Checkmarx action fails with "web service is not available"

Question

Checkmarx action fails with "web service is not available"

jose-antony-by opened this issue 4 years ago · comments

We've been using checkmarx-github-action for the last couple of months successfully. Starting today, we are getting the following error when running the action:
Failed to validate server connectivity: Cx web service is not available at ***

Workflow File

      - name: Checkmarx Action
        id: cx
        uses: checkmarx-ts/checkmarx-github-action@v1.0.3
        with:
          cxServer: ${{ secrets.CHECKMARX_SERVICE_URL }}
          cxUsername: ${{ secrets.CHECKMARX_USER }}
          cxPassword: ${{ secrets.CHECKMARX_PASSWORD }}
          cxIncremental: true
          cxAction: AsyncScan
          cxTeam: \CxServer\TeamName

Logs

[START] Read Inputs...
cxSkipIfFail : false
cxAction: AsyncScan
cxServer : ***
cxVersion : 8.9
cxTrustedCertificates : false
cxToken was not provided
cxUsername : ***
cxTeam : \CxServer\TeamName
cxProject was not provided
Default value will be used for cxProject : repo-name-branch
cxPreset : Checkmarx Default
cxConfiguration : Default Configuration
cxExcludeFolders was not provided
Default value will be used for cxExcludeFolders : cxcli,test,tests,mock,mocks,spec,unit,debug,e2e,androidTest,build,dist,deploy,venv,maven,gradle,target,example,examples,samples,bin,gen,out,docs,proguard,lint,images,swagger,coverage,generated,.vs,.idea,.temp,.tmp,.grunt,.cache,.dynamodb,.fusebox,.serverless,.nyc_output,.git,.github,.dependabot,.semaphore,.circleci,.vscode,.nuget,.mvn,.m2,.DS_Store,.sass-cache,.gradle,__pycache__,.pytest_cache,.settings,res/color*,res/drawable*,res/mipmap*,res/anim*,*imageset,xcuserdata,xcshareddata,*xcassets,*appiconset,*xcodeproj,*framework,*lproj,__MACOSX,css,react,yui,node_modules,jquery*,angular*,bootstrap*,modernizr*,bower_components,jspm_packages,typings,dojo,package,packages,vendor,xjs
cxExcludeFiles was not provided
Default value will be used for cxExcludeFiles : **/*.min.js,**/*.spec,**/*.spec.*,**/*Test.*,**/Test*,**/test*,**/*Mock*,**/Mock*,**/package-lock.json,**/LICENSE,**/*.md,**/.gitignore,**/.npmignore,**/.editorconfig,**/*.pdf,**/*.markdown,**/*.db,**/*.apk,**/*.ipa,**/*.ico,**/*.sh,**/*.bat,**/*.ps1,**/*.svg,**/*.zip
cxComment was not provided
Default value will be used for cxComment : git branch@1412fb94cf0a043ca10ec5380d780f0fd7054520
cxHigh was not provided
cxMedium was not provided
cxLow was not provided
cxForceScan : false
cxIncremental : true
cxPrivate : false
cxReportXML was not provided
cxReportPDF was not provided
cxReportRTF was not provided
cxReportCSV was not provided
cxGithubIssues : false
No cxLog valid input provided
cxVerbose : true
[END] Read Inputs...

[START] Download Checkmarx CLI from https://download.checkmarx.com/8.9.0/Plugins/CxConsolePlugin-8.90.2.zip...
Checkmarx CLI does not exist in the path. Trying to download...

[command]/usr/bin/curl -s https://download.checkmarx.com/8.9.0/Plugins/CxConsolePlugin-8.90.2.zip -L -o cxcli.zip
[command]/usr/bin/unzip -q cxcli.zip
[command]/usr/bin/rm -rf cxcli.zip
[command]/usr/bin/mv CxConsolePlugin-8.90.2 cxcli
[command]/usr/bin/rm -rf ./cxcli/Examples
[command]/usr/bin/chmod +x ./cxcli/runCxConsole.sh

[END] Download Checkmarx CLI...

