bujjibabukatta opened a new pull request, #8927: URL: https://github.com/apache/devlake/pull/8927
## Summary This PR implements a complete CheckmarxOne data source plugin for Apache DevLake (resolves #8869). The plugin enables security teams to integrate CheckmarxOne SAST scanning results into DevLake pipelines, allowing them to: - Track and follow security issues discovered by CheckmarxOne - Provide KPIs around findings, triage, and remediation - Monitor vulnerability severity and remediation progress - Support DevSecOps practices with security-focused metrics ## Motivation With the rising importance of DevSecOps, organizations need to track security vulnerabilities alongside development metrics. This plugin provides seamless integration with CheckmarxOne, a leading code security scanning platform, enabling teams to establish meaningful performance indicators around security vulnerability remediation. ## Changes ### Plugin Structure - **Entry Point**: `checkmarxone.go` - Main plugin entry point with CLI support - **Implementation**: `impl/impl.go` - Core plugin logic implementing all required interfaces - **Models**: Connection, Project, and Finding data models - **API Client**: OAuth-based authentication and API communication - **Tasks**: Collector and extractor for findings data - **API Endpoints**: REST endpoints for connection management - **Migrations**: Database schema setup ### Data Models #### CheckmarxoneConnection - Server URL, Client ID/Secret for OAuth - Secure credential storage (passwords hidden in JSON) #### CheckmarxoneProject - Project ID and metadata - Connection association #### CheckmarxoneFinding - Vulnerability data: ID, name, severity, status - First/Last found timestamps - Finding type and count ### Features ✅ OAuth authentication with automatic token refresh ✅ Multi-project support with separate data collection ✅ Vulnerability severity tracking (Critical, High, Medium, Low) ✅ Remediation status monitoring ✅ REST API for connection CRUD operations ✅ Automatic database migrations ✅ Comprehensive error handling and logging ✅ Resource cleanup and connection management ## Data Flow -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
