Skip to content

Example: GitHub Code Scanning Security

Jump to bottom
Nathan Leach edited this page Jul 21, 2024 · 1 revision

This is a simple example that is configured for the following:

  1. Performs SAST and SCA scans on push to branch master or pull-request targeting master.
  2. Runs SCA Resolver on the GitHub hosted runner ubuntu-latest.
  3. Writes scan summaries to pull requests.
  4. Uploads a Sarif file to the GitHub Code Scanning security alerts.
name: SDLC Workflow with CxFlow++
on:
    push:
        branches: master
    pull_request:
        branches: master
    
jobs:
    checkmarx-scan:
        permissions:
            security-events: write
            pull-requests: write
        runs-on: ubuntu-latest
        steps:
          - name: Fetch Code
            uses: actions/checkout@v4
        
          - name: Execute Scan
            uses: checkmarx-ts/checkmarx-cxflow-plusplus-github-action@v2
            with:
                sast-url: ${{ vars.CX_SAST_URL }}
                sast-username: ${{ secrets.CX_SAST_USERNAME }}
                sast-password: ${{ secrets.CX_SAST_PASSWORD }}
                sca-tenant: ${{ secrets.CX_SCA_TENANT }}
                sca-username: ${{ secrets.CX_SCA_USERNAME }}
                sca-password: ${{ secrets.CX_SCA_PASSWORD }}
Clone this wiki locally