[StepSecurity] Apply security best practices#252
Merged
cx-yevgeny-kuznetsov merged 1 commit intoMay 30, 2026
Conversation
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Contributor
Author
Security Policy Alert: Secret Policy ViolationThis workflow run has been blocked by StepSecurity's secrets policy because it accesses secrets and the workflow file differs from the default branch. To approve this workflow, please add the Note: The label must be added by someone other than the PR author (stepsecurity-app[bot]) or automation bots to ensure proper security review. After the label is added, you can re-run the blocked workflow to proceed. This workflow will be automatically approved once merged into the default branch. For more information, see StepSecurity's Secret Exfiltration Policy documentation. |
cx-yevgeny-kuznetsov
approved these changes
May 30, 2026
cx-yevgeny-kuznetsov
deleted the
chore/GHA-291959-stepsecurity-remediation
branch
cx-aniket-shinde
pushed a commit
that referenced
this pull request
Jun 19, 2026
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
cx-nisan-benabu
added a commit
that referenced
this pull request
Jun 25, 2026
* docs AST-146800: Add Cloud.md standardization file Adds the Cloud.md documentation file covering all essential sections: Project Overview, Architecture, Repository Structure, Technology Stack, Development Setup, Coding Standards, Project Rules, Testing Strategy, Known Issues — plus recommended sections: External Integrations, Deployment, Security & Access, Logging, and Debugging Steps. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * AST-101305: Disable Branch and Scan dropdown when no project is selected - Add FocusListener to project combo viewer - When user clears project and clicks outside, branch combo is disabled - Resets currentProjectId to empty when project field is cleared - Preserves existing behavior for all other scenarios Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * Fix: Route authentication logs to Eclipse Error Log (AST-136023) (#244) * Fix AST-136023: Route authentication logs to Eclipse Error Log Replace SLF4J log calls in Authenticator.doAuthentication() with CxLogger so auth success/failure messages appear in .metadata/.log and the Eclipse Error Log UI instead of being silently dropped. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-136023: Update unit tests to verify CxLogger static calls Replace SLF4J mockLogger verification with MockedStatic<CxLogger> to match the updated Authenticator.doAuthentication() which now routes log output through CxLogger instead of the SLF4J instance. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Refactor AST-136023: Use String.format for authentication status log message Replace string concatenation (AUTH_STATUS + cxValidateOutput) with String.format(PluginConstants.INFO_AUTHENTICATION_STATUS, cxValidateOutput) to be consistent with the error logging pattern. Updated the unit test assertion to verify the formatted string accordingly. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix: Clear detail panels on severity filter change (AST-136035) (#245) * Fix AST-136035: Clear detail panels on severity filter change; fix scan ID combo overflow - Hide resultViewComposite and attackVectorCompositePanel when filter changes so the description and attack vector windows no longer show stale content - Replace fixed widthHint=520 on scan ID combo with SWT.FILL/grabExcess layout so the combo is always visible without needing to maximize the window Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-136035: Clear right panels only when displayed item's severity is filtered out Previously, toggling any severity filter always hid the description and attack vector panels. Now the panels are only cleared when the currently displayed item belongs to a severity that was just disabled. If the item's severity is still active, the panels stay visible. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-136035: Preserve tree expansion state when severity filter changes - Capture expanded elements before clearing the model so the snapshot is accurate when restoring after refresh - Pass expand=true for FILTER_CHANGED (keep GET_RESULTS at false) so previously expanded group nodes are restored after filtering instead of collapsing the entire tree Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix: Truncate long custom state names in filter menu (AST-137779) (#246) * Fix AST-137779: Truncate long custom state names in filter menu and triage combo Custom states with very long names caused the state filter dropdown menu to expand across the entire screen. Fix truncates display text to 50 chars (with trailing "...") in both the state filter MenuItem and the triage state ComboViewer LabelProvider. The full state name is still used internally for filtering and triage submission. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Fix AST-137779: Guard against null getResults() in cxProjectMatchesWorkspaceProject Results.getResults() can return null when no results have been loaded yet (e.g. fresh IDE session before any scan is imported). The prior check only guarded against a null Results object, causing an NPE on the first click of the Start Scan button and preventing scans from running. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * Toolyip custom state * Parity and project combobox * CISO-920: remove broken Teams notify job (secret CXONE_SCAN_WEBHOOK_URL not set) (#250) The notify job references secrets.CXONE_SCAN_WEBHOOK_URL which does not exist in this repo or at org level, causing the step to fail silently. Ref: https://checkmarx.atlassian.net/browse/CISO-920 Ref: https://checkmarx.atlassian.net/browse/CISO-815 * [StepSecurity] Apply security best practices (#251) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> * [StepSecurity] Apply security best practices (#252) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> * remove dependabot (#254) * rerun * Bumped java wrapper version * bump java wrapper version to 2.4.24 --------- Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Noam Brendel <139764378+cx-noam-brendel@users.noreply.github.com> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> Co-authored-by: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com> Co-authored-by: Nisan Ben Abu <nisan.ben-abu@checkmarx.com> Co-authored-by: atishj99 <atish.jadhav@checkmarx.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This pull request has been generated by StepSecurity as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements.
Security Fixes
Pinned Dependencies
Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure.
Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates.
StepSecurity Maintained Actions
Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements.
Feedback
For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo or contact us via our website.