Initial commit

.github/CODEOWNERS

@@ -0,0 +1 @@
+@devrel-advocates

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,32 @@
+---
+name: Bug Report
+about: Create a report to help us improve.
+title: "[BUG] Your Bug Report Here"
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Operating System (please complete the following information):**
+ - OS: [e.g. Windows 10 19044.1889, Ubuntu 18.04, Mac OS Monterey 12.4]
+ - CLI Environment [e.g. Command Prompt, Powershell, Terminal]
+ - Version [e.g. 1.04]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,20 @@
+---
+name: Feature Request
+about: Suggest an idea for this project.
+title: "[FEATURE] Your Feature Request Here "
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like.**
+A clear and concise description of what you want to happen. Ex. It would be nice if [...]
+
+**Describe alternatives you've considered.**
+A clear and concise description of any alternative solutions or features you've considered. Ex. I have seen similar features on [...]
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/bot.yml

@@ -0,0 +1,14 @@
+##### Greetings ########################################################################################################
+# Comment to be posted to welcome users when they open their first PR
+firstPRWelcomeComment: >
+  🎉 Thanks for opening this pull request! Please be sure to check out our contributing guidelines. 🙌
+
+
+# Comment to be posted to congratulate user on their first merged PR
+firstPRMergeComment: >
+  🎉 Awesome work, congrats on your first merged pull request! 🙌
+
+
+# Comment to be posted to on first time issues
+firstIssueWelcomeComment: >
+  🎉 Thanks for opening your first issue here! Be sure to follow the issue template, and welcome to the community! 🙌

.github/workflows/checkmarx-scan-on-pull.yml

@@ -0,0 +1,85 @@
+# This workflow executes Checkmarx scans (SAST & SCA) on pull requests. It runs in a self-hosted actions runner
+# hosted in AWS. The flow has 3 parts: 1) start the ec2 runner instance 2) carry out the scans via CxFlow and 
+# 3) stop the ec2 runner instance. It uses the following GitHub secrets:
+#           AWS_EC2_INSTANCE_ID
+#           CHECKMARX_URL
+#           CHECKMARX_USERNAME
+#           CHECKMARX_PASSWORD
+#           CHECKMARX_URL
+#           CHECKMARX_CLIENT_SECRET
+#           SCA_USERNAME
+#           SCA_PASSWORD
+#
+# To change the severity threshold, modify the --cx-flow.filter-severity parameter in the CxFlow job below
+
+
+name: CheckMarx Scan on Pull Request
+on: 
+  #pull_request:
+  workflow_dispatch:
+
+jobs:
+  start-runner:
+    name: Start self-hosted EC2 runner
+    permissions:
+      id-token: write # For OIDC connection
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::143694264087:role/GithubActions
+          role-session-name: github-actions-runner-start-ec2
+          aws-region: us-east-1
+      - name: Start AWS EC2
+        # Run AWS Command on the GitHub Hosted runner which starts the instance
+        run: |
+          aws ec2 start-instances --instance-ids ${{secrets.AWS_EC2_INSTANCE_ID }}
+
+  run-cxflow:
+    name: Execute CxFlow
+    # The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
+      pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    needs: start-runner # required to start the main job when the runner is ready
+    runs-on: [self-hosted, AWS, AppSec]
+    # Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v3
+    # Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@49d8269b14ca87910ba003d47a31fa0c7a11f2fe
+      with:
+        project: sailpoint-oss-${{ github.event.repository.name }}
+        team: CxServer/OSS
+        # sast secrets
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }}
+        checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
+        # sca secrets
+        sca_api_url: https://api-sca.checkmarx.net
+        sca_app_url: https://sca.checkmarx.net
+        sca_access_control_url: https://platform.checkmarx.net
+        sca_username: ${{ secrets.SCA_USERNAME }}
+        sca_password: ${{ secrets.SCA_PASSWORD }}
+        sca_tenant: sailpoint
+        scanners: sast, sca
+        params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filter-severity=high --cx-flow.filter-category --checkmarx.disable-clubbing=true --repo-url=${{ github.event.repository.url }} 
+
+    # Upload the Report for CodeQL/Security Alerts
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: cx.sarif
+    #  post-job task is a script referenced in .env file (cleans up the _work directory)
+
+  #############################
+  # We can't shut down the runner, as another workflow run might be queued up already.
+  # Shutdown will be handled with a CloudWatch Alarm
+  #############################

LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 SailPoint
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,41 @@
+[![Discourse Topics][discourse-shield]][discourse-url]
+[![Issues][issues-shield]][issues-url]
+[![Latest Releases][release-shield]][release-url]
+[![Contributor Shield][contributor-shield]][contributors-url]
+
+[discourse-shield]:https://img.shields.io/discourse/topics?label=Discuss%20This%20Tool&server=https%3A%2F%2Fdeveloper.sailpoint.com%2Fdiscuss
+[discourse-url]:https://developer.sailpoint.com/discuss/tag/workflows
+[issues-shield]:https://img.shields.io/github/issues/sailpoint-oss/repo-template?label=Issues
+[issues-url]:https://github.com/sailpoint-oss/repo-template/issues
+[release-shield]: https://img.shields.io/github/v/release/sailpoint-oss/repo-template?label=Current%20Release
+[release-url]:https://github.com/sailpoint-oss/repo-template/releases
+[contributor-shield]:https://img.shields.io/github/contributors/sailpoint-oss/repo-template?label=Contributors
+[contributors-url]:https://github.com/sailpoint-oss/repo-template/graphs/contributors
+
+# application-title-here
+[Explore the docs »](https://your-link-to-colab-topic-here)
+
+[New to the CoLab? Click here »](https://developer.sailpoint.com/discuss/t/about-the-sailpoint-developer-community-colab/11230)
+
+<!-- CONTRIBUTING -->
+## Contributing
+
+Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+
+If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag `enhancement`.
+Don't forget to give the project a star! Thanks again!
+
+1. Fork the Project
+2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the Branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+<!-- LICENSE -->
+## License
+
+Distributed under the MIT License. See `LICENSE.txt` for more information.
+
+<!-- CONTACT -->
+## Discuss
+[Click Here](https://developer.sailpoint.com/dicuss/tag/{tagName}) to discuss this tool with other users.