YML Example Files - checkmarx-ltd/cx-flow GitHub Wiki
This is a set of example yml file configurations used to execute CxFlow.
All files have configuration examples for the following
Webhooks
- Azure
- BitBucket
- GitHub
- GitLab
Issue Tracking
- Azure
- GitHub
- GitLab
- JIRA
Note The current examples use http communication. It is recommended that the webtokens be changed to use a more secure protocol.
server:
port: ${PORT:8982}
logging:
file:
name: flow.log
cxflow:
bug-tracker: JIRA
#bug-tracker-impl:
# - Azure
# - Csv
# - CxXml
# - GitHub
# - GitLab
# - Rally
# - Json
branches:
- master
- main
- dev\w+
- release-\w+
scan-unprotected-branches: true (scan all the branches if no protected branch set in application.yml or in cx.config file.
filter-severity:
# - High
filter-category:
- SQL_Injection
- Stored_XSS
- Reflected_XSS_All_Clients
filter-cwe:
filter-status:
# - New
# - Recurrent
filter-state:
# - Urgent
# - Confirmed
# - To Verify
#mitre-url: https://cwe.mitre.org/data/definitions/%s.html
#wiki-url: https://custodela.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance
checkmarx:
username: ###<cxsast_username>###
password: ###<cxsast_password>###
client-secret: 014DF517-39D1-4453-B7B3-9930C563627C
base-url: http://localhost
team: \CxServer\SP\Company
url: ${checkmarx.base-url}/cxrestapi
cx-branch: true
#scan-preset: Checkmarx Default
#incremental: true
#WSDL Config
portal-url: ${checkmarx.base-url}/cxwebinterface/Portal/CxWebService.asmx
sdk-url: ${checkmarx.base-url}/cxwebinterface/SDK/CxSDKWebService.asmx
portal-wsdl: ${checkmarx.base-url}/Portal/CxWebService.asmx?wsdl
sdk-wsdl: ${checkmarx.base-url}/SDK/CxSDKWebService.asmx?wsdl
azure:
webhook-token: cxflow:12345
token: ###<ADOtoken>###
url: https://dev.azure.com/
issue-type: issue
api-version: 5.0
false-positive-label: false-positive
#block-merge: true
closed-status: Done
open-status: "To Do"
bitbucket:
webhook-token: 12345
token: ###<bitbucketuser>###:###<bitbuckettoken>###
url: https://api.bitbucket.org
api-path: /2.0
github:
webhook-token: 12345
token: ###<githubtoken>###
url: https://github.com
api-url: https://api.github.com/repos/
false-positive-label: false-positive
#block-merge: true
#error-merge: true
#cx-summary: true
gitlab:
webhook-token: 12345
token: ###<gitlabtoken>###
url: https://gitlab.com
api-url: https://gitlab.com/api/v4/
false-positive-label: false-positive
#block-merge: true
jira:
url: ###<jira url>###
username: ###<jira user email>###
token: ###<jira api token>###
project: APPSEC
issue-type: Bug
label-prefix: < CUSTOM PREFIX NAME >
priorities:
High: High
Medium: Medium
Low: Low
Informational: Lowest
open-transition: In Progress
close-transition: Done
open-status:
- Backlog
- Selected for Development
- In Progress
closed-status:
- Done
fields:
- type: result
name: application
jira-field-name: Application (NOTE: Configuring the "jira-field-name" parameter to Labels would affect issue tracking and might result in duplicate bug creation or bugs not closing or opening.)
jira-field-type: label
- type: result
name: cwe
jira-field-name: CWEs
jira-field-type: label
- type: result
name: category
jira-field-name: Category
jira-field-type: label
- type: result
name: loc
jira-field-name: LOC
jira-field-type: label
jira-default-value: XXXXX
- type: sca-results
name: package-name
jira-field-name: Package Name
jira-field-type: label
- type: sca-results
name: current-version
jira-field-name: Current Version
jira-field-type: label
- type: sca-results
name: fixed-version
jira-field-name: Fixed Version
jira-field-type: label
- type: sca-results
name: newest-version
jira-field-name: Newest Version
jira-field-type: label
- type: sca-results
name: locations
jira-field-name: Locations
jira-field-type: label
- type: sca-results
name: risk-score
jira-field-name: Risk Score
jira-field-type: label
- type: sca-results
name: dev-dependency
jira-field-name: Development
jira-field-type: single-select
- type: sca-results
name: direct-dependency
jira-field-name: Direct
jira-field-type: single-select
- type: sca-results
name: outdated
jira-field-name: Outdated
jira-field-type: single-select
- type: sca-results
name: violates-policy
jira-field-name: Violates Policy
jira-field-type: single-select
server:
port: ${PORT:8982}
logging:
file:
name: flow.log
cxflow:
bug-tracker: JIRA
#bug-tracker-impl:
# - Azure
# - Csv
# - CxXml
# - GitHub
# - GitLab
# - Rally
# - Json
branches:
- master
- main
- dev\w+
- release-\w+
scan-unprotected-branches: true (scan all the branches if no protected branch set in application.yml or in cx.config file.
