You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pull/merge request doesn't return error/success immediately if scan already exists for same project, stalling the PR if block-merge is true, keeping it in pending status.
Expected Behavior
CxFlow should send a check fail on a "Active scan with ID XXXXXXXX already exists" error so the scan fails and enables the Merge Request button. Also, a Markdown comment with the reason could be sent out before it sends the check fail, with a clear message with something like "CxSAST scan still ongoing for this project, please close the PR and reopen when the scan ends it's ready".
Actual Behavior
When creating a pull/merge request right after a push for the same project on Github, if the request to create a scan fails on an already existing project error, the PR will stay indefinitely waiting in pending status for a scan update from CxFlow.
CxFlow error output archetype:
com.checkmarx.sdk.exception.CheckmarxException: Active Scan with Id XXXXXXXX already exists for Project: YY at com.checkmarx.flow.service.SastScanner.scan(SastScanner.java:86)
This becomes worse if block-merge is "true" and/or if there's a branch rule that requires the scan to succeed with no vulnerabilities to enable the Merge button, since it will not be possible to merge while the fail/succeed status check isn't received by GitHub for that PR.
Reproduction
Requirements:
Have block-merge: true set in the application.yml config file as a github: property and/or a branch rule requiring a "checkmarx" status to be received;
Create a branch allowed on the branches: in the application.yml config file;
Immediately create a new branch on the branch created in action nº 2.;
Make a change on the new branch;
Create a pull-request to merge on the branch created in action nº 2.;
Check if Github is waiting for the outcome of the scan
Check the CxFlow for an "Active Scan with Id XXXXXXXX already exists for Project: YY" error.
PR will stay indefinitely waiting in pending status for a scan result.
Environment Details
CxSAST 8.9 HF24 on windows 10
CxFlow 1.6.3 running on Windows 10
Github.com - online
ngrok 2.3.35
The text was updated successfully, but these errors were encountered:
@cx-scord , the bugfix has been done.
Also, just to make you aware, we also have a property called 'scan-resubmit' available under the cxflow block. If this is set to true, any existing ongoing scan (for the same project) will be canceled and a new scan will be submitted.
CxFlow will now post a comment if it encounters any ongoing scan for the same project and will update the status of PR accordingly. The PR will not remain blocked anymore as originally stated in the bug description.
Description
Pull/merge request doesn't return error/success immediately if scan already exists for same project, stalling the PR if
block-merge
is true, keeping it in pending status.Expected Behavior
CxFlow should send a check fail on a "Active scan with ID XXXXXXXX already exists" error so the scan fails and enables the Merge Request button. Also, a Markdown comment with the reason could be sent out before it sends the check fail, with a clear message with something like "CxSAST scan still ongoing for this project, please close the PR and reopen when the scan ends it's ready".
Actual Behavior
When creating a pull/merge request right after a push for the same project on Github, if the request to create a scan fails on an already existing project error, the PR will stay indefinitely waiting in pending status for a scan update from CxFlow.
CxFlow error output archetype:
com.checkmarx.sdk.exception.CheckmarxException: Active Scan with Id XXXXXXXX already exists for Project: YY at com.checkmarx.flow.service.SastScanner.scan(SastScanner.java:86)
This becomes worse if
block-merge
is "true" and/or if there's a branch rule that requires the scan to succeed with no vulnerabilities to enable the Merge button, since it will not be possible to merge while the fail/succeed status check isn't received by GitHub for that PR.Reproduction
Requirements:
block-merge: true
set in the application.yml config file as agithub:
property and/or a branch rule requiring a "checkmarx" status to be received;branches:
in the application.yml config file;Environment Details
The text was updated successfully, but these errors were encountered: