1
Fork 0

Add shiftleft.yml (#17)

Adds shiftleft.yml with `--cpg` flag
This commit is contained in:
Paolo del Mundo 2021-06-07 12:25:07 -07:00 committed by GitHub
parent 0c32ead527
commit 0d73e505ae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

30
.github/workflows/shiftleft.yml vendored Normal file
View file

@ -0,0 +1,30 @@
# Shiftleft engine v2
name: Analyze with ShiftLeft NG SAST
on:
pull_request: # include to analyze when you create a pull request
branches:
- master
workflow_dispatch:
jobs:
NGSAST:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Download ShiftLeft cli
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- run: echo REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}') >> $GITHUB_ENV
shell: bash
- name: Python
if: env.SHIFTLEFT_ACCESS_TOKEN != null
run: |
python3 -m venv .venv
. .venv/bin/activate
pip install --upgrade setuptools wheel
[ -f requirements.txt ] && pip install -r requirements.txt
[ -f requirements/default.txt ] && pip install -r requirements/default.txt
${GITHUB_WORKSPACE}/sl analyze --tag app.group=$REPOSITORY_NAME --app ${REPOSITORY_NAME}-python --cpg --tag branch=${GITHUB_REF} --python $(pwd)
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}