2022-06-09 12:52:18 +01:00
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will initiate a Contrast Scan on your built artifact, and subsequently upload the results SARIF to Github.
2022-06-10 11:35:06 +01:00
# Because Contrast Scan is designed to run against your deployable artifact, you need to build an artifact that will be passed to the Contrast Scan Action.
# Contrast Scan currently supports Java, JavaScript and .NET artifacts.
# For more information about the Contrast Scan GitHub Action see here: https://github.com/Contrast-Security-OSS/contrastscan-action
2022-06-09 12:52:18 +01:00
# Pre-requisites:
# All Contrast related account secrets should be configured as GitHub secrets to be passed as inputs to the Contrast Scan Action.
# The required secrets are CONTRAST_API_KEY, CONTRAST_ORGANIZATION_ID and CONTRAST_AUTH_HEADER.
on :
push :
branches : [ $default-branch, $protected-branches ]
pull_request :
# The branches below must be a subset of the branches above
branches : [ $default-branch ]
schedule :
- cron : $cron-weekly
2022-06-20 11:44:08 +01:00
permissions :
contents : read
2022-06-09 12:52:18 +01:00
name : Scan analyze workflow
jobs :
build-and-scan :
2022-06-10 11:35:06 +01:00
permissions :
contents : read # for actions/checkout
security-events : write # for github/codeql-action/upload-sarif
2022-06-09 12:52:18 +01:00
runs-on : ubuntu-latest
# check out project
steps :
- uses : actions/checkout@v3
# Since Contrast Scan is designed to run against your deployable artifact, the steps to build your artifact should go here.
# -name: Build Project
# ...
# Scan Artifact
- name : Contrast Scan Action
2022-06-10 11:35:06 +01:00
uses : Contrast-Security-OSS/contrastscan-action@7352a45d9678ec8a434cf061b07ffb51c1e351a1
with :
artifact : mypath/target/myartifact.jar # replace this path with the path to your built artifact
apiKey : ${{ secrets.CONTRAST_API_KEY }}
orgId : ${{ secrets.CONTRAST_ORGANIZATION_ID }}
authHeader : ${{ secrets.CONTRAST_AUTH_HEADER }}
2022-06-09 12:52:18 +01:00
#Upload the results to GitHub
- name : Upload SARIF file
uses : github/codeql-action/upload-sarif@v2
with :
sarif_file : results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output