Update CodeQL scan scripts, and add Contrast CodeSec and Snyk SAST scripts.

davewichers · davewichers · commit 74a165b9da18 · 2024-03-28T14:22:28.000-04:00
diff --git a/scripts/runCodeQL.sh b/scripts/runCodeQL.sh
@@ -11,5 +11,6 @@
 
 
 # This then runs the codeql scan:
-../../tools/codeql-home/codeql/codeql database analyze owasp-benchmark java-code-scanning.qls --format=sarifv2.1.0 --output=results/Benchmark_1.2-codeql_java-code-scanning_qls.sarif
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+../../tools/codeql-home/codeql/codeql database analyze owasp-benchmark java-code-scanning.qls --format=sarifv2.1.0 --output=results/Benchmark_$benchmark_version-codeql_java-code-scanning_qls.sarif
 
diff --git a/scripts/runCodeQLFull.sh b/scripts/runCodeQLFull.sh
@@ -8,5 +8,6 @@
 # This script assumes the owasp-benchmark database has already been initialized by running this first:
 # ../../Tools/codeql-home/codeql/codeql database create owasp-benchmark --language=java
 #../../Tools/codeql-home/codeql/codeql database analyze owasp-benchmark java-security-extended.qls --format=sarifv2.1.0 --output=results/Benchmark_1.2-codeql_java-security-extended.sarif
-../../Tools/codeql-home/codeql/codeql database analyze owasp-benchmark java-security-and-quality.qls --format=sarifv2.1.0 --output=results/Benchmark_1.2-codeql_java-security-and-quality.sarif
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+../../Tools/codeql-home/codeql/codeql database analyze owasp-benchmark java-security-and-quality.qls --format=sarifv2.1.0 --output=results/Benchmark_$benchmark_version-codeql_java-security-and-quality.sarif
 
diff --git a/scripts/runContrastCodeSec.sh b/scripts/runContrastCodeSec.sh
@@ -0,0 +1,6 @@
+# Note: you have to do 'contrast auth' first, and successfully authenticate before you can run this.
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+
+contrast scan -f target/benchmark.war --save
+mv results.sarif results/Benchmark_$benchmark_version-ContrastCodeSec.sarif
+
diff --git a/scripts/runSnykSAST.sh b/scripts/runSnykSAST.sh
@@ -0,0 +1,4 @@
+# Install Snyk per: https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+snyk code test --json-file-output=results/Benchmark_$benchmark_version-snykCodeCli.json
+
diff --git a/scripts/verifyBenchmarkPluginAvailable.sh b/scripts/verifyBenchmarkPluginAvailable.sh
@@ -1,5 +1,5 @@
 # Verify the benchmarkutils plugin is installed. And if not, explain how to install it
-mvn -Djava.awt.headless=true -Dplugin=org.owasp:benchmarkutils-maven-plugin help:describe 2>&1 >/dev/null
+mvn -Dplugin=org.owasp:benchmarkutils-maven-plugin help:describe 2>&1 >/dev/null
 
 if [ $? -ne 0 ]
 then
