-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins.
The option "Hide results" in the global configuration only hide vulnerabilities display on the project's page of Jenkins.
But if the user configure his build to generate the json and/or the xml report, the report file will be accessible in the build workspace.
We don't want to see any details of Checkmarx analysis on Jenkins, we only use the Jenkins plugin to run scans and we prefer to access directly on Checkmarx to consult the results.
It is possible to add the options :
- "Never create OSA report"
- "Never create SAST report"
- "Never create SCA report"
in the Jenkins global configuration ?
For the moment, we comment the call of the methods "createSastReports", "createScaReports" and "createOsaReports" in CxScanBuilder.java.
But we have to rebuild at every release.
- Jenkins 2.277.4
- checkmarx-plugin 2021.2.94
[JENKINS-61396] Configure the plugin to not generate any report on Jenkins
| Description |
Original:
If Jenkins is used as services with many project, the administrator must be able to choose if the project can show their vulnerabilities. I purpose to add an option on the global level to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
New:
If Jenkins is used as services with many project, the administrator must be able to choose if the projects can show their vulnerabilities. I purpose to add an option on the global level to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
| Attachment | New: image-2020-03-11-11-47-29-476.png [ 50642 ] |
| Description |
Original:
If Jenkins is used as services with many project, the administrator must be able to choose if the projects can show their vulnerabilities. I purpose to add an option on the global level to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
New:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins. For now, we just patched the plugin to not generate the reports : !image-2020-03-11-11-47-29-476.png|width=812,height=393! I purpose to add an option on the global configuration of the plugin to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
| Assignee | Original: Sergey Kadaner [ sergeyk ] | New: Liran Stern [ sternlir ] |
| Description |
Original:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins. For now, we just patched the plugin to not generate the reports : !image-2020-03-11-11-47-29-476.png|width=812,height=393! I purpose to add an option on the global configuration of the plugin to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
New:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins. For now, we only patched the plugin to not generate reports : !image-2020-03-11-11-47-29-476.png|width=812,height=393! I purpose to add an option on the global configuration of the plugin to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
| Description |
Original:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins. For now, we only patched the plugin to not generate reports : !image-2020-03-11-11-47-29-476.png|width=812,height=393! I purpose to add an option on the global configuration of the plugin to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. |
New:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins. For now, we only patched the plugin to not generate reports : !image-2020-03-11-11-47-29-476.png|width=812,height=393! I purpose to add an option on the global configuration of the plugin to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. * Jenkins 2.204.1 * checkmarx-plugin 8.90.4 |
| Description |
Original:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins. For now, we only patched the plugin to not generate reports : !image-2020-03-11-11-47-29-476.png|width=812,height=393! I purpose to add an option on the global configuration of the plugin to block all checkmarx reports generation on Jenkins. With this option enabled, the plugin will just run a analysis and get the status. To see the full details of the analysis, the user must have the rights to connect to checkmarx. * Jenkins 2.204.1 * checkmarx-plugin 8.90.4 |
New:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins.
The option "Hide results" in the global configuration only hide vulnerabilities display on the project's page of Jenkins. But if the user configure his build to generate the json and/or the xml report, the report file will be accessible in the build workspace. * Jenkins 2.204.1 * checkmarx-plugin 8.90.4 |
| Description |
Original:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins.
The option "Hide results" in the global configuration only hide vulnerabilities display on the project's page of Jenkins. But if the user configure his build to generate the json and/or the xml report, the report file will be accessible in the build workspace. * Jenkins 2.204.1 * checkmarx-plugin 8.90.4 |
New:
The administrator must be able to choose if the vulnerabilities returned by checkmarx can be visibles or not on Jenkins.
The option "Hide results" in the global configuration only hide vulnerabilities display on the project's page of Jenkins. But if the user configure his build to generate the json and/or the xml report, the report file will be accessible in the build workspace. We don't want to see any details of Checkmarx analysis on Jenkins, we only use the Jenkins plugin to run analysis and prefers to access directly on Checkmarx to consult the results. It is possible to add the options : * "Never create OSA report" * "Never create SAST report" * "Never create SCA report" in the Jenkins global configuration ? For the moment, we comment the call of the methods "createSastReports", "createScaReports" and "createOsaReports" in CxScanBuilder.java. * Jenkins 2.277.4 * checkmarx-plugin 2021.2.94 |
| Attachment | Original: image-2020-03-11-11-47-29-476.png [ 50642 ] |
