Excluding folders on CheckMarx scan

Question

I'm working on implementing Checkmarx scans in our code repository. I'm using Jenkins and the CheckMarx plugin to accomplish this task. There are some folders I want to exclude from the scan; referencing the Jenkins plugin documentation it seems like all I have to do is add the folder names in the 'excludeFolders' field. However that doesn't appear to work, or maybe I don't have the value entered correctly.

I've tried '/test', 'test/', '!/test//*' but none work and the folder is still registered and zipped before it is uploaded to our CheckMarx server.

Below is what I have in my pipeline:

stage("Running CheckMarks for Layer"){
            steps{
                script{
                    def layer_dir = readFile file: 'layer-list'
                    def layer_list = layer_dir.split('\\r?\\n')
                    println (layer_list)
                    layer_list.each { layer ->
                        print (layer)
                        dir("${env.WORKSPACE}/layers/layer-name/$layer"){
                            step([
                                $class: 'CxScanBuilder',
                                comment: 'Layer scanning',
                                credentialsId: 'XXXX',
                                excludeFolders: 'test',
                                exclusionsSetting: 'global',
                                failBuildOnNewResults: false,
                                failBuildOnNewSeverity: 'MEDIUM',
                                filterPattern: '''!**/_cvs/**/*, !Checkmarx/Reports/*.*''',
                                fullScanCycle: 10,
                                incremental: true,
                                fullScansScheduled: true,
                                generatePdfReport: true,
                                preset: '36',
                                teamPath: "\\path\\to\\codebase",
                                projectName: "$layer",
                                sastEnabled: true,
                                sourceEncoding: '1',
                                vulnerabilityThresholdResult: 'FAILURE',
                                waitForResultsEnabled: true
                            ])
                        }
                    }
                }
            }
        }

Any suggestions on how to exclude the 'test' folder?

Answer 1

You should change your exclusionsSetting to 'job' instead of 'global', we can't override the global configurations.

Then you can add more filters in the filterPattern.

Answer 2

the filtering is really flakey - did you have any luck????

try add it to the filterPattern as !Test/*.* as well and play around with that...

Answer 3

Modify like below to exclude both target and test folders.

excludeFolders: 'target, test'

Jenkins console log:

[Cx-Debug]: Excluded Dir: src/test
[Cx-Debug]: Excluded Dir: target

Answer 4

If you are running on Windows you need to use the following pattern: !**\\test\\**\\*

On Linux: !**/test/**/*