Skip to content

AST-146807: Create Claude MD file for ast-cli-java-wrapper repository#479

Open
cx-aniket-shinde wants to merge 7 commits into
mainfrom
feature/add-cloud-md
Open

AST-146807: Create Claude MD file for ast-cli-java-wrapper repository#479
cx-aniket-shinde wants to merge 7 commits into
mainfrom
feature/add-cloud-md

Conversation

@cx-aniket-shinde

Copy link
Copy Markdown
Collaborator
  • Added comprehensive Cloud.md with all essential sections:

    • Project Overview
    • Architecture and design patterns
    • Repository structure
    • Technology stack (Maven, Java 8, Jackson, Lombok, etc.)
    • Development setup and prerequisites
    • Coding standards and guidelines
    • Project rules and conventions
    • Testing strategy with JUnit 5 and code coverage
    • Known issues and limitations
  • Included recommended sections:

    • Database schema (N/A for client library)
    • External integrations (AST Platform, Maven Central)
    • Deployment information
    • Performance considerations
    • API/Endpoints/Interfaces documentation
    • Security & Access controls
    • Logging configuration
    • Debugging steps and common issues
  • Documentation follows the standardization template from epic AST-146793

- Added comprehensive Cloud.md with all essential sections:
  - Project Overview
  - Architecture and design patterns
  - Repository structure
  - Technology stack (Maven, Java 8, Jackson, Lombok, etc.)
  - Development setup and prerequisites
  - Coding standards and guidelines
  - Project rules and conventions
  - Testing strategy with JUnit 5 and code coverage
  - Known issues and limitations

- Included recommended sections:
  - Database schema (N/A for client library)
  - External integrations (AST Platform, Maven Central)
  - Deployment information
  - Performance considerations
  - API/Endpoints/Interfaces documentation
  - Security & Access controls
  - Logging configuration
  - Debugging steps and common issues

- Documentation follows the standardization template from epic AST-146793
@cx-aniket-shinde cx-aniket-shinde changed the title AST-146807: Create Cloud MD file for ast-cli-java-wrapper repository AST-146807: Create Claude MD file for ast-cli-java-wrapper repository Apr 21, 2026
cx-atish-jadhav and others added 4 commits May 29, 2026 15:13
commit 8e107dc
Author: Atish Jadhav <atish.jadhav@checkmarx.com>
Date:   Tue Jun 23 19:34:27 2026 +0530

    security: fix SCA vulnerability for JUnit (#488)

    Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com>

commit 06dafaa
Author: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com>
Date:   Mon Jun 22 12:37:18 2026 +0100

    security: harden release workflow and declare workflow_call secrets (#487)

    * security: harden release workflow and declare workflow_call secrets

    - Replace actions/checkout v4.3.1 with v6.0.3 and switch from PERSONAL_ACCESS_TOKEN to GITHUB_TOKEN
    - Fix script injection in Download CLI, Tag, Update POM, Build artifactId, and Publish steps by moving inputs to env vars
    - Replace deprecated ::set-output with $GITHUB_OUTPUT in Tag step
    - Update actions/setup-java v4.3.0 to v5.2.0
    - Add explicit secrets declaration for workflow_call (MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, OSSRH_TOKEN, OSSRH_USERNAME)
    - Fix broken shell conditional in Build artifactId property step

    * chore(gha): harden GitHub Actions workflows security

    * chore(gha): disable nightly trigger and remove pr-labeler workflow

    * chore(gha): configure echo mirror for Maven dependency resolution

commit 6661e60
Author: Atish Jadhav <141334503+cx-atish-jadhav@users.noreply.github.com>
Date:   Thu Jun 18 22:49:44 2026 +0530

    Updating ast-cli version and binaries 2.3.54 (#485)

    * Updating ast-cli version and binaries

    * Harden workflows: scope permissions, fix set-output, replace dev-drprasad, remove repository_dispatch, comment notify and spotbugs

    * Remove Maven cache from release and CI workflows

    * Add publish input to gate Maven Central deploy

    ---------

    Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com>

commit 06b449c
Author: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com>
Date:   Thu Jun 18 16:57:16 2026 +0300

    chore: remove .github/workflows/dependabot-auto-merge.yml

commit 6fb3166
Author: Ohad Israeli <243351248+cx-ohad-israeli@users.noreply.github.com>
Date:   Wed Jun 10 17:39:51 2026 +0300

    chore: remove Dependabot configuration

commit 814a504
Author: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date:   Fri May 29 21:25:57 2026 -0400

    [StepSecurity] Apply security best practices (#481)

    Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
    Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Updates the AST CLI binaries to version 2.3.55 across all platforms (Linux, Linux ARM, macOS, Windows). Switches distribution from Sonatype Central to Checkmarx's Echo repository, adds Echo repository configuration to pom.xml for dependencies and plugins, and configures Maven mirror authentication in CI/release workflows with ECHO_LIBRARIES_ACCESS_KEY secret. Also adds .vscode to gitignore.
@stepsecurity-app

Copy link
Copy Markdown
Contributor

Security Policy Alert: Secret Policy Violation

This workflow run has been blocked by StepSecurity's secrets policy because it accesses secrets and the workflow file differs from the default branch.

Secret references detected:

  • secrets.GITHUB_TOKEN at line 17
  • secrets.ECHO_LIBRARIES_ACCESS_KEY at line 39
  • secrets.CX_CLIENT_ID at line 68
  • secrets.CX_CLIENT_SECRET at line 69
  • secrets.CX_BASE_URI at line 70
  • secrets.CX_TENANT at line 71
  • secrets.CX_APIKEY at line 72

To approve this workflow, please add the workflows-approved label to this PR.

Note: The label must be added by someone other than the PR author (cx-atish-jadhav) or automation bots to ensure proper security review.

After the label is added, you can re-run the blocked workflow to proceed.

This workflow will be automatically approved once merged into the default branch.

For more information, see StepSecurity's Secret Exfiltration Policy documentation.

Comment thread .github/workflows/ci.yml Outdated
Comment thread checkmarx-ast-cli.version Outdated
Update Jackson dependency from 2.21.1 to 2.22.0 and bump CLI version to 2.3.56.

Also includes:
- Updated CLI binaries for all platforms (Linux, Linux ARM, macOS, Windows)
- Fixed Maven mirror ID in CI workflows from 'echo' to 'echo-repo' for proper dependency resolution
Make configuring the Echo Maven mirror more robust in CI and release workflows. In .github/workflows/ci.yml create ~/.m2 and write a complete settings.xml via heredoc (ensures the file exists and injects the echo-repo server/mirror using the ECHO_LIBRARIES_ACCESS_KEY secret). In .github/workflows/release.yml replace the single fragile sed with two targeted sed commands to insert the server and mirrors entries. These changes reduce brittle sed usage and avoid failures when ~/.m2/settings.xml is missing or structured differently.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants