From 8fd275ca8a2c244c00d5e08d322bf1457c92ebf4 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:18:16 -0400 Subject: [PATCH 01/29] Create checkmarx-sca-scan-on-pr.yml --- .../workflows/checkmarx-sca-scan-on-pr.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/checkmarx-sca-scan-on-pr.yml diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml new file mode 100644 index 0000000..6fc6a46 --- /dev/null +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -0,0 +1,40 @@ +# This workflow is to automate Checkmarx SCA scans. It runs on a push to the main branch. +# +# The following GitHub Secrets must be first defined: +# - CHECKMARX_SCA_USERNAME +# - CHECKMARX_SCA_PASSWORD +## +# The following variables must be inserted below: +# - +# - +# +# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action + +name: Checkmarx SCA Scan (Pull Request) +on: + pull_request: + types: [opened, reopened, synchronize] # Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation. + branches: + - master + - main + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Checkmarx CxFlow Action + uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version + with: + project: # <-- Insert Checkmarx CxSCA Project Name + sca_api_url: https://api.scacheckmarx.com + sca_app_url: https://sca.scacheckmarx.com + sca_access_control_url: https://platform.checkmarx.net + sca_tenant: SCA-Champions # <-- Insert Checkmarx CxSCA Tenant + sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets. + sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. + break_build: false + scanners: sca + bug_tracker: GITHUBPULL + params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} From b95e42f043fcfbf902f3ad79113d483e9d050c36 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:18:58 -0400 Subject: [PATCH 02/29] Create checkmarx-sca-scan-on-push.yml --- .../workflows/checkmarx-sca-scan-on-push.yml | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/checkmarx-sca-scan-on-push.yml diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml new file mode 100644 index 0000000..3f042b1 --- /dev/null +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -0,0 +1,39 @@ +# This workflow is to automate Checkmarx SCA scans. It runs on a push to the main branch. +# +# The following GitHub Secrets must be first defined: +# - CHECKMARX_SCA_USERNAME +# - CHECKMARX_SCA_PASSWORD +## +# The following variables must be inserted below: +# - +# - +# +# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action + +name: Checkmarx SCA Scan (Push) +on: + push: + branches: + - main + - master + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Checkmarx CxFlow Action + uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version + with: + project: # <-- Insert Checkmarx CxSCA Project Name + sca_api_url: https://api.scacheckmarx.com + sca_app_url: https://sca.scacheckmarx.com + sca_access_control_url: https://platform.checkmarx.net + sca_tenant: SCA-Champions # <-- Insert Checkmarx CxSCA Tenant + sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets. + sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. + break_build: false + scanners: sca + bug_tracker: GitHub + params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From 7799ce479d1a65f9fd21a2d9c35c77a75ad29ea1 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:20:17 -0400 Subject: [PATCH 03/29] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index 6fc6a46..39a995f 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -27,7 +27,7 @@ jobs: - name: Checkmarx CxFlow Action uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version with: - project: # <-- Insert Checkmarx CxSCA Project Name + project: CxPhil_JVL_Test # <-- Insert Checkmarx CxSCA Project Name sca_api_url: https://api.scacheckmarx.com sca_app_url: https://sca.scacheckmarx.com sca_access_control_url: https://platform.checkmarx.net From e8be4c00213072b5672a1deae3eee1af6710e5b4 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:20:49 -0400 Subject: [PATCH 04/29] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 3f042b1..0bf1521 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -26,7 +26,7 @@ jobs: - name: Checkmarx CxFlow Action uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version with: - project: # <-- Insert Checkmarx CxSCA Project Name + project: CxPhil_JVL_Push_Master # <-- Insert Checkmarx CxSCA Project Name sca_api_url: https://api.scacheckmarx.com sca_app_url: https://sca.scacheckmarx.com sca_access_control_url: https://platform.checkmarx.net From 4d528f35e8d137d51f99179fac3ca48babba6760 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:21:23 -0400 Subject: [PATCH 05/29] Update cx.yml --- .github/workflows/cx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cx.yml b/.github/workflows/cx.yml index b807343..93887a9 100644 --- a/.github/workflows/cx.yml +++ b/.github/workflows/cx.yml @@ -13,7 +13,7 @@ jobs: uses: CheckmarxDev/ast-github-action@more_engines id: scan with: - github_repo_token: ${{ secrets.GITHUB_TOKEN }} + github_repo_token: ${{ secrets.GH_TOKEN }} ast_uri: ${{ secrets.AST_URI }} ast_access_key_id: ${{ secrets.AST_ACCESS_KEY_ID }} ast_access_key_secret: ${{ secrets.AST_ACCESS_KEY_SECRET }} From 6388b67cfd182a3c9df1ddb9e9ebb3468894a7c1 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:22:02 -0400 Subject: [PATCH 06/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 80e96b0..2d64933 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring - +1 From 5b583ada30b2c118a37dad07adc0b28e253c75fa Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:24:55 -0400 Subject: [PATCH 07/29] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 0bf1521..173212e 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -36,4 +36,4 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + params: --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From 5c5ce8df4b304c5d32c5bfa35e0c9d40a210ed3d Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:27:06 -0400 Subject: [PATCH 08/29] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index 39a995f..4c38834 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -37,4 +37,4 @@ jobs: break_build: false scanners: sca bug_tracker: GITHUBPULL - params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} + params: --sca.thresholds-score=8.5 --github.block-merge=true --github.error-merge=true --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }} From a5fd723e8ab135a7e14412faf2aad2094d35c9eb Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:31:45 -0400 Subject: [PATCH 09/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2d64933..16c7771 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -1 +2 From af4707c5cbde7389085d2357e6e9a8d628b68e8b Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:33:18 -0400 Subject: [PATCH 10/29] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 173212e..9e7e304 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -36,4 +36,4 @@ jobs: break_build: false scanners: sca bug_tracker: GitHub - params: --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + params: --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From a819fd1d4000bfabcfb777e4f732d2eff3d00716 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:39:08 -0400 Subject: [PATCH 11/29] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 9e7e304..8306cf0 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -35,5 +35,5 @@ jobs: sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets. break_build: false scanners: sca - bug_tracker: GitHub - params: --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} + bug_tracker: JIRA + params: --config=cx.config --jira.url=${{secrets.JIRA_URL}} --jira.username=${{secrets.JIRA_USER}} --jira.token=${{secrets.JIRA_TOKEN}} --sca.enabledZipScan=true --sca.filter-score=8.0 --sca.filter-severity=HIGH --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} From a52ef36fd0bb37042df6f46004b80b995e54f3f7 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:41:23 -0400 Subject: [PATCH 12/29] Create cx.config --- cx.config | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cx.config diff --git a/cx.config b/cx.config new file mode 100644 index 0000000..7d897ca --- /dev/null +++ b/cx.config @@ -0,0 +1,29 @@ +{ + "bugTracker": "JIRA", + "jira": { + "project": "DSVW", + "issue_type": "Bug", + "opened_status": ["Open","Reopen"], + "closed_status": ["Closed","Done"], + "open_transition": "Reopen Issue", + "close_transition": "Close Issue", + "close_transition_field": "resolution", + "close_transition_value": "Done", + "priorities": { + "High": "High", + "Medium": "Medium", + "Low": "Low" + }, + "fields": [{ + "type": "result", + "name": "application", + "jira_field_type": "label" + }, + { + "type": "result", + "name": "category", + "jira_field_name": "Category", + "jira_field_type": "label" + }] + } +} From 185d4afb8ac7b9f3d495c38e8b2a5992dc29a4e9 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:41:50 -0400 Subject: [PATCH 13/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 16c7771..1d4bbb0 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -2 +3 From d90bccb0796ad9e48c5552cddf2daa71548d97fc Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Wed, 14 Apr 2021 15:37:05 -0400 Subject: [PATCH 14/29] Create application.yml --- application.yml | 96 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 application.yml diff --git a/application.yml b/application.yml new file mode 100644 index 0000000..2ce6d05 --- /dev/null +++ b/application.yml @@ -0,0 +1,96 @@ +logging: + file: flow.log + level: + com: + checkmarx: + flow: + service: TRACE + org: + apache: + http: + wire: TRACE + springframework: + web: + client: + RestTemplate: TRACE + +cxflow: + bug-tracker: Jira + #bug-tracker-impl: + #- GitHub + branches: + - master + filter-severity: + filter-category: + - SQL_Injection + - Stored_XSS + - Reflected_XSS_All_Clients + filter-cwe: + filter-status: + # - Urgent + # - Confirmed + #mitre-url: https://cwe.mitre.org/data/definitions/%s.html + #wiki-url: https://custodela.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance + codebash-url: https://checkmarx-demo.codebashing.com/courses/ + +jira: + url: ${{ secrets.JIRA_URL }} + username: philipmolive@gmail.com + token: ${{ secrets.JIRA_TOKEN }} + project: DSVW + issue-type: Bug + priorities: + High: High + Medium: Medium + Low: Low + Informational: Lowest + open-transition: In Progress + close-transition: Done + open-status: + - Backlog + - Selected for Development + - In Progress + closed-status: + - Done + fields: + - type: result + name: application + jira-field-name: Application + jira-field-type: label +# - type: result +# name: cwe +# jira-field-name: CWEs +# jira-field-type: label + - type: result + name: category + jira-field-name: Category + jira-field-type: label +# - type: result +# name: loc +# jira-field-name: LOC +# jira-field-type: label +# jira-default-value: XXXXX + +checkmarx: + version: 9.0 + scope: access_control_api sast_rest_api + team: /CxServer/ + username: admin + password: ${{ secrets.CHECKMARX_SCA_USERNAME }} + client-secret: 014DF517-39D1-4453-B7B3-9930C563627C + base-url: http://cxsast.ngrok.io + url: ${checkmarx.base-url}/cxrestapi + #WSDL Config + portal-url: ${checkmarx.base-url}/cxwebinterface/Portal/CxWebService.asmx + sdk-url: ${checkmarx.base-url}/cxwebinterface/SDK/CxSDKWebService.asmx + portal-wsdl: ${checkmarx.base-url}/Portal/CxWebService.asmx?wsdl + sdk-wsdl: ${checkmarx.base-url}/SDK/CxSDKWebService.asmx?wsdl + + +github: + webhook-token: 12345 + token: ${{ secrets.GH_TOKEN }} + url: