Merge branch 'main' into jorgectf/yaml-check
This commit is contained in:
@@ -55,7 +55,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: APIsec scan
|
||||
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
|
||||
uses: apisec-inc/apisec-run-scan@f748a240d69ca6cd7e9532fd0a47bec4ccd6a73c
|
||||
with:
|
||||
# The APIsec username with which the scans will be executed
|
||||
apisec-username: ${{ secrets.apisec_username }}
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow.
|
||||
# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository
|
||||
# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling
|
||||
# scan customization using the full functionality and flexibility of the CLI tool.
|
||||
|
||||
# This is a basic workflow to help you get started with Using Checkmarx One Action,
|
||||
# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html
|
||||
|
||||
name: Checkmarx Scan
|
||||
|
||||
# Controls when the workflow will run
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, reopened, synchronize]
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||
jobs:
|
||||
# This workflow contains a single job called "build"
|
||||
build:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif
|
||||
|
||||
# The type of runner that the job will run on
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps represent a sequence of tasks that will be executed as part of the job
|
||||
steps:
|
||||
# This step checks out a copy of your repository.
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
# This step creates the Checkmarx One scan
|
||||
- name: Checkmarx One scan
|
||||
uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
|
||||
with:
|
||||
base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One
|
||||
cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
|
||||
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
|
||||
cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
|
||||
additional_params: --report-format sarif --output-path .
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: cx_result.sarif
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Checkmarx",
|
||||
"creator": "Checkmarx",
|
||||
"description": "Beat vulnerabilities with more secure code.Scan your code with Checkmarx One and see results in the GitHub code scanning.",
|
||||
"iconName": "checkmarx",
|
||||
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
|
||||
}
|
||||
Reference in New Issue
Block a user