Skip to content

Commit

Permalink
CXFLW-1236 added code for custom keystore feature (#1376)
Browse files Browse the repository at this point in the history 
Co-authored-by: Satyam Chaurasia <[email protected]>
  • Loading branch information
@satyamchaurasiapersistent @satyamchaurasia
satyamchaurasiapersistent and satyamchaurasia authored Jul 26, 2024
1 parent bcbc60a commit b7fb0aa
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 1 deletion.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import org.gradle.api.tasks.testing.Test

buildscript {
ext {
CxSBSDK = "0.6.9"
CxSBSDK = "0.6.10"
ConfigProviderVersion = '1.0.14'
//cxVersion = "8.90.5"
springBootVersion = '3.2.5'
Expand Down
3 changes: 3 additions & 0 deletions docs/Configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -611,6 +611,9 @@ For more details on break build, please refer to [Thresholds and policies](https
| `cxflow.enabledVulnerabilityScanners` | false | No | Yes | Yes | User can define which checkmarx tool they want to use like SAST, SCA or both. |
| `checkmarx.considerScanningStatus` | false | No | Yes | Yes | By default, Checkmarx only includes completed scans (finished status) in incremental scans. This means it ignores scans that are currently running (scanning) or waiting to be processed (new queue). Enabling a feature this variable "cxflow" expands what incremental scans consider. With cxflow, scans in progress and those queued up are also taken into account, providing a more comprehensive view of your code's security posture. |
| `enabled-zip-scan` | false | No | Yes | Yes | When `enabled-zip-scan` is set to `true` then cx-flow will first clone the repository locally, and then it will zip the repository and send it for scanning. |
| `truststorepath` | false | No | Yes | Yes | User need to provide path of custom keystore along with file name. |
| `truststorepassword` | false | No | Yes | Yes | User need to provide custom keystore password. |
| `customkeystore` | false | No | Yes | Yes | When `customkeystore` is set to `true` then cx-flow will consider custom keystore. |
| `trustcerts` | false | No | Yes | Yes | If this option is true Cx-flow will bypass SSL. Default value is false so it will not bypass SSL. |
No* = Default is applied

Expand Down
20 changes: 20 additions & 0 deletions docs/Proxy-and-HTTPS-Configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,4 +99,24 @@ Insert the following into the application.yml file
- TLSv1.3
- TLSv1.2
```
# Using Custom KeyStore

To allow CXFlow to accept custom enterprise certificates without altering the default cacert, you can configure it to trust additional certificates by adding them to a custom trust store.<br>See documentation on importing certificates here:

## Step 1 : Create Custom KeyStore
```
keytool -importcert -file <path-to-your-certificate> -keystore custom-truststore.jks -alias <your-alias>
```

## Step 2 : Define Key store file path,Key Store password and enable custom keystore

```
checkmarx:
version: 9.4
username: admin@cx
truststorepath: C:\\Users\\abc\\OneDrive - Checkmarx\\Desktop\\certificate\\custom-truststore1.jks
truststorepassword: satyam
customkeystore: true
```

0 comments on commit b7fb0aa

Please sign in to comment.