Add shiftleft.yml (#17)

Adds shiftleft.yml with `--cpg` flag

.github/workflows/shiftleft.yml

@@ -0,0 +1,30 @@
+# Shiftleft engine v2
+name: Analyze with ShiftLeft NG SAