Scan | FDCX_INP_FORCE_SCAN | Y | Whether to force a scan or not. |
| Team Name | FDCX_INP_TEAM_NAME | N | Team name to use to create project if none exists. If this value is not set, default team name on checkmarx account will be used instead. |
Outputs
| Output Name | Description |
|---|---|
| FDCX_OUT_SCAN_ID | ID of the scan. |
| FDCX_OUT_SCAN_RESULT_LINK | Link to the scan results. Only applies if wait for scan is true. |
| FDCX_OUT_HIGH_VULNERABILITIY_COUNT | Number of High Vulnerabilities. Only applies if wait for scan is true. |
| FDCX_OUT_MEDIUM_VULNERABILITIY_COUNT | Number of Medium Vulnerabilities. Only applies if wait for scan is true. |
| FDCX_OUT_LOW_VULNERABILITIY_COUNT | Number of Low Vulnerabilities. Only applies if wait for scan is true. |
Artifacts
This operation doesn’t consume or produce any artifacts.
Endpoint Selection
This operation delegates the selection to the workflow developer to determine.
Endpoint Execution
This operation will execute on any one of the selected endpoints and will be random in the determination of which one.
The following macros are not currently supported in the footer:
- style