[command]cxcli/runCxConsole.sh AsyncScan -CxServer *** -CxUser *** -CxPassword *** -ProjectName \CxServer\Team\repo-name-branch -preset Checkmarx Default -LocationType folder -LocationPath /folder-location -Configuration Default Configuration -LocationPathExclude cxcli,test,tests,mock,mocks,spec,unit,debug,e2e,androidTest,build,dist,deploy,venv,maven,gradle,target,example,examples,samples,bin,gen,out,docs,proguard,lint,images,swagger,coverage,generated,.vs,.idea,.temp,.tmp,.grunt,.cache,.dynamodb,.fusebox,.serverless,.nyc_output,.git,.github,.dependabot,.semaphore,.circleci,.vscode,.nuget,.mvn,.m2,.DS_Store,.sass-cache,.gradle,__pycache__,.pytest_cache,.settings,res/color*,res/drawable*,res/mipmap*,res/anim*,*imageset,xcuserdata,xcshareddata,*xcassets,*appiconset,*xcodeproj,*framework,*lproj,__MACOSX,css,react,yui,node_modules,jquery*,angular*,bootstrap*,modernizr*,bower_components,jspm_packages,typings,dojo,package,packages,vendor,xjs -Incremental -Comment git branch@1412fb94cf0a043ca10ec5380d780f0fd7054520 -v
[2020-09-08 20:08:44,525 INFO ] Verbose mode is activated. All messages and events will be sent to the console or log file.
[2020-09-08 20:08:44,529 INFO ] CxConsole version 8.90.2
[2020-09-08 20:08:44,530 INFO ] CxConsole scan session started
[2020-09-08 20:08:44,530 INFO ] 
[2020-09-08 20:08:44,724 INFO ] Command line parameters were checked successfully
[2020-09-08 20:08:45,018 ERROR] Failed to validate server connectivity: Cx web service is not available at: ***
[2020-09-08 20:08:45,019 ERROR] Failure - General error occurred - error code 1
##[error]Failed to execute command : The process 'cxcli/runCxConsole.sh' failed with exit code 1

We tried to simulate what the plugin was doing and setup runCxConsole.sh in github action and the scan works.

      - name: Checkmarx CLI
        env:
          CHECKMARX_USER: ${{ secrets.CHECKMARX_USER }}
          CHECKMARX_PASSWORD: ${{ secrets.CHECKMARX_PASSWORD }}
          CHECKMARX_SERVICE_URL: ${{ secrets.CHECKMARX_SERVICE_URL }}
        run: |
          curl -s https://download.checkmarx.com/8.9.0/Plugins/CxConsolePlugin-8.90.2.zip -L -o cxcli2.zip
          unzip -q cxcli2.zip -d cxcli2
          chmod +x cxcli2/CxConsolePlugin-8.90.2/runCxConsole.sh
          cxcli2/CxConsolePlugin-8.90.2/runCxConsole.sh AsyncScan \
            -CxServer $CHECKMARX_SERVICE_URL \
            -CxUser $CHECKMARX_USER \
            -CxPassword $CHECKMARX_PASSWORD \
            -ProjectName "\CxServer\TeamName\repo-name-branch" \
            -LocationType folder \
            -LocationPath $GITHUB_WORKSPACE \
            -LocationPathExclude "cxcli,cxcli2,test,tests,mock,mocks,spec,unit,debug,e2e,androidTest,build,dist,deploy,venv,maven,gradle,target,example,examples,samples,bin,gen,out,docs,proguard,lint,images,swagger,coverage,generated,.vs,.idea,.temp,.tmp,.grunt,.cache,.dynamodb,.fusebox,.serverless,.nyc_output,.git,.github,.dependabot,.semaphore,.circleci,.vscode,.nuget,.mvn,.m2,.DS_Store,.sass-cache,.gradle,__pycache__,.pytest_cache,.settings,res/color*,res/drawable*,res/mipmap*,res/anim*,*imageset,xcuserdata,xcshareddata,*xcassets,*appiconset,*xcodeproj,*framework,*lproj,__MACOSX,css,react,yui,node_modules,jquery*,angular*,bootstrap*,modernizr*,bower_components,jspm_packages,typings,dojo,package,packages,vendor,xjs" \
            -Incremental \
            -v

^^^ works without any errors.

Trying to reach Checkmarx server, response code: 200

Not sure if github changed anything in the exec/runner and started causing this issue. Also, noticed that the node_modules were checked into this repo. Should those be checked in?

Is there anything I can check to further troubleshoot this issue?

Miguel Freitas · Answer 1 · Fri Dec 18 2020 20:46:39 GMT+0800 (China Standard Time)

@jose-antony-by what is your CxVersion ? If it is 9.X you need to use the latest version using the Action attribute cxVersion: "2020.2.18"
Usually that error happens when the Github Runner cannot reach Checkmarx Server.

Miguel Freitas · Answer 2 · Sat Feb 20 2021 05:31:03 GMT+0800 (China Standard Time)

Closing the issue due to no response