Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[REQ]-New Docker Image version without Entrypoint #960

Open
linuxshark opened this issue Dec 6, 2024 · 1 comment
Open

[REQ]-New Docker Image version without Entrypoint #960

linuxshark opened this issue Dec 6, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@linuxshark
Copy link

linuxshark commented Dec 6, 2024

Is your request related to a workflow problem?

With the Gitlab "pipeline execution policy" integration, overwrides entrypoint is not a valid sentence as a normal CICD should. That's the reason why the normal include of the CXONE public template is not working https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml

That gives me an execution error when i call cxOne from my Gitlab "pipeline execution policy" as show:

Using docker image sha256:6d53f64061e0d20e0f66c15747d7f087a4ec42089402a01c6550375f23e61ffc for checkmarx/ast-cli with digest checkmarx/ast-cli@sha256:72b5c9247cd62b78204286e89539f9626d3bc8378dd5a223e4e5bf9dbd1f1c35 ...
Creating directory
unknown command "sh" for "cx"
Error: unknown command "sh" for "cx"
Run 'cx --help' for usage.

Proposed a solution

Create a new docker Image version without the current entrypoint "ENTRYPOINT ["/app/bin/cx"]" and SH interpreter to test if this mod can be used inside a Gitlab "pipeline execution policy"

Additional comments

Here you can find the documentation about how Gitlab "pipeline execution policy" inject the pipeline inside existing CICD process https://docs.gitlab.com/ee/user/application_security/policies/pipeline_execution_policies.html

Maybe you can review it on next sprints to create a proper integration with this use case

@linuxshark linuxshark added the enhancement New feature or request label Dec 6, 2024
@linuxshark
Copy link
Author

linuxshark commented Dec 9, 2024

I made some testings:

1.- create a new docker image Using checkmarx/ast-cli:latest as source

2.- create my new dockerfile without entrypoint to be sure that i can enter into the image and run custom sentences with /app/bin/cx

3.- in my "pipeline execution policy" i changed the docker image sentence (remember i had to do this because "pipeline exec policy" does not support "entrypoint" sentence:

stages:
  - test

checkmarx-scan:
  stage: test
  image:   
    name: peyocl/cyberreadteam-cxast
    #entrypoint: [''] #commented because by definition it's not supported with pipeline execution policy
  script:
     - >-
       /app/bin/cx
       scan create
       --project-name ${CX_PROJECT_NAME}
       --file-source '.'
       --scan-info-format 'json'
       --branch ${CX_BRANCH_NAME}
       --agent 'Gitlab' 
       --file-filter "${CX_FILE_FILTERS}"

Dockerfile is quite simple

FROM checkmarx/ast-cli:latest

ENTRYPOINT [""]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant