CISO-920: remove broken Teams notify job (CXONE_SCAN_WEBHOOK_URL not set)#250
Merged
Merged
Conversation
…RL not set) The notify job references secrets.CXONE_SCAN_WEBHOOK_URL which does not exist in this repo or at org level, causing the step to fail silently. Ref: https://checkmarx.atlassian.net/browse/CISO-920 Ref: https://checkmarx.atlassian.net/browse/CISO-815
Contributor
|
Great job! No new security vulnerabilities introduced in this pull request |
cx-aniket-shinde
pushed a commit
that referenced
this pull request
Jun 19, 2026
…RL not set) (#250) The notify job references secrets.CXONE_SCAN_WEBHOOK_URL which does not exist in this repo or at org level, causing the step to fail silently. Ref: https://checkmarx.atlassian.net/browse/CISO-920 Ref: https://checkmarx.atlassian.net/browse/CISO-815
cx-nisan-benabu
added a commit
that referenced
this pull request
Jun 25, 2026
* docs AST-146800: Add Cloud.md standardization file Adds the Cloud.md documentation file covering all essential sections: Project Overview, Architecture, Repository Structure, Technology Stack, Development Setup, Coding Standards, Project Rules, Testing Strategy, Known Issues — plus recommended sections: External Integrations, Deployment, Security & Access, Logging, and Debugging Steps. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * AST-101305: Disable Branch and Scan dropdown when no project is selected - Add FocusListener to project combo viewer - When user clears project and clicks outside, branch combo is disabled - Resets currentProjectId to empty when project field is cleared - Preserves existing behavior for all other scenarios Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * Fix: Route authentication logs to Eclipse Error Log (AST-136023) (#244) * Fix AST-136023: Route authentication logs to Eclipse Error Log Replace SLF4J log calls in Authenticator.doAuthentication() with CxLogger so auth success/failure messages appear in .metadata/.log and the Eclipse Error Log UI instead of being silently dropped. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-136023: Update unit tests to verify CxLogger static calls Replace SLF4J mockLogger verification with MockedStatic<CxLogger> to match the updated Authenticator.doAuthentication() which now routes log output through CxLogger instead of the SLF4J instance. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Refactor AST-136023: Use String.format for authentication status log message Replace string concatenation (AUTH_STATUS + cxValidateOutput) with String.format(PluginConstants.INFO_AUTHENTICATION_STATUS, cxValidateOutput) to be consistent with the error logging pattern. Updated the unit test assertion to verify the formatted string accordingly. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix: Clear detail panels on severity filter change (AST-136035) (#245) * Fix AST-136035: Clear detail panels on severity filter change; fix scan ID combo overflow - Hide resultViewComposite and attackVectorCompositePanel when filter changes so the description and attack vector windows no longer show stale content - Replace fixed widthHint=520 on scan ID combo with SWT.FILL/grabExcess layout so the combo is always visible without needing to maximize the window Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-136035: Clear right panels only when displayed item's severity is filtered out Previously, toggling any severity filter always hid the description and attack vector panels. Now the panels are only cleared when the currently displayed item belongs to a severity that was just disabled. If the item's severity is still active, the panels stay visible. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-136035: Preserve tree expansion state when severity filter changes - Capture expanded elements before clearing the model so the snapshot is accurate when restoring after refresh - Pass expand=true for FILTER_CHANGED (keep GET_RESULTS at false) so previously expanded group nodes are restored after filtering instead of collapsing the entire tree Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix: Truncate long custom state names in filter menu (AST-137779) (#246) * Fix AST-137779: Truncate long custom state names in filter menu and triage combo Custom states with very long names caused the state filter dropdown menu to expand across the entire screen. Fix truncates display text to 50 chars (with trailing "...") in both the state filter MenuItem and the triage state ComboViewer LabelProvider. The full state name is still used internally for filtering and triage submission. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-137779: Guard against null getResults() in cxProjectMatchesWorkspaceProject Results.getResults() can return null when no results have been loaded yet (e.g. fresh IDE session before any scan is imported). The prior check only guarded against a null Results object, causing an NPE on the first click of the Start Scan button and preventing scans from running. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Toolyip custom state * Parity and project combobox * CISO-920: remove broken Teams notify job (secret CXONE_SCAN_WEBHOOK_URL not set) (#250) The notify job references secrets.CXONE_SCAN_WEBHOOK_URL which does not exist in this repo or at org level, causing the step to fail silently. Ref: https://checkmarx.atlassian.net/browse/CISO-920 Ref: https://checkmarx.atlassian.net/browse/CISO-815 * [StepSecurity] Apply security best practices (#251) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> * [StepSecurity] Apply security best practices (#252) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> * remove dependabot (#254) * rerun * Bumped java wrapper version * bump java wrapper version to 2.4.24 --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Noam Brendel <139764378+cx-noam-brendel@users.noreply.github.com> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> Co-authored-by: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com> Co-authored-by: Nisan Ben Abu <nisan.ben-abu@checkmarx.com> Co-authored-by: atishj99 <atish.jadhav@checkmarx.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes the
notifyjob from the CxOne scan workflow. The job referencessecrets.CXONE_SCAN_WEBHOOK_URLwhich does not exist in this repo or at the org level — causing the step to silently fail on every run.What was removed
Related