From bd7e374114e1bad22ad8d22adc1d8be880c1ef08 Mon Sep 17 00:00:00 2001 From: Eyal Kleiner <102464076+cx-eyal-kleiner@users.noreply.github.com> Date: Sun, 22 Mar 2026 11:17:56 +0200 Subject: [PATCH 1/3] AST-142374: update cx-one-scan --- .github/workflows/cx-one-scan.yaml | 33 ++++++++++++++---------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/.github/workflows/cx-one-scan.yaml b/.github/workflows/cx-one-scan.yaml index 674720f3..fd1c416a 100644 --- a/.github/workflows/cx-one-scan.yaml +++ b/.github/workflows/cx-one-scan.yaml @@ -2,24 +2,21 @@ name: cx-one-scan on: workflow_dispatch: pull_request: + branches: + - master push: branches: - - main - schedule: - - cron: '00 5 * * *' # Every day at 05:00 - + - master jobs: - cx-one-scan: - name: cx-one-scan - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Checkmarx One CLI Action - uses: checkmarx/ast-github-action@9fda4ab4c1b67c35de380552a972a82997d97731 # https://github.com/Checkmarx/ast-github-action/releases/tag/2.0.42 - with: - base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} - cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} - cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} - cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} - additional_params: --scan-types sast,iac-security,sca --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1" + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkmarx One CLI Action + uses: checkmarx/ast-github-action@9fda4ab4c1b67c35de380552a972a82997d97731 # v2.0.42 + with: + base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} + cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} + cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} + cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} + additional_params: --scan-types sast,iac-security,sca --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1" From ce40259043c1e6ef56e263e82b385decf008478f Mon Sep 17 00:00:00 2001 From: Eyal Kleiner <102464076+cx-eyal-kleiner@users.noreply.github.com> Date: Sun, 22 Mar 2026 11:22:09 +0200 Subject: [PATCH 2/3] Update cx-one-scan.yaml --- .github/workflows/cx-one-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cx-one-scan.yaml b/.github/workflows/cx-one-scan.yaml index fd1c416a..13b417eb 100644 --- a/.github/workflows/cx-one-scan.yaml +++ b/.github/workflows/cx-one-scan.yaml @@ -3,10 +3,10 @@ on: workflow_dispatch: pull_request: branches: - - master + - main push: branches: - - master + - main jobs: build: runs-on: ubuntu-latest From 6517362566953eb3309f83cabc0be461c1557556 Mon Sep 17 00:00:00 2001 From: Eyal Kleiner <102464076+cx-eyal-kleiner@users.noreply.github.com> Date: Sun, 22 Mar 2026 11:24:20 +0200 Subject: [PATCH 3/3] Update cx-one-scan.yaml --- .github/workflows/cx-one-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cx-one-scan.yaml b/.github/workflows/cx-one-scan.yaml index 13b417eb..4ab239d3 100644 --- a/.github/workflows/cx-one-scan.yaml +++ b/.github/workflows/cx-one-scan.yaml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Checkmarx One CLI Action - uses: checkmarx/ast-github-action@9fda4ab4c1b67c35de380552a972a82997d97731 # v2.0.42 + uses: checkmarx/ast-github-action@327efb5d1dd16ac6c7c21a9ff8ec1e8ec393b5e6 # v2.3.32 with: base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}