Configuring a Project with Git Integration
The following notes apply to configuring a project with Git integration:
The repository is not obligated to be hosted on GitHub
The 'GitHub Integration` checkbox can be left unchecked
Code can be scanned from a Git repository, manually or according to a schedule, like any other Checkmarx CxSAST scan.
Setting a GIT Repository and Choosing a Branch to be scanned
In order to set a Git repository, you have to define the Project Location first.
The project location can be accessed, either from a new project (Projects & Scans > Create New Project > Location)...
...or from an existing project (Projects > Location).
In both cases, click <Select> and then select GIT from the Source Control drop-down. You are asked for the authentication method.
Notice
Refer to GitHub - Appendix D: Tips on Finding Git / GitHub Repository URLs for tips on how to find your repository URL from GitHub.
Notice
When moving from one authentication method to another, any credentials, access tokens etc. are deleted and must be redefined.
Perform one of the following according to which type of authentication method is required:
If you are using a public repository, configure the connection as follows:
Enter the relevant URL into the Repository URL field, for example https://github.com//.git
Notice
For a public repository, no authentication is required.
Click <Test Connection>. Once the 'Connection Successful' message is displayed, you can continue.
Notice
If a 'Connection Failed' message is displayed, verify that the URL is correct and then try again.
Warning
GitHub no longer supports basic authentication, which means that that a personal access token is now required. For additional information, refer to the relevant GitHub notice.
Personal access tokens require CxSAST 9.0 or higher with the most recent hotfixes installed.
If you are using a Private repository with Personal Token, configure the connection and authentication as follows:
1. Select Personal Token.
2. Enter the relevant URL into the Repository URL field.
If you enter the URL with the token, the provided token is automatically copied into the Token field. The token is then removed from the URL. URL example (with token): https://<Token>@github.com/<AccountName>/<RepositoryName>.git
If you are using Gitlab personal tokens, include your username before the token, separated by a colon, like this:
https://<usename>:<Token>@gitlab.com/<AccountName>/<RepositoryName>.git
If you enter the URL without the token, you have to enter the relevant token into the Token field. URL example (without token): https://@github.com/<AccountName>/<RepositoryName>.git
Enter your token into the Token field.
Click <Test Connection>. Once the 'Connection Successful' message is displayed you can continue.
Notice
If a 'Connection failed' message is displayed, validate that the URL and token are correct and then try again.
3. If you're using a Private repository with SSH, configure connection and authentication in the following way:
Select SSH.
Enter the relevant URL into the Repository URL field. URL example: git@github.com:<AccountName>/<RepositoryName>.git
Select one of the available options:
Select Text and paste the SSH key directly into the Private Key text area.
Select File and navigate to the SSH Key generated file and then link to it.
Notice
Refer to Appendix A-1: Creating an SSH Key (Authentication to GIT) for steps on how to create an SSH Key file. We use the id_rsa file (without an extension).
Click <Test Connection>. Once the 'Connection Successful' message is displayed you can continue.
Notice
If a 'Connection failed' message is displayed, validate that the URL and SSH key are correct and then try again.
4. Click the GitHub Scan Automation option (if required). For GitHub scan automation, refer to Configuring GitHub Integration
5. Click <OK>. The Source Control Folder is displayed.
6. Navigate to the relevant branch to be scanned.
7. Click <OK> to complete the procedure.