I have a bamboo plan with Checkmarx plugin . The CxSAST scan is working fine , scanning the code and giving the scan report, but CxOSA scan is not taking place I guess. The scan for CxOSA says 0 libraries were analyzed though I am using a lot of open source JS libraries like lodash, Jquery , etc. I went through the docs as well , but with little luck. I am pretty new to Checkmarx, any help is appreciated. Here is the CxOSA related config that I am using in my Bamboo PlanSpec.java file :
.put("cxOsaArchiveIncludePatterns", "*.zip, *.war, *.ear, *.tgz")
.put("osaEnabled", "true")
So it seems I have the answer. There are several key value pairs that we need to set as part of checkmarx configuration. Initially, I had deleted some keys whose values were an empty string. And of those key was cxOsaFilterPatterns. When I added this key with an empty string value, Checkmarx started scanning the CxOSA part .
For reference , you can use this piece of code as configuration .
("serverCredentialsSection", "globalConfigurationServer")
("projectName", "Your project name")
("teamPathName", "Your team name")
("teamPathId", "Your team id")
("serverUrl", "Checkmarx server URL")
("username", "Checkmarx username")
("password", "Checkmarx password")
("presetName", "Checkmarx Default")
("cxSastSection", "customConfigurationCxSAST")
("folderExclusions", "node_modules")
("filterPatterns","!**/_cvs/**/*, !**/.svn/**/*, !**/.hg/**/*, !**/.git/**/*, !**/.bzr/**/*, !**/bin/**/*,!**/obj/**/*, !**/backup/**/*, !**/.idea/**/*, !**/*.DS_Store)
("isIncremental", "true")
("generatePDFReport", "true")
("intervalBegins", "01:00")
("intervalEnds", "04:00")
("osaEnabled", "true")
("cxOsaFilterPatterns", "")
("cxOsaArchiveIncludePatterns", "*.zip, *.war, *.ear, *.tgz")
("scanControlSection", "globalConfigurationControl")
("isSynchronous", "true")
("presetId", "36")