Skip to content

Other/release integration (AST-151150) #1502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
cx-hitesh-madgulkar wants to merge 38 commits into from
Closed

Other/release integration (AST-151150) #1502

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
e30a441
Fix KICS container shutdown race condition and add OneAssist license …
cx-atish-jadhav May 26, 2026
e7356a7
Integrate file updates: SARIF enhancements, filters expansion, and pr…
cx-atish-jadhav May 26, 2026
b70b80a
Fix SCA vulnerabilities: update dependencies to patched versions
cx-atish-jadhav May 27, 2026
65f4dd0
Fix additional SCA vulnerabilities: containerd, golang.org/x/image, a…
cx-atish-jadhav May 27, 2026
e4e3aad
Fix k8s.io/kubectl version mismatch after SCA dependency upgrades
cx-atish-jadhav May 27, 2026
8249fe4
create CLAUDE.md file for ast-cli repo
cx-atish-jadhav May 28, 2026
ccb12ae
Updated filters.go
cx-atish-jadhav May 28, 2026
b6c006b
fix failing unit test case
cx-atish-jadhav May 28, 2026
2d38f62
trivy and integration check fixes
cx-atish-jadhav May 28, 2026
47eee87
CVE-2026-33813: fixing cxone scan vulnerability
cx-atish-jadhav May 28, 2026
f2eb1ad
Fix CVE vulnerabilities and lint issues
cx-atish-jadhav May 28, 2026
129ef8c
Override transitive golang.org/x/image and update config
cx-atish-jadhav May 29, 2026
1095e95
Fix KICS container shutdown race condition and add OneAssist license …
cx-atish-jadhav May 26, 2026
ad9ed06
Integrate file updates: SARIF enhancements, filters expansion, and pr…
cx-atish-jadhav May 26, 2026
820681b
Fix SCA vulnerabilities: update dependencies to patched versions
cx-atish-jadhav May 27, 2026
28c1d8f
Fix additional SCA vulnerabilities: containerd, golang.org/x/image, a…
cx-atish-jadhav May 27, 2026
c1a7a8b
Fix k8s.io/kubectl version mismatch after SCA dependency upgrades
cx-atish-jadhav May 27, 2026
df1be10
create CLAUDE.md file for ast-cli repo
cx-atish-jadhav May 28, 2026
92a7fe6
Updated filters.go
cx-atish-jadhav May 28, 2026
18dc8d1
fix failing unit test case
cx-atish-jadhav May 28, 2026
6808413
trivy and integration check fixes
cx-atish-jadhav May 28, 2026
780b52e
CVE-2026-33813: fixing cxone scan vulnerability
cx-atish-jadhav May 28, 2026
787783a
Fix CVE vulnerabilities and lint issues
cx-atish-jadhav May 28, 2026
1f068eb
Override transitive golang.org/x/image and update config
cx-atish-jadhav May 29, 2026
85c6850
Merge branch 'other/release-integration' of https://github.com/Checkm…
cx-atish-jadhav Jun 2, 2026
b99b734
Vulnerability fixes and ci changes
cx-atish-jadhav Jun 2, 2026
c7a8e92
Fix transitive CVE vulnerabilities without go mod tidy
cx-atish-jadhav Jun 2, 2026
0164e15
Added harden runner
cx-atish-jadhav Jun 8, 2026
edfdfb6
Merge branch 'main' into other/release-integration
cx-atish-jadhav Jun 8, 2026
12e4e48
release workflow - comment out notify step
cx-luis-ventuzelos Jun 8, 2026
f933d72
Commenting the signing logic from dev-release
cx-atish-jadhav Jun 8, 2026
f9e8694
Cx-One scan fixes for crypto
cx-atish-jadhav Jun 9, 2026
8a79767
Revert golang.org/x/crypto upgrade (v0.51.0 also vulnerable)
cx-atish-jadhav Jun 9, 2026
a00769a
Squashed commit of the following:
cx-atish-jadhav Jun 11, 2026
a965565
Size reduction changes
cx-atish-jadhav Jun 11, 2026
de12759
sbom changes
cx-atish-jadhav Jun 11, 2026
61c971f
Resolve merge conflicts in go.mod and go.sum
cx-atish-jadhav Jun 11, 2026
067891f
Resolved the size issue
cx-atish-jadhav Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 0 additions & 18 deletions .github/dependabot.yml
View file
Open in desktop

This file was deleted.

53 changes: 25 additions & 28 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,22 @@ on:
workflow_call:
inputs:
tag:
description: 'Next release tag'
description: "Next release tag"
required: true
type: string
dev:
description: 'Is dev build'
description: "Is dev build"
required: false
default: true
type: boolean
workflow_dispatch:
inputs:
tag:
description: 'Next release tag'
description: "Next release tag"
required: true
type: string
dev:
description: 'Is dev build'
description: "Is dev build"
required: false
default: true
type: boolean
Expand Down Expand Up @@ -138,13 +138,13 @@ jobs:
run: |
cosign sign --yes --key env://COSIGN_PRIVATE_KEY checkmarx/ast-cli:${{ inputs.tag }}

- name: Verify Docker image signature
if: inputs.dev == false
run: |
echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
#- name: Verify Docker image signature
# if: inputs.dev == false
# run: |
# echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
# cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
# env:
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

- name: Create GitHub Release
env:
Expand All @@ -164,10 +164,8 @@ jobs:

if [ "${{ inputs.dev }}" = "true" ]; then
gh release create "${common[@]}" --prerelease
gh release edit "${{ inputs.tag }}" --draft=false
else
gh release create "${common[@]}"
gh release edit "${{ inputs.tag }}" --draft=false --latest
fi

- name: Cleanup draft release on failure
Expand All @@ -176,26 +174,25 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release delete "${{ inputs.tag }}" --cleanup-tag --yes || true

notify:
name: Update Teams & JIRA About New Release
if: inputs.dev == false && 1 == 0
needs: build
uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
with:
product_name: CLI
release_version: ${{ inputs.tag }}
cli_release_version: ""
release_author: "Sypher Team"
release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
jira_product_name: ASTCLI
secrets: inherit
#notify:
# name: Update Teams & JIRA About New Release
# if: inputs.dev == false && 1 == 0
# needs: build
# uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main
# with:
# product_name: CLI
# release_version: ${{ inputs.tag }}
# cli_release_version: ""
# release_author: "Sypher Team"
# release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
# jira_product_name: ASTCLI
# secrets: inherit

dispatch_auto_release:
name: Update Plugins With new Cli Version
if: inputs.dev == false && 1 == 0
needs: notify
#needs: notify
uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main
with:
cli_version: ${{ inputs.tag }}
secrets: inherit

20 changes: 10 additions & 10 deletions .goreleaser-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@ builds:
- -s
- -w
- -X github.com/checkmarx/ast-cli/internal/params.Version={{.Version}}
hooks:
post:
- cmd: bash .github/scripts/signing_win.sh dist/cx_windows_amd64_v1/cx.exe {{.Os}} || true
output: true
env:
- SIGNING_REMOTE_SSH_USER={{ .Env.SIGNING_REMOTE_SSH_USER }}
- SIGNING_REMOTE_SSH_HOST={{ .Env.SIGNING_REMOTE_SSH_HOST }}
- SIGNING_HSM_CREDS={{ .Env.SIGNING_HSM_CREDS }}
- SIGNING_REMOTE_SSH_PRIVATE_KEY={{ .Env.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
# hooks:
# post:
# - cmd: bash .github/scripts/signing_win.sh dist/cx_windows_amd64_v1/cx.exe {{.Os}}
# output: true
# env:
# - SIGNING_REMOTE_SSH_USER={{ .Env.SIGNING_REMOTE_SSH_USER }}
# - SIGNING_REMOTE_SSH_HOST={{ .Env.SIGNING_REMOTE_SSH_HOST }}
# - SIGNING_HSM_CREDS={{ .Env.SIGNING_HSM_CREDS }}
# - SIGNING_REMOTE_SSH_PRIVATE_KEY={{ .Env.SIGNING_REMOTE_SSH_PRIVATE_KEY }}

- main: ./cmd/main.go
env:
Expand Down Expand Up @@ -97,4 +97,4 @@ blobs:

changelog:
use: github-native


Loading