added multi-repo-whitelist-scan

README.md

@@ -18,3 +18,4 @@ Project | Description
 [cx-jenkins-lib](cx-jenkins-lib) | Jenkins Pipeline shared library example
 [svn-cx-runner](svn-cx-runner) | Utility that iterates through SVN repo, downloads Maven dependencies and creates Checkmarx projects.
 [CxSOAP-API-Examples](CxSOAP-API-Examples) | Checkmarx SOAP API Examples (8.X versions)
+[multi-repo-whitelist-scan](multi-repo-whitelist-scan) | Script to clone multiple git repos, remove unrecognized file types, and scan as one project using the CxCLI from a linux bash shell

multi-repo-whitelist-scan/README.md

@@ -0,0 +1,36 @@
+# multi-repo-whitelist-scan
+
+This script is not supported by Checkmarx and edge cases are not tested.
+
+The file bashCxCLI example uses the Checkmarx CLI to run a SAST scan on a folder that combines multiple repositiories of a whitelist of specific file extensions.
+This should be used as an example only and the repositories, & user specific values need to be replaced.
+
+Additional CxCLI commands can be found
+https://checkmarx.atlassian.net/wiki/spaces/KC/pages/44335590/CxSAST+CLI+Plugin
+
+#multirepoCxCLI.sh usage
+Complete the following as shown in bashCxCLIexample.txt
+* Install wget & unzip
+```
+git clone https://github.com/scxbush/multi-repo-whitelist-scan.git
+cd multi-repo-whitelist-scan
+```
+* Download CxCLI & unzip
+```
+wget -O ./cli.zip https://download.checkmarx.com/8.9.0/Plugins/CxConsolePlugin-8.90.2.zip && unzip ./cli.zip && rm cli.zip
+```
+* Generate the CxCLI token replacing <> with your values
+```
+sh ./CxConsolePlugin-8.90.2/runCxConsole.sh GenerateToken -v -CxUser <yourusername> -CxPassword <yourpassword> -CxServer https://<yourcxserver>
+```
+* Add the following environment variables replacing <> with your values
+  * CXSERVER=https://<mycheckmarxserver.net>
+  * CXTOKEN=<5ee933c250fca59650db60a65a3b08b4>
+  * PROJECT=<CxServer\\SP\\Company\\Users\\microservices-demo>
+    * must escape \s in linux for fully qualified project name
+* Edit the giturls.txt urls with your git repo urls
+```
+sh multirepoCxCLI.sh
+```
+
+

multi-repo-whitelist-scan/bashCxCLIexample.txt

@@ -0,0 +1,52 @@
+//multi-repo CLI Scan with whitelist
+
+//install wget & unzip
+sudo install wget
+sudo install unzip
+sudo install openjdk-8-jdk
+
+// Create an appropriate working directory and cd to it
+mkdir -p /home/username/CxCLIScan
+cd /home/username/CxCLIScan
+
+//get Checkmarx CLI & unzip
+wget -O ./cli.zip https://download.checkmarx.com/8.9.0/Plugins/CxConsolePlugin-8.90.2.zip && unzip ./cli.zip && rm cli.zip
+
+//clone repos into 1 folder
+mkdir clonefolder && cd clonefolder
+git clone https://github.com/microservices-demo/front-end.git 
+git clone https://github.com/microservices-demo/microservices-demo.github.io.git
+git clone https://github.com/microservices-demo/orders.git
+git clone https://github.com/microservices-demo/queue-master.git
+git clone https://github.com/microservices-demo/shipping.git
+git clone https://github.com/microservices-demo/carts.git
+cd ..
+
+//create scan dirctory and copy only CxSAST recognized extensions
+mkdir ScanDir
+find ./clonefolder -type f -regex ".*\.\(sln\|csproj\|cs\|xaml\|cshtml\|javasln\|project\|java\|jsp\|jspf\|xhtml\|jsf\|tld\|tag\|mf\|js\|html\|htm\|apex\|apexp\|page\|component\|cls\|trigger\|tgr\|object\|report\|workflow\|\-meta\.xml\|cpp\|c\+\+\|cxx\|hpp\|hh\|h\+\+\|hxx\|c\|cc\|h\|vb\|vbs\|asp\|bas\|frm\|cls\|dsr\|ctl\|vb\|vbp\|php\|php3\|php4\|php5\|phtm\|phtml\|tpl\|ctp\|twig\|rb\|rhtml\|rxml\|rjs\|erb\|lock\|pl\|pm\|plx\|psgi\|m\|h\|xib\|pls\|sql\|pkh\|pks\|pkb\|pck\|py\|gtl\|groovy\|gsh\|gvy\|gy\|gsp\|properties\|aspx\|asax\|ascx\|master\|config\|xml\|cgi\|inc\)" -exec cp --parents \{\} ./ScanDir \;
+rm -rf clonefolder
+
+cd CxConsolePlugin-8.9.0.2
+//replace <> with your values
+sh runCxConsole.sh GenerateToken -v -CxUser <yourusername> -CxPassword <yourpassword> -CxServer http://<yourcxserver>
+
+//replace fully qualified project name & CxToken
+sh runCxConsole.sh Scan -v -Projectname CxServer\\SP\\Company\\Users\\<yourprojectname> -CxServer https://<yourcheckmarxserver> -CxToken <yourtoken> -LocationType folder -LocationPath ../ScanDir  -locationpathexclude '*test*,*lib*,*node_modules*,*swagger*'
+
+//Clean-Up
+rm -rf ../ScanDir
+
+//Adding Variables
+vi ~/.bashrc
+//press 'i' (to go into insert mode) & add the following at the end & before comments:
+
+CXSERVER=http://172.35.0.229
+CXTOKEN=5ee933c250fca59650db60a65a3b08b4
+PROJECT=CxServer\\SP\\Company\\Research\\microservices-demo
+export CXSERVER
+export CXTOKEN
+export PROJECT
+//press 'escape' and enter ':wq'
+source ~/.bashrc
+

multi-repo-whitelist-scan/giturls.txt

@@ -0,0 +1,6 @@
+https://github.com/microservices-demo/front-end.git 
+https://github.com/microservices-demo/microservices-demo.github.io.git
+https://github.com/microservices-demo/orders.git
+https://github.com/microservices-demo/queue-master.git
+https://github.com/microservices-demo/shipping.git
+https://github.com/microservices-demo/carts.git

multi-repo-whitelist-scan/multirepoCxCLI.sh

@@ -0,0 +1,19 @@
+mkdir clonefolder && cd clonefolder
+echo "Cloning"
+file="../giturls.txt"
+lines=`cat $file`
+for line in $lines; do
+        git clone $line
+done
+cd ..
+echo "Cloning Complete"
+
+echo "Whitelisting"
+mkdir ScanDir
+find ./clonefolder -type f -regex ".*\.\(sln\|csproj\|cs\|xaml\|cshtml\|javasln\|project\|java\|jsp\|jspf\|xhtml\|jsf\|tld\|tag\|mf\|js\|html\|htm\|apex\|apexp\|page\|component\|cls\|trigger\|tgr\|object\|report\|workflow\|\-meta\.xml\|cpp\|c\+\+\|cxx\|hpp\|hh\|h\+\+\|hxx\|c\|cc\|h\|vb\|vbs\|asp\|bas\|frm\|cls\|dsr\|ctl\|vb\|vbp\|php\|php3\|php4\|php5\|phtm\|phtml\|tpl\|ctp\|twig\|rb\|rhtml\|rxml\|rjs\|erb\|lock\|pl\|pm\|plx\|psgi\|m\|h\|xib\|pls\|sql\|pkh\|pks\|pkb\|pck\|py\|gtl\|groovy\|gsh\|gvy\|gy\|gsp\|properties\|aspx\|asax\|ascx\|master\|config\|xml\|cgi\|inc\)" -exec cp --parents \{\} ./ScanDir \;
+rm -rf clonefolder
+echo "Whitelisting Complete"
+
+echo "Scanning"
+sh ./CxConsolePlugin-8.90.2/runCxConsole.sh Scan -v -Projectname "$PROJECT" -CxServer $CXSERVER -CxToken $CXTOKEN -LocationType folder -LocationPath ../ScanDir  -locationpathexclude '*test*,*lib*,*node_modules*,*swagger*'
+rm -rf ScanDir