parent
0c32ead527
commit
0d73e505ae
1 changed files with 30 additions and 0 deletions
30
.github/workflows/shiftleft.yml
vendored
Normal file
30
.github/workflows/shiftleft.yml
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
# Shiftleft engine v2
|
||||
name: Analyze with ShiftLeft NG SAST
|
||||
|
||||
on:
|
||||
pull_request: # include to analyze when you create a pull request
|
||||
branches:
|
||||
- master
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
NGSAST:
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Download ShiftLeft cli
|
||||
run: |
|
||||
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
|
||||
- run: echo REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}') >> $GITHUB_ENV
|
||||
shell: bash
|
||||
- name: Python
|
||||
if: env.SHIFTLEFT_ACCESS_TOKEN != null
|
||||
run: |
|
||||
python3 -m venv .venv
|
||||
. .venv/bin/activate
|
||||
pip install --upgrade setuptools wheel
|
||||
[ -f requirements.txt ] && pip install -r requirements.txt
|
||||
[ -f requirements/default.txt ] && pip install -r requirements/default.txt
|
||||
${GITHUB_WORKSPACE}/sl analyze --tag app.group=$REPOSITORY_NAME --app ${REPOSITORY_NAME}-python --cpg --tag branch=${GITHUB_REF} --python $(pwd)
|
||||
env:
|
||||
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
|
Reference in a new issue