filter-severity:
- High
filter-category:
# - SQL_Injection
# - Stored_XSS
# - Reflected_XSS_All_Clients
filter-cwe:
filter-status:
# - New
# - Recurrent
filter-state:
# - Urgent
# - Confirmed
# - To Verify
#mitre-url: https://cwe.mitre.org/data/definitions/%s.html
#wiki-url: https://custodela.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance
enabled-vulnerability-scanners:
# - sca
- sast
checkmarx:
version: 9.0
username: ###<cxsast_username>###
password: ###<cxsast_password>###
client-id: resource_owner_client
client-secret: 014DF517-39D1-4453-B7B3-9930C563627C
scope: access_control_api sast_rest_api
base-url: http://cx.local
#multi-tenant: true
configuration: Default Configuration
cx-branch: true
#scan-preset: Checkmarx Defaul
preserve-xml: true
team: /CxServer/Checkmarx/CxFlow
url: ${checkmarx.base-url}/cxrestapi
#scan-preset: Checkmarx Default
#incremental: true
#WSDL Config
portal-url: ${checkmarx.base-url}/cxwebinterface/Portal/CxWebService.asmx
sdk-url: ${checkmarx.base-url}/cxwebinterface/SDK/CxSDKWebService.asmx
portal-wsdl: ${checkmarx.base-url}/Portal/CxWebService.asmx?wsdl
sdk-wsdl: ${checkmarx.base-url}/SDK/CxSDKWebService.asmx?wsdl
azure:
webhook-token: cxflow:12345
token: ###<ADOtoken>###
url: https://dev.azure.com/
issue-type: issue
api-version: 5.0
false-positive-label: false-positive
#block-merge: true
closed-status: Done
open-status: "To Do"
bitbucket:
webhook-token: 12345
token: ###<bitbucketuser>###:###<bitbuckettoken>###
url: https://api.bitbucket.org
api-path: /2.0
github:
webhook-token: 12345
token: ###<githubtoken>###
url: https://github.com
api-url: https://api.github.com/repos/
false-positive-label: false-positive
#block-merge: true
#error-merge: true
#cx-summary: true
gitlab:
webhook-token: 12345
token: ###<gitlabtoken>###
url: https://gitlab.com
api-url: https://gitlab.com/api/v4/
false-positive-label: false-positive
#block-merge: true
jira:
url: ###<jira url>###
username: ###<jira user email>###
token: ###<jira api token>###
project: APPSEC
issue-type: Bug
label-prefix: < CUSTOM PREFIX NAME >
priorities:
High: High
Medium: Medium
Low: Low
Informational: Lowest
open-transition: In Progress
close-transition: Done
open-status:
- Backlog
- Selected for Development
- In Progress
closed-status:
- Done
fields:
- type: result
name: application
jira-field-name: Application (NOTE: Configuring the "jira-field-name" parameter to Labels would affect issue tracking and might result in duplicate bug creation or bugs not closing or opening.)
jira-field-type: label
- type: result
name: cwe
jira-field-name: CWEs
jira-field-type: label
- type: result
name: category
jira-field-name: Category
jira-field-type: label
- type: result
name: loc
jira-field-name: LOC
jira-field-type: label
jira-default-value: XXXXX
- type: sca-results
name: package-name
jira-field-name: Package Name
jira-field-type: label
- type: sca-results
name: current-version
jira-field-name: Current Version
jira-field-type: label
- type: sca-results
name: fixed-version
jira-field-name: Fixed Version
jira-field-type: label
- type: sca-results
name: newest-version
jira-field-name: Newest Version
jira-field-type: label
- type: sca-results
name: locations
jira-field-name: Locations
jira-field-type: label
- type: sca-results
name: risk-score
jira-field-name: Risk Score
jira-field-type: label
- type: sca-results
name: dev-dependency
jira-field-name: Development
jira-field-type: single-select
- type: sca-results
name: direct-dependency
jira-field-name: Direct
jira-field-type: single-select
- type: sca-results
name: outdated
jira-field-name: Outdated
jira-field-type: single-select
- type: sca-results
name: violates-policy
jira-field-name: Violates Policy
jira-field-type: single-select