feat: add Bearer code scanning option
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
# This workflow file requires a free account on Bearer.com to manage findings, notifications and more.
|
||||
#
|
||||
# See https://docs.bearer.com/guides/bearer-cloud/
|
||||
|
||||
name: Bearer
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [$default-branch, $protected-branches]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [$default-branch]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
|
||||
jobs:
|
||||
bearer:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout project source
|
||||
- uses: actions/checkout@v3
|
||||
# Scan code using Bearer CLI
|
||||
- name: Run Report
|
||||
id: report
|
||||
uses: bearer/bearer-action@v2
|
||||
with:
|
||||
api-key: ${{ secrets.BEARER_TOKEN }}
|
||||
format: sarif
|
||||
output: results.sarif
|
||||
# Upload SARIF file generated in previous step
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Bearer",
|
||||
"creator": "Bearer",
|
||||
"description": "Continuously run Bearer code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.",
|
||||
"iconName": "bearer",
|
||||
"categories": ["Code Scanning", "JavaScript", "TypeScript", "Java", "Ruby"]
|
||||
}
|
||||
Reference in New Issue
Block a user