Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
83 commits
Select commit Hold shift + click to select a range
e30a441
Fix KICS container shutdown race condition and add OneAssist license …
cx-atish-jadhav May 26, 2026
e7356a7
Integrate file updates: SARIF enhancements, filters expansion, and pr…
cx-atish-jadhav May 26, 2026
b70b80a
Fix SCA vulnerabilities: update dependencies to patched versions
cx-atish-jadhav May 27, 2026
65f4dd0
Fix additional SCA vulnerabilities: containerd, golang.org/x/image, a…
cx-atish-jadhav May 27, 2026
e4e3aad
Fix k8s.io/kubectl version mismatch after SCA dependency upgrades
cx-atish-jadhav May 27, 2026
8249fe4
create CLAUDE.md file for ast-cli repo
cx-atish-jadhav May 28, 2026
ccb12ae
Updated filters.go
cx-atish-jadhav May 28, 2026
b6c006b
fix failing unit test case
cx-atish-jadhav May 28, 2026
2d38f62
trivy and integration check fixes
cx-atish-jadhav May 28, 2026
47eee87
CVE-2026-33813: fixing cxone scan vulnerability
cx-atish-jadhav May 28, 2026
f2eb1ad
Fix CVE vulnerabilities and lint issues
cx-atish-jadhav May 28, 2026
129ef8c
Override transitive golang.org/x/image and update config
cx-atish-jadhav May 29, 2026
1095e95
Fix KICS container shutdown race condition and add OneAssist license …
cx-atish-jadhav May 26, 2026
ad9ed06
Integrate file updates: SARIF enhancements, filters expansion, and pr…
cx-atish-jadhav May 26, 2026
820681b
Fix SCA vulnerabilities: update dependencies to patched versions
cx-atish-jadhav May 27, 2026
28c1d8f
Fix additional SCA vulnerabilities: containerd, golang.org/x/image, a…
cx-atish-jadhav May 27, 2026
c1a7a8b
Fix k8s.io/kubectl version mismatch after SCA dependency upgrades
cx-atish-jadhav May 27, 2026
df1be10
create CLAUDE.md file for ast-cli repo
cx-atish-jadhav May 28, 2026
92a7fe6
Updated filters.go
cx-atish-jadhav May 28, 2026
18dc8d1
fix failing unit test case
cx-atish-jadhav May 28, 2026
6808413
trivy and integration check fixes
cx-atish-jadhav May 28, 2026
780b52e
CVE-2026-33813: fixing cxone scan vulnerability
cx-atish-jadhav May 28, 2026
787783a
Fix CVE vulnerabilities and lint issues
cx-atish-jadhav May 28, 2026
1f068eb
Override transitive golang.org/x/image and update config
cx-atish-jadhav May 29, 2026
85c6850
Merge branch 'other/release-integration' of https://github.com/Checkm…
cx-atish-jadhav Jun 2, 2026
b99b734
Vulnerability fixes and ci changes
cx-atish-jadhav Jun 2, 2026
c7a8e92
Fix transitive CVE vulnerabilities without go mod tidy
cx-atish-jadhav Jun 2, 2026
0164e15
Added harden runner
cx-atish-jadhav Jun 8, 2026
edfdfb6
Merge branch 'main' into other/release-integration
cx-atish-jadhav Jun 8, 2026
12e4e48
release workflow - comment out notify step
cx-luis-ventuzelos Jun 8, 2026
f933d72
Commenting the signing logic from dev-release
cx-atish-jadhav Jun 8, 2026
1245a3e
Add ignore vulnerability command and related functionality
cx-amol-mane Jun 9, 2026
f9e8694
Cx-One scan fixes for crypto
cx-atish-jadhav Jun 9, 2026
8a79767
Revert golang.org/x/crypto upgrade (v0.51.0 also vulnerable)
cx-atish-jadhav Jun 9, 2026
b433ed4
Merge branch 'other/release-integration' into feature/AST-157915-igno…
cx-amol-mane Jun 9, 2026
1cb481b
Hooks related changes (#3)
cx-kedar-bhujade Jun 9, 2026
d2efda0
Merge remote-tracking branch 'origin/feature/AST-157915-ignore-vulner…
cx-amol-mane Jun 9, 2026
11c0544
Refactor ASCA scan file handling and improve messaging
cx-amol-mane Jun 9, 2026
7feee0a
Add SCA hooks guardrail alongside ASCA
cx-mor-levy Jun 10, 2026
5372bbc
Integrate ignore-vulnerability command into ASCA and SCA hooks
cx-mor-levy Jun 10, 2026
a00769a
Squashed commit of the following:
cx-atish-jadhav Jun 11, 2026
a965565
Size reduction changes
cx-atish-jadhav Jun 11, 2026
848e7cf
Implement OAuth login and logout commands with session management
cx-amol-mane Jun 18, 2026
e0b425b
Fix SCA bypass on CRLF/LF line-ending mismatch (#7)
cx-kedar-bhujade Jun 19, 2026
53811fd
copilot-changes (#8)
cx-hitesh-madgulkar Jun 19, 2026
1718452
Bump ast-cx-hooks to v1.0.3
cx-kedar-bhujade Jun 19, 2026
22eb698
Resolve realtime ignore file from hook event WorkDir, not process CWD…
cx-kedar-bhujade Jun 22, 2026
142b0f0
config
cx-amol-mane Jun 22, 2026
c02ed25
Add MCP bridge command for proxying stdio to Checkmarx Security MCP
cx-amol-mane Jun 23, 2026
d500887
Enhance MCP bridge functionality and testing
cx-amol-mane Jun 25, 2026
bb823cf
Feature/telemetry (#12)
cx-hitesh-madgulkar Jun 30, 2026
46fa45c
Add OAuth PKCE improvements, HTTP client enhancements, and test coverage
cx-kedar-bhujade Jul 1, 2026
dd1d042
Merge branch 'feature/asca' into feature/oauth-check
cx-kedar-bhujade Jul 1, 2026
337cc2a
Update pre_commit_test.go
cx-kedar-bhujade Jul 1, 2026
7c64c95
Reverted Logging changes
cx-kedar-bhujade Jul 1, 2026
de95487
Enhance auth login command and improve security measures (#16)
cx-amol-mane Jul 2, 2026
0d7d100
Update release.yml
cx-kedar-bhujade Jul 2, 2026
f45abf3
AST-158636 - Add KICS IaC guardrail to agent hooks (#11)
cx-avi-sabzerou Jul 2, 2026
38aa69a
Hooks related changes (#3)
cx-kedar-bhujade Jun 9, 2026
5eb7919
Add ignore vulnerability command and related functionality
cx-amol-mane Jun 9, 2026
670d71a
Refactor ASCA scan file handling and improve messaging
cx-amol-mane Jun 9, 2026
7d337c6
Add SCA hooks guardrail alongside ASCA
cx-mor-levy Jun 10, 2026
0a19e1c
Integrate ignore-vulnerability command into ASCA and SCA hooks
cx-mor-levy Jun 10, 2026
c0c073f
Implement OAuth login and logout commands with session management
cx-amol-mane Jun 18, 2026
ccd414f
config
cx-amol-mane Jun 22, 2026
877690b
Add MCP bridge command for proxying stdio to Checkmarx Security MCP
cx-amol-mane Jun 23, 2026
6141f4f
Enhance MCP bridge functionality and testing
cx-amol-mane Jun 25, 2026
627ba1e
Feature/telemetry (#12)
cx-hitesh-madgulkar Jun 30, 2026
9d896ff
Add OAuth PKCE improvements, HTTP client enhancements, and test coverage
cx-kedar-bhujade Jul 1, 2026
8dcc521
copilot-changes (#8)
cx-hitesh-madgulkar Jun 19, 2026
2068676
Bump ast-cx-hooks to v1.0.3
cx-kedar-bhujade Jun 19, 2026
cc7237e
Resolve realtime ignore file from hook event WorkDir, not process CWD…
cx-kedar-bhujade Jun 22, 2026
cf9ad68
Reverted Logging changes
cx-kedar-bhujade Jul 1, 2026
8267a6a
Enhance auth login command and improve security measures (#16)
cx-amol-mane Jul 2, 2026
0448584
Update release.yml
cx-kedar-bhujade Jul 2, 2026
b63f7ab
AST-158636 - Add KICS IaC guardrail to agent hooks (#11)
cx-avi-sabzerou Jul 2, 2026
1d6ba8e
Merge branch 'other/release-integration' into feature/oauth-check
cx-aniket-shinde Jul 2, 2026
ce2f76c
combining all changes
cx-atish-jadhav Jul 2, 2026
1255c48
Merge other/integration-main into feature/oauth-check
cx-atish-jadhav Jul 2, 2026
bdf085d
Fixing the go build issue
cx-atish-jadhav Jul 2, 2026
8b7874b
Squashed commit of the following:
cx-atish-jadhav Jul 3, 2026
01dff0d
Merge branch 'main' into feature/oauth-check
cx-atish-jadhav Jul 3, 2026
80e945d
bug fix
cx-atish-jadhav Jul 3, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,43 @@ on:
required: false
default: true
type: boolean
secrets:
AC_PASSWORD:
required: true
AC_USER:
required: true
APPLE_DEVELOPER_CERTIFICATE_P12_BASE64:
required: true
APPLE_DEVELOPER_CERTIFICATE_PASSWORD:
required: true
AWS_ASSUME_ROLE_ARN:
required: true
AWS_ASSUME_ROLE_REGION:
required: true
COSIGN_PASSWORD:
required: true
COSIGN_PRIVATE_KEY:
required: true
COSIGN_PUBLIC_KEY:
required: true
DOCKER_PASSWORD:
required: true
DOCKER_USERNAME:
required: true
PERSONAL_ACCESS_TOKEN:
required: true
S3_BUCKET_NAME:
required: true
S3_BUCKET_REGION:
required: true
SIGNING_HSM_CREDS:
required: true
SIGNING_REMOTE_SSH_HOST:
required: true
SIGNING_REMOTE_SSH_PRIVATE_KEY:
required: true
SIGNING_REMOTE_SSH_USER:
required: true
workflow_dispatch:
inputs:
tag:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
*.exe
*.exe~
*.dll
/cx
*.so
*.dylib

Expand Down
1 change: 1 addition & 0 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ func main() {
bindKeysToEnvAndDefault()
err = configuration.LoadConfiguration()
exitIfError(err)
wrappers.LoadActiveCredential()
scans := viper.GetString(params.ScansPathKey)
groups := viper.GetString(params.GroupsPathKey)
logs := viper.GetString(params.LogsPathKey)
Expand Down
10 changes: 8 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,19 @@ require (
github.com/Checkmarx/gen-ai-wrapper v1.0.3
github.com/Checkmarx/manifest-parser v0.1.3
github.com/Checkmarx/secret-detection v1.2.1
github.com/CheckmarxDev/ast-cx-hooks v1.0.3
github.com/MakeNowJust/heredoc v1.0.0
github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74
github.com/bouk/monkey v1.0.0
github.com/checkmarx/2ms/v3 v3.21.0
github.com/gofrs/flock v0.13.0
github.com/golang-jwt/jwt/v5 v5.3.0
github.com/golang-jwt/jwt/v5 v5.3.1
github.com/gomarkdown/markdown v0.0.0-20260417124207-7d523f7318df
github.com/google/uuid v1.6.0
github.com/gookit/color v1.6.0
github.com/jcmturner/gokrb5/v8 v8.4.4
github.com/jsumners/go-getport v1.0.0
github.com/modelcontextprotocol/go-sdk v1.6.1
github.com/mssola/user_agent v0.6.0
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.10.2
Expand Down Expand Up @@ -50,6 +52,7 @@ require (
github.com/docker/go-events v0.0.0-20250808211157-605354379745 // indirect
github.com/edsrzf/mmap-go v1.2.0 // indirect
github.com/golang/snappy v1.0.0 // indirect
github.com/google/jsonschema-go v0.4.3 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/knqyf263/go-rpmdb v0.1.1 // indirect
github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
Expand All @@ -60,6 +63,9 @@ require (
github.com/prometheus/procfs v0.20.1 // indirect
github.com/saferwall/pe v1.5.6 // indirect
github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d // indirect
github.com/segmentio/asm v1.1.3 // indirect
github.com/segmentio/encoding v0.5.4 // indirect
github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect
)

Expand Down Expand Up @@ -103,7 +109,7 @@ require (
github.com/becheran/wildmatch-go v1.0.0 // indirect
github.com/bitnami/go-version v0.0.0-20250324202741-04b9d491e744 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/bmatcuk/doublestar/v4 v4.10.0 // indirect
github.com/bmatcuk/doublestar/v4 v4.10.0
github.com/bwmarrin/discordgo v0.27.1 // indirect
github.com/chai2010/gettext-go v1.0.3 // indirect
github.com/charmbracelet/colorprofile v0.4.1 // indirect
Expand Down
16 changes: 14 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ github.com/Checkmarx/manifest-parser v0.1.3 h1:cr+q7QkbkoCsoA5nQnv1/Pp23jnKWBePA
github.com/Checkmarx/manifest-parser v0.1.3/go.mod h1:hh5FX5FdDieU8CKQEkged4hfOaSylpJzub8PRFXa4kA=
github.com/Checkmarx/secret-detection v1.2.1 h1:Hzpz74dcN/L14Q86ARvPOZpKBnERzGTpy6sl1RXKOTo=
github.com/Checkmarx/secret-detection v1.2.1/go.mod h1:kbXbtIQisDdB/TNuV7r9HPclEznUyBHLQ5yr7IX7vBQ=
github.com/CheckmarxDev/ast-cx-hooks v1.0.3 h1:zMz6Ony8iWgKqjgUFvYhhqm5dr29sEO6r2pBl7fi/OM=
github.com/CheckmarxDev/ast-cx-hooks v1.0.3/go.mod h1:BNFcjgHhjxiPnKGHqiaWQycMMrkeT+DqokG/l7d9gs8=
github.com/CycloneDX/cyclonedx-go v0.10.0 h1:7xyklU7YD+CUyGzSFIARG18NYLsKVn4QFg04qSsu+7Y=
github.com/CycloneDX/cyclonedx-go v0.10.0/go.mod h1:vUvbCXQsEm48OI6oOlanxstwNByXjCZ2wuleUlwGEO8=
github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
Expand Down Expand Up @@ -438,8 +440,8 @@ github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
Expand Down Expand Up @@ -503,6 +505,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
github.com/google/go-containerregistry v0.21.5 h1:KTJG9Pn/jC0VdZR6ctV3/jcN+q6/Iqlx0sTVz3ywZlM=
github.com/google/go-containerregistry v0.21.5/go.mod h1:ySvMuiWg+dOsRW0Hw8GYwfMwBlNRTmpYBFJPlkco5zU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/jsonschema-go v0.4.3 h1:/DBOLZTfDow7pe2GmaJNhltueGTtDKICi8V8p+DQPd0=
github.com/google/jsonschema-go v0.4.3/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
github.com/google/licensecheck v0.3.1 h1:QoxgoDkaeC4nFrtGN1jV7IPmDCHFNIVh54e5hSt6sPs=
github.com/google/licensecheck v0.3.1/go.mod h1:ORkR35t/JjW+emNKtfJDII0zlciG9JgbT7SmsohlHmY=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
Expand Down Expand Up @@ -760,6 +764,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
github.com/modelcontextprotocol/go-sdk v1.6.1 h1:0zOSupjKUxPKSocPT1Wtago+mUHU2/uZ4xSOY0FGReU=
github.com/modelcontextprotocol/go-sdk v1.6.1/go.mod h1:kzm3kzFL1/+AziGOE0nUs3gvPoNxMCvkxokMkuFapXQ=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
Expand Down Expand Up @@ -901,6 +907,10 @@ github.com/sebdah/goldie/v2 v2.8.0 h1:dZb9wR8q5++oplmEiJT+U/5KyotVD+HNGCAc5gNr8r
github.com/sebdah/goldie/v2 v2.8.0/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d h1:RQqyEogx5J6wPdoxqL132b100j8KjcVHO1c0KLRoIhc=
github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d/go.mod h1:PegD7EVqlN88z7TpCqH92hHP+GBpfomGCCnw1PFtNOA=
github.com/segmentio/asm v1.1.3 h1:WM03sfUOENvvKexOLp+pCqgb/WDjsi7EK8gIsICtzhc=
github.com/segmentio/asm v1.1.3/go.mod h1:Ld3L4ZXGNcSLRg4JBsZ3//1+f/TjYl0Mzen/DQy1EJg=
github.com/segmentio/encoding v0.5.4 h1:OW1VRern8Nw6ITAtwSZ7Idrl3MXCFwXHPgqESYfvNt0=
github.com/segmentio/encoding v0.5.4/go.mod h1:HS1ZKa3kSN32ZHVZ7ZLPLXWvOVIiZtyJnO1gPH1sKt0=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
Expand Down Expand Up @@ -1006,6 +1016,8 @@ github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavM
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
Expand Down
Loading
Loading