diff --git a/code-scanning/appknox.yml b/code-scanning/appknox.yml
new file mode 100644
index 0000000..68e4672
--- /dev/null
+++ b/code-scanning/appknox.yml
@@ -0,0 +1,54 @@
+# This workflow uses actions that are not certified by GitHub. They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support documentation.
+#
+# Appknox: Leader in Mobile Application Security Testing Solutions
+#
+# To use this workflow, you must be an existing Appknox customer with GitHub Advanced Security (GHAS) enabled for your
+# repository.
+#
+# If you *are not* an existing customer, click here to contact us for licensing and pricing details:
+# .
+#
+# Instructions:
+#
+# 1. In your repository settings, navigate to 'Secrets' and click on 'New repository secret.' Name the
+# secret APPKNOX_ACCESS_TOKEN and paste your appknox user token into the value field. If you don't have a appknox token
+# or need to generate a new one for GitHub, visit the Appknox Platform, go to Account Settings->Developer Settings
+# and create a token labeled GitHub
+#
+# 2. Refer to the detailed workflow below, make any required adjustments, and then save it to your repository. After the
+# action executes, check the 'Security' tab for results
+
+name: Appknox
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+jobs:
+ appknox:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Code
+ uses: actions/checkout@v2
+
+ - name: Grant execute permission for gradlew
+ run: chmod +x gradlew
+
+ - name: Build the app
+ run: ./gradlew build # Update this to build your Android or iOS application
+
+ - name: Appknox GitHub action
+ uses: appknox/appknox-github-action@b7d2bfb2321d5544e97bffcba48557234ab953a4
+ with:
+ appknox_access_token: ${{ secrets.APPKNOX_ACCESS_TOKEN }}
+ file_path: app/build/outputs/apk/debug/app-debug.apk # Specify the path to your .ipa or .apk here
+ risk_threshold: MEDIUM # Update this to desired risk threshold [LOW, MEDIUM, HIGH, CRITICAL]
+ sarif: Enable
+
+ - name: Upload SARIF to GHAS
+ if: always()
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: report.sarif
diff --git a/code-scanning/eslint.yml b/code-scanning/eslint.yml
index 7304e83..b0aaeb3 100644
--- a/code-scanning/eslint.yml
+++ b/code-scanning/eslint.yml
@@ -33,9 +33,11 @@ jobs:
- name: Install ESLint
run: |
npm install eslint@8.10.0
- npm install @microsoft/eslint-formatter-sarif@2.1.7
+ npm install @microsoft/eslint-formatter-sarif@3.1.0
- name: Run ESLint
+ env:
+ SARIF_ESLINT_IGNORE_SUPPRESSED: "true"
run: npx eslint .
--config .eslintrc.js
--ext .js,.jsx,.ts,.tsx
@@ -47,4 +49,4 @@ jobs:
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: eslint-results.sarif
- wait-for-processing: true
\ No newline at end of file
+ wait-for-processing: true
diff --git a/code-scanning/jfrog-sast.yml b/code-scanning/jfrog-sast.yml
new file mode 100644
index 0000000..4ff7ef7
--- /dev/null
+++ b/code-scanning/jfrog-sast.yml
@@ -0,0 +1,54 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# JFrog SAST performs 1st party source code security analysis
+# For more information, see
+# https://docs.jfrog-applications.jfrog.io/jfrog-security-features/sast
+
+name: "JFrog SAST Scan"
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch, $protected-branches ]
+ schedule:
+ - cron: $cron-weekly
+
+env:
+ # [Mandatory]
+ # JFrog platform URL and access token for
+ # a JFrog platform instance with active
+ # JFrog Advanced Security subscription
+ JF_URL: ${{ secrets.JF_URL }}
+ JF_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Setup Node.js
+ uses: actions/setup-node@v4
+
+ - name: Install and configure JFrog CLI
+ run: |
+ npm install -g jfrog-cli-v2-jf
+ echo $JF_TOKEN | jf c add --interactive=false --url=$JF_URL --access-token-stdin
+
+ - name: Run JFrog SAST
+ run: |
+ jf audit --sast --format=sarif > jfrog_sast.sarif
+
+
+ - name: Upload output to generate autofix
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: jfrog_sast.sarif
\ No newline at end of file
diff --git a/code-scanning/properties/appknox.properties.json b/code-scanning/properties/appknox.properties.json
new file mode 100644
index 0000000..8e8b1f2
--- /dev/null
+++ b/code-scanning/properties/appknox.properties.json
@@ -0,0 +1,21 @@
+{
+ "name": "Appknox",
+ "creator": "Appknox",
+ "description": "Use Appknox action for faster and precise security assessments of your iOS and Android apps developed using any programming language",
+ "iconName": "appknox",
+ "categories": [
+ "Code Scanning",
+ "Java",
+ "Kotlin",
+ "Scala",
+ "Swift",
+ "Objective C",
+ "C",
+ "C++",
+ "C#",
+ "Rust",
+ "JavaScript",
+ "TypeScript",
+ "Node"
+ ]
+}
diff --git a/code-scanning/properties/jfrog-sast.properties.json b/code-scanning/properties/jfrog-sast.properties.json
new file mode 100644
index 0000000..7ffa897
--- /dev/null
+++ b/code-scanning/properties/jfrog-sast.properties.json
@@ -0,0 +1,16 @@
+{
+ "name": "JFrog SAST",
+ "description": "Scan for security vulnerabilities in source code using JFrog SAST",
+ "iconName": "frogbot",
+ "categories":
+ [
+ "Code Scanning",
+ "security",
+ "python",
+ "java",
+ "javascript",
+ "typescript",
+ "go"
+ ],
+ "creator": "JFrog"
+}
\ No newline at end of file
diff --git a/icons/appknox.svg b/icons/appknox.svg
new file mode 100644
index 0000000..36148e7
--- /dev/null
+++ b/icons/appknox.svg
@@ -0,0 +1,10 @@
+