https://github.com + api-url: https://api.github.com/repos/ + false-positive-label: false-positive + block-merge: true From e093a991ba52266c8dca191ac2fcff11c929a75e Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Sun, 2 May 2021 22:56:30 -0400 Subject: [PATCH 15/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d4bbb0..29d1a40 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ![](https://github.com/CheckmarxDev/NodeGoat-test/workflows/cx/badge.svg) -This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code.123 +This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. **The full course content is now available on Github for free:** From 5ba1419a4d77be02b790f88a6e1ff69049558ef7 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Sun, 2 May 2021 23:00:45 -0400 Subject: [PATCH 16/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 29d1a40..6429e44 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -3 + From 53ed9927e7f75d2373302f2007127fbf411d6c38 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 09:22:41 -0400 Subject: [PATCH 17/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6429e44..35abdbc 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring - +1 From 8353952db3c7e21e2b6b5b2b2d2d607a115b3baa Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 11:17:25 -0400 Subject: [PATCH 18/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 35abdbc..54b26b7 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -1 +2 From 1a6ba0f5fbdbadee02d92a0f14bbc38eda301437 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 14:13:56 -0400 Subject: [PATCH 19/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 54b26b7..29d1a40 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -2 +3 From dfe945e27349c8612ea7ee3d3d7d30a5cc6d4714 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 14:16:32 -0400 Subject: [PATCH 20/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 29d1a40..7bce388 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -3 +4 From 871501154f5279d199fe855eb9206acefc374a3d Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 14:18:18 -0400 Subject: [PATCH 21/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7bce388..e638f9c 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -4 +5 From 279ead55f61c7ea57ef67504ee0f7bb8d1b681d1 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 14:18:36 -0400 Subject: [PATCH 22/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e638f9c..dc93a2f 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -5 +6 From 68a4f42f282dc6e754256a58b245f2ce553df06b Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Mon, 3 May 2021 14:22:10 -0400 Subject: [PATCH 23/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dc93a2f..64fc015 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -6 +7 From 9e7fead08bf77de9063f432ac6a0dbf2f7b45992 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Thu, 20 May 2021 17:48:17 -0400 Subject: [PATCH 24/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 64fc015..64d929c 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -7 +8 From 2f495e76f0e2490f0e09be3c1f19f183ecdb6aa7 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Thu, 20 May 2021 17:51:09 -0400 Subject: [PATCH 25/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 64d929c..5754ad3 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -8 +9 From 4c6d041bd83dd7ad36fbec87402281b89ffbb364 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Fri, 21 May 2021 02:06:20 -0400 Subject: [PATCH 26/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5754ad3..282c40d 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,4 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: https://github.com/CSPF-Founder/VulnerableSpring -9 +10 From 0197be2d90c8719e8d289d478f1657dde6c8e4c4 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Thu, 5 Aug 2021 15:49:52 -0400 Subject: [PATCH 27/29] Update checkmarx-sca-scan-on-pr.yml --- .github/workflows/checkmarx-sca-scan-on-pr.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml index 4c38834..dca3b43 100644 --- a/.github/workflows/checkmarx-sca-scan-on-pr.yml +++ b/.github/workflows/checkmarx-sca-scan-on-pr.yml @@ -12,11 +12,11 @@ name: Checkmarx SCA Scan (Pull Request) on: - pull_request: - types: [opened, reopened, synchronize] # Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation. - branches: - - master - - main + #pull_request: + # types: [opened, reopened, synchronize] # Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation. + # branches: + # - master + # - main jobs: build: From 8fc13725c5e4ca63c1570b9fb480dfc9a7dd5196 Mon Sep 17 00:00:00 2001 From: checkmarxSE <60154583+checkmarxSE@users.noreply.github.com> Date: Thu, 5 Aug 2021 15:50:20 -0400 Subject: [PATCH 28/29] Update checkmarx-sca-scan-on-push.yml --- .github/workflows/checkmarx-sca-scan-on-push.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/checkmarx-sca-scan-on-push.yml b/.github/workflows/checkmarx-sca-scan-on-push.yml index 8306cf0..dd5499f 100644 --- a/.github/workflows/checkmarx-sca-scan-on-push.yml +++ b/.github/workflows/checkmarx-sca-scan-on-push.yml @@ -12,10 +12,10 @@ name: Checkmarx SCA Scan (Push) on: - push: - branches: - - main - - master + #push: + # branches: + # - main + # - master jobs: build: From ab5b89da7474c9cb04b85dbb6ee56c91c534af46 Mon Sep 17 00:00:00 2001 From: CxSeanC <81707723+CxSeanC@users.noreply.github.com> Date: Thu, 19 Aug 2021 14:50:57 -0400 Subject: [PATCH 29/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 282c40d..56b3b48 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ![](https://github.com/CheckmarxDev/NodeGoat-test/workflows/cx/badge.svg) - +##test This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. **The full course content is now available on Github for free:**