I'm working on implementing Checkmarx scans in our code repository. I'm using Jenkins and the CheckMarx plugin to accomplish this task. There are some folders I want to exclude from the scan; referencing the Jenkins plugin documentation it seems like all I have to do is add the folder names in the 'excludeFolders' field. However that doesn't appear to work, or maybe I don't have the value entered correctly.
I've tried '/test', 'test/', '!/test//*' but none work and the folder is still registered and zipped before it is uploaded to our CheckMarx server.
Below is what I have in my pipeline:
stage("Running CheckMarks for Layer"){
steps{
script{
def layer_dir = readFile file: 'layer-list'
def layer_list = layer_dir.split('\\r?\\n')
println (layer_list)
layer_list.each { layer ->
print (layer)
dir("${env.WORKSPACE}/layers/layer-name/$layer"){
step([
$class: 'CxScanBuilder',
comment: 'Layer scanning',
credentialsId: 'XXXX',
excludeFolders: 'test',
exclusionsSetting: 'global',
failBuildOnNewResults: false,
failBuildOnNewSeverity: 'MEDIUM',
filterPattern: '''!**/_cvs/**/*, !Checkmarx/Reports/*.*''',
fullScanCycle: 10,
incremental: true,
fullScansScheduled: true,
generatePdfReport: true,
preset: '36',
teamPath: "\\path\\to\\codebase",
projectName: "$layer",
sastEnabled: true,
sourceEncoding: '1',
vulnerabilityThresholdResult: 'FAILURE',
waitForResultsEnabled: true
])
}
}
}
}
}
Any suggestions on how to exclude the 'test' folder?
If you are running on Windows you need to use the following pattern: !**\\test\\**\\*
On Linux: !**/test/**/*