Skip to main content

Configuring a Project with Git Integration

The following notes apply to configuring a project with Git integration:

  • The repository is not obligated to be hosted on GitHub

  • The 'GitHub Integration` checkbox can be left unchecked

  • Code can be scanned from a Git repository, manually or according to a schedule, like any other Checkmarx CxSAST scan.

Setting a GIT Repository and Choosing a Branch to be scanned

In order to set a Git repository, you have to define the Project Location first.

The project location can be accessed, either from a new project (Projects & Scans > Create New Project > Location)...

6436184985.png

...or from an existing project (Projects > Location).

6436184982.png

In both cases, click <Select> and then select GIT from the Source Control drop-down. You are asked for the authentication method.

6436185003.png

Notice

Refer to GitHub - Appendix D: Tips on Finding Git / GitHub Repository URLs for tips on how to find your repository URL from GitHub.

Notice

When moving from one authentication method to another, any credentials, access tokens etc. are deleted and must be redefined.

Perform one of the following according to which type of authentication method is required:

  • If you are using a public repository, configure the connection as follows:

    • Enter the relevant URL into the Repository URL field, for example https://github.com//.git

Notice

For a public repository, no authentication is required.

  • Click <Test Connection>. Once the 'Connection Successful' message is displayed, you can continue.

Notice

If a 'Connection Failed' message is displayed, verify that the URL is correct and then try again.

Warning

  • GitHub no longer supports basic authentication, which means that that a personal access token is now required. For additional information, refer to the relevant GitHub notice.

  • Personal access tokens require CxSAST 9.0 or higher with the most recent hotfixes installed.

If you are using a Private repository with Personal Token, configure the connection and authentication as follows:

1. Select Personal Token.

6436185015.png

2. Enter the relevant URL into the Repository URL field.

  • If you enter the URL with the token, the provided token is automatically copied into the Token field. The token is then removed from the URL. URL example (with token): https://<Token>@github.com/<AccountName>/<RepositoryName>.git

  • If you are using Gitlab personal tokens, include your username before the token, separated by a colon, like this:

    https://<usename>:<Token>@gitlab.com/<AccountName>/<RepositoryName>.git

  • If you enter the URL without the token, you have to enter the relevant token into the Token field. URL example (without token): https://@github.com/<AccountName>/<RepositoryName>.git

  • Enter your token into the Token field.

  • Click <Test Connection>. Once the 'Connection Successful' message is displayed you can continue.

Notice

If a 'Connection failed' message is displayed, validate that the URL and token are correct and then try again.

3. If you're using a Private repository with SSH, configure connection and authentication in the following way:

  • Select SSH.

6436185018.png
  • Enter the relevant URL into the Repository URL field. URL example: git@github.com:<AccountName>/<RepositoryName>.git

  • Select one of the available options:

    • Select Text and paste the SSH key directly into the Private Key text area.

    • Select File and navigate to the SSH Key generated file and then link to it.

Notice

Refer to Appendix A-1: Creating an SSH Key (Authentication to GIT) for steps on how to create an SSH Key file. We use the id_rsa file (without an extension).

  • Click <Test Connection>. Once the 'Connection Successful' message is displayed you can continue.

Notice

If a 'Connection failed' message is displayed, validate that the URL and SSH key are correct and then try again.

4. Click the GitHub Scan Automation option (if required). For GitHub scan automation, refer to Configuring GitHub Integration

5. Click <OK>. The Source Control Folder is displayed.

6436184976.png

6. Navigate to the relevant branch to be scanned.

7. Click <OK> to complete the procedure.