shiftleft-analysis.yml

# This workflow integrates Scan with GitHub's code scanning feature
# Scan is a free open-source security tool for modern DevOps teams
# Visit https://slscan.io/en/latest/integrations/github-actions/ for help
name: Scan

# This section configures the trigger for the workflow. Feel free to customize depending on your convention
on:
  push:
    branches: [ main , master , release-* ]
  pull_request:
    branches: [ main , master , release-*]

jobs:
  Scan-Build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Cache multiple paths
        uses: actions/cache@v2
        with:
          path: |
            ${{ github.workspace }}/db
          key: ${{ runner.os }}-${{ hashFiles('requirements*.txt') }}
      - name: Perform Scan
        uses: ShiftLeftSecurity/scan-action@master
        env:
          VDB_HOME: ${{ github.workspace }}/db
          WORKSPACE: ""
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          output: reports
      - name: Upload report
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: reports