Update checkmarx/ast-github-action digest to d6aa631

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
checkmarx/ast-github-action	action	digest	8e887bb -> d6aa631

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

This code change introduces a GitHub Actions workflow that integrates the Checkmarx One security testing platform into the repository. The workflow is configured to automatically trigger a Checkmarx One security scan whenever a pull request is opened, reopened, or synchronized. The scan results are then generated in the SARIF format and uploaded to GitHub, allowing for better visibility and integration with other security tools and workflows.

From an application security perspective, this is a positive step towards improving the security of the application. Integrating Checkmarx One into the GitHub workflow ensures that security vulnerabilities are identified and addressed early in the development process, which can help reduce the risk of introducing security issues into the production environment. The use of the SARIF format for reporting the scan results also aligns with industry best practices for secure software development.

Files Changed:

• .github/workflows/checkmarx-one.yml: This file is a GitHub Actions workflow that triggers a Checkmarx One security scan on the repository whenever a pull request is opened, reopened, or synchronized. The workflow is configured to use the Checkmarx One CLI tool to create a zip archive of the source code and upload it to Checkmarx One for scanning. The scan is customized using various input parameters, such as the Checkmarx One base URI, client ID, client secret, and tenant. The workflow is also configured to generate a SARIF file containing the scan results and upload it to GitHub using the github/codeql-action/upload-sarif action.

Powered by DryRun Security

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Hard-Coded Secrets (1)

Severity	Details	Docs
Medium	Title: Github Key scsctl/.github/workflows/checkmarx-one.yml Line 44 in 1c953a0 uses: checkmarx/ast-github-action@7039b1245ad1d3960d44aa7c8a3517639fe7816b	📚

More info on how to fix Hard-Coded Secrets in General.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[dryrunsecurity]

No security concerns detected in this pull request.

---

All finding details can be found in the DryRun Security Dashboard.