[REQ]-New Docker Image version without Entrypoint

[linuxshark]

Is your request related to a workflow problem?

With the Gitlab "pipeline execution policy" integration, overwrides entrypoint is not a valid sentence as a normal CICD should. That's the reason why the normal include of the CXONE public template is not working https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml

That gives me an execution error when i call cxOne from my Gitlab "pipeline execution policy" as show:

Using docker image sha256:6d53f64061e0d20e0f66c15747d7f087a4ec42089402a01c6550375f23e61ffc for checkmarx/ast-cli with digest checkmarx/ast-cli@sha256:72b5c9247cd62b78204286e89539f9626d3bc8378dd5a223e4e5bf9dbd1f1c35 ...
Creating directory
unknown command "sh" for "cx"
Error: unknown command "sh" for "cx"
Run 'cx --help' for usage.

Proposed a solution

Create a new docker Image version without the current entrypoint "ENTRYPOINT ["/app/bin/cx"]" and SH interpreter to test if this mod can be used inside a Gitlab "pipeline execution policy"

Additional comments

Here you can find the documentation about how Gitlab "pipeline execution policy" inject the pipeline inside existing CICD process https://docs.gitlab.com/ee/user/application_security/policies/pipeline_execution_policies.html

Maybe you can review it on next sprints to create a proper integration with this use case

[linuxshark]

I made some testings:

1.- create a new docker image Using checkmarx/ast-cli:latest as source

2.- create my new dockerfile without entrypoint to be sure that i can enter into the image and run custom sentences with /app/bin/cx

3.- in my "pipeline execution policy" i changed the docker image sentence (remember i had to do this because "pipeline exec policy" does not support "entrypoint" sentence:

stages:
  - test

checkmarx-scan:
  stage: test
  image:   
    name: peyocl/cyberreadteam-cxast
    #entrypoint: [''] #commented because by definition it's not supported with pipeline execution policy
  script:
     - >-
       /app/bin/cx
       scan create
       --project-name ${CX_PROJECT_NAME}
       --file-source '.'
       --scan-info-format 'json'
       --branch ${CX_BRANCH_NAME}
       --agent 'Gitlab' 
       --file-filter "${CX_FILE_FILTERS}"

Dockerfile is quite simple

FROM checkmarx/ast-cli:latest

ENTRYPOINT [""]

[cx-fatima-goncalves]

Hi ,
Thank you for sharing your idea and suggesting improvements to our product.

After review, we wanted to let you know that "New Docker Image version without Entrypoint" is not currently in our roadmap.
The CLI is open source, so feel free to use it and create your own customized CLI image.
However, we value your feedback.
Thank you,
Checkmarx Team