# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # This is a basic workflow to help you get started with Using Checkmarx One Action name: Checkmarx Scan # Controls when the workflow will run on: pull_request: types: [opened, reopened, synchronize] branches: [ $default-branch, $protected-branches ] # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" build: # The type of runner that the job will run on runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: # This step checks out a copy of your repository. - name: Checkout repository uses: actions/checkout@v2 - name: Checkmarx scan uses: checkmarx/ast-github-action@main with: base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx cx_client_id: ${{ secrets.CX_CLIENT_ID }} cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} cx_tenant: ${{ secrets.CX_TENANT }} additional_params: --report-format sarif --output-path . - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: # Path to SARIF file relative to the root of the repository sarif_file: cx_result.sarif