-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Nathan Leach edited this page Jul 21, 2024
·
3 revisions
The CxFlow++ GitHub action is for users of CxSAST and SCA Standalone. If you are using Checkmarx One, you will want to look at the (CheckmarxOne++ GitHub Action)[https://github.com/checkmarx-ts/cxone-plusplus-github-action] for an action functionally similar to this action.
Please see the deployment examples for sample action YAML that can be adapted for your needs.
Scans are orchestrated by CxFlow when the action executes. This action, unlike the (Checkmarx CxFlow)[https://github.com/marketplace/actions/checkmarx-cxflow-action] action, is a composite action that executes on the runner rather than in a container. This allows CxFlow to be configured using any valid methods supported by CxFlow:
- By environment variables defined in the runner's environment. These can be defined directly on GitHub or as part of the startup of a self-hosted runner.
- By command line options passed in the
cxflow-params,pull-request-cxflow-params, orpush-cxflow-paramsaction configuration options. - By a YAML file deployed statically on a self-hosted runner or downloaded dynamically as part of the GitHub workflow prior to the CxFlow++ action execution.