Add workflow for Checkmarx One scan (#121)

* Add workflow for Checkmarx One scan

* Remove jar signing

As this was never used...

* Use full commit hash of cxone-plusplus-github-action

Author: james-bostock-cx

.github/workflows/checkmarx-scan.yml

@@ -0,0 +1,30 @@
+name: Checkmarx One Scan
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+    branches:
+      - develop
+jobs:
+  execute-checkmarx-scan:
+    permissions:
+      security-events: write
+      contents: read
+      pull-requests: write
+      statuses: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch Code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+
+      - name: Scan with CxOne++ Action
+        id: scan
+        uses: checkmarx-ts/cxone-plusplus-github-action@9e69646151d1564d227e7979ce9780b422bdf2f4
+        with:
+          cx-tenant: ${{ secrets.CXONE_TENANT }}
+          cx-client-id: ${{ secrets.CXONE_CLIENT_ID }}
+          cx-client-secret: ${{ secrets.CXONE_CLIENT_SECRET }}
+          cx-cli-debug: true
+          build-container-tag: amazoncorretto:17
+          upload-sarif-file: false

build.gradle

@@ -22,12 +22,6 @@ jar {
     enabled = false
 }
 
-// Signing
-apply plugin: 'signing'
-signing {
-	sign configurations.archives
-}
-
 // Configure group ID, artifact ID, and version
 group = 'com.checkmarx-ts.util'
 archivesBaseName = "cx-java-util"