You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
That gives me an execution error when i call cxOne from my Gitlab "pipeline execution policy" as show:
Using docker image sha256:6d53f64061e0d20e0f66c15747d7f087a4ec42089402a01c6550375f23e61ffc for checkmarx/ast-cli with digest checkmarx/ast-cli@sha256:72b5c9247cd62b78204286e89539f9626d3bc8378dd5a223e4e5bf9dbd1f1c35 ...
Creating directory
unknown command "sh" for "cx"
Error: unknown command "sh" for "cx"
Run 'cx --help' for usage.
Proposed a solution
Create a new docker Image version without the current entrypoint "ENTRYPOINT ["/app/bin/cx"]" and SH interpreter to test if this mod can be used inside a Gitlab "pipeline execution policy"
1.- create a new docker image Using checkmarx/ast-cli:latest as source
2.- create my new dockerfile without entrypoint to be sure that i can enter into the image and run custom sentences with /app/bin/cx
3.- in my "pipeline execution policy" i changed the docker image sentence (remember i had to do this because "pipeline exec policy" does not support "entrypoint" sentence:
stages:
- test
checkmarx-scan:
stage: test
image:
name: peyocl/cyberreadteam-cxast
#entrypoint: [''] #commented because by definition it's not supported with pipeline execution policy
script:
- >-
/app/bin/cx
scan create
--project-name ${CX_PROJECT_NAME}
--file-source '.'
--scan-info-format 'json'
--branch ${CX_BRANCH_NAME}
--agent 'Gitlab'
--file-filter "${CX_FILE_FILTERS}"
Is your request related to a workflow problem?
With the Gitlab "pipeline execution policy" integration, overwrides entrypoint is not a valid sentence as a normal CICD should. That's the reason why the normal include of the CXONE public template is not working https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml
That gives me an execution error when i call cxOne from my Gitlab "pipeline execution policy" as show:
Proposed a solution
Create a new docker Image version without the current entrypoint "ENTRYPOINT ["/app/bin/cx"]" and SH interpreter to test if this mod can be used inside a Gitlab "pipeline execution policy"
Additional comments
Here you can find the documentation about how Gitlab "pipeline execution policy" inject the pipeline inside existing CICD process https://docs.gitlab.com/ee/user/application_security/policies/pipeline_execution_policies.html
Maybe you can review it on next sprints to create a proper integration with this use case
The text was updated successfully, but these errors were encountered: