-
Notifications
You must be signed in to change notification settings - Fork 1
Example: GitHub Code Scanning Security
Nathan Leach edited this page Jul 21, 2024
·
1 revision
This is a simple example that is configured for the following:
- Performs SAST and SCA scans on push to branch
master
or pull-request targetingmaster
. - Runs SCA Resolver on the GitHub hosted runner
ubuntu-latest
. - Writes scan summaries to pull requests.
- Uploads a Sarif file to the GitHub Code Scanning security alerts.
name: SDLC Workflow with CxFlow++
on:
push:
branches: master
pull_request:
branches: master
jobs:
checkmarx-scan:
permissions:
security-events: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Fetch Code
uses: actions/checkout@v4
- name: Execute Scan
uses: checkmarx-ts/checkmarx-cxflow-plusplus-github-action@v2
with:
sast-url: ${{ vars.CX_SAST_URL }}
sast-username: ${{ secrets.CX_SAST_USERNAME }}
sast-password: ${{ secrets.CX_SAST_PASSWORD }}
sca-tenant: ${{ secrets.CX_SCA_TENANT }}
sca-username: ${{ secrets.CX_SCA_USERNAME }}
sca-password: ${{ secrets.CX_SCA_PASSWORD }}