GitHub Fixer for CxOne
Introductions
This guide will provide a quick and easy guide to integrate Mobb with your Checkmarx One environment. The GitHub Action referenced in this integration can be found on GitHub Marketplace, under cx-mobb-fixer-action.
This guide is also recorded in an easy-to-follow video format that can be found here:
Prerequisites
Before starting this integration, you will need to have the following components:
A Checkmarx One (CxOne) account
A GitHub repository which will be monitored by CxOne
Step 1 - Set Up Checkmarx monitoring for your GitHub repository
If you have already configured Checkmarx One to monitor your GitHub repository, skip to Step 2 below.
Follow the Checkmarx One guide on setting up monitoring for your GitHub repository for Pull Request events.
By the end of this step, Checkmarx should be fully configured to run on every Pull Requests. If there are issues found, Checkmarx will automatically populate the comments section in the PR with a scan summary.
Here is an example of this scan summary appearing in a GitHub PR comments section:
Step 2 - Set Up Mobb GitHub Fixer to monitor for Checkmarx results
You will need to generate 2 tokens and store them in your GitHub Action's secrets and variables:
cx-api-token
- This is the Checkmarx API Token. You can generate this token by following the guide here.mobb-api-token
- This is the Mobb API Token. You can genreate this token by following the guide here.
Once you have both tokens generated, simply store them in your GitHub repository under the "Settings" tab -> Secrets and variables -> Actions -> New respository secret.
Step 3 - Create the workflow yaml
in your GitHub Repository
yaml
in your GitHub RepositoryThe next step involves creating the workflow file in your GitHub repository. To do so, click on Actions -> New workflow.
Select "set up a workflow yourself".
In the code editor page, simply copy and paste the following workflow.
Then click on "Commit Changes". Note that this workflow file must be stored under the default branch for this integration to work.
The integration is now complete. On every PR, Checkmarx will be triggered to run a SAST scan. Afterward, the Mobb autofixer will run to consume the report from Checkmarx to product fix results directly in your Pull Request.
Last updated