CSV does not fully capture scan results #1088

kayvonkhosrowpour · 2022-08-16T22:33:59Z

kayvonkhosrowpour
Aug 16, 2022

Hi,

Problem
I am running CxFlow in-pipeline in GitLab. I am not able to get all of the vulnerabilities from the scan into the CSV artifacts from CxFlow.

Expectation
I want 0 filtering on the vulnerabilities and I want everything to show in the CSV.

Details
For example, when running the scan I get:

2022-08-16 22:17:54.047  INFO 14 --- [main] c.c.f.s.ResultsService [aAbKWWlE] : 
The vulnerabilities found for the scan are: high: 0, medium: 1, low: 19, info: 0

But in the CSV I only get a list of 15 LOW vulnerabilities.

variables:
    CHECKMARX_INCREMENTAL: "false"
    CHECKMARX_VERSION: "9.0"
    CHECKMARX_SETTINGS_OVERRIDE: "false"
    CHECKMARX_EXCLUDE_FILES: "" # exclude files from scan
    CHECKMARX_EXCLUDE_FOLDERS: "" # exclude folders from scan
    CHECKMARX_CONFIGURATION: Default Configuration
    CHECKMARX_SCAN_PRESET: Checkmarx Default
    CHECKMARX_BASE_URL: <MY_URL>
    CX_FLOW_EXE: java -jar /app/cx-flow.jar
    CX_PROJECT: $CI_PROJECT_NAME
    CX_FLOW_ENABLED_VULNERABILITY_SCANNERS: sast
    CX_FLOW_BREAK_BUILD: "false"
    CX_FLOW_ZIP_EXCLUDE: "" # exclude files from being zipped to send to scan (ex: "\.git/.*, .*\.png")
    CX_PARAMS: "" # optional params to set
    GITLAB_BLOCK_MERGE: "false"
    GITLAB_URL: $CI_SERVER_URL
    GITLAB_API_URL: $CI_API_V4_URL
    GITLAB_TOKEN: $CHECKMARX_GITLAB_TOKEN

    CX_FLOW_FILTER_SEVERITY: ""
    CX_FLOW_FILTER_CATEGORY: ""
    CX_FLOW_FILTER_CWE: ""
    CX_FLOW_FILTER_STATE: ""

Note that CX_FLOW_FILTER_SEVERITY, CX_FLOW_FILTER_CATEGORY, CX_FLOW_FILTER_CWE, and CX_FLOW_FILTER_STATE have all been set.

And my job has the following script

  script:
    - ${CX_FLOW_EXE}
        --scan
        --bug-tracker="Csv"
        --csv.file-name-format="[TEAM]-[PROJECT]-[TIME].csv"
        --csv.include-headers="true"
        --csv.data-folder="checkmarx"
        --app="${CI_PROJECT_NAME}" 
        --namespace="${CI_PROJECT_NAMESPACE}" 
        --repo-name="${CI_PROJECT_NAME}" 
        --repo-url="${CI_REPOSITORY_URL}" 
        --cx-team="${CX_TEAM}" 
        --cx-project="${CX_PROJECT}" 
        --branch="${CI_COMMIT_BRANCH}"
        --spring.profiles.active="${CX_FLOW_ENABLED_VULNERABILITY_SCANNERS}" 
        --f=. 
        --logging.file.name=cx-flow.log
        ${CX_PARAMS}

How do I stop all filtering and make sure I get all results in the CSV file artifact?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CSV does not fully capture scan results #1088

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

CSV does not fully capture scan results #1088

kayvonkhosrowpour Aug 16, 2022

Replies: 0 comments

kayvonkhosrowpour
Aug 16, 2022