From b49139054c4f0671a3a51bde891f78e7548eb9cb Mon Sep 17 00:00:00 2001
From: juegge <64655256+juegge@users.noreply.github.com>
Date: Thu, 14 Sep 2023 11:57:04 +0300
Subject: [PATCH 1/3] summaryHTML

---
 .github/workflows/checkmarx-one.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/checkmarx-one.yml b/.github/workflows/checkmarx-one.yml
index 7cf5d72..9ed6ffd 100644
--- a/.github/workflows/checkmarx-one.yml
+++ b/.github/workflows/checkmarx-one.yml
@@ -49,7 +49,7 @@ jobs:
           cx_client_id: ${{ secrets.AST_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_client_secret: ${{ secrets.AST_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_tenant: ${{ secrets.TENANT }} # This should be replaced by your tenant for Checkmarx One
-          additional_params:  --report-format sarif --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
+          additional_params:  --report-format sarif,summaryHTML --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2
         with:

From c3bc26cb57f04609ee94ac29e7e9e5f51eab455d Mon Sep 17 00:00:00 2001
From: juegge <64655256+juegge@users.noreply.github.com>
Date: Thu, 14 Sep 2023 12:07:42 +0300
Subject: [PATCH 2/3] no perms just sast

---
 .github/workflows/checkmarx-one.yml | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/.github/workflows/checkmarx-one.yml b/.github/workflows/checkmarx-one.yml
index 9ed6ffd..0dbe2b3 100644
--- a/.github/workflows/checkmarx-one.yml
+++ b/.github/workflows/checkmarx-one.yml
@@ -21,18 +21,11 @@ on:
     branches: [ "master" ]
   push:
     branches: [ "master" ]
-permissions:
-  contents: read
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
   build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif
-
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
@@ -49,7 +42,7 @@ jobs:
           cx_client_id: ${{ secrets.AST_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_client_secret: ${{ secrets.AST_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_tenant: ${{ secrets.TENANT }} # This should be replaced by your tenant for Checkmarx One
-          additional_params:  --report-format sarif,summaryHTML --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
+          additional_params:  --scan-types sast --report-format sarif,summaryHTML --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2
         with:

From ac8c0988dd1dfe543230004712f9f65069228427 Mon Sep 17 00:00:00 2001
From: juegge <64655256+juegge@users.noreply.github.com>
Date: Thu, 14 Sep 2023 12:46:23 +0300
Subject: [PATCH 3/3] markdown report

---
 .github/workflows/checkmarx-one.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/checkmarx-one.yml b/.github/workflows/checkmarx-one.yml
index 0dbe2b3..347aca5 100644
--- a/.github/workflows/checkmarx-one.yml
+++ b/.github/workflows/checkmarx-one.yml
@@ -42,7 +42,7 @@ jobs:
           cx_client_id: ${{ secrets.AST_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_client_secret: ${{ secrets.AST_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_tenant: ${{ secrets.TENANT }} # This should be replaced by your tenant for Checkmarx One
-          additional_params:  --scan-types sast --report-format sarif,summaryHTML --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
+          additional_params:  --scan-types sast --report-format sarif,markdown --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2
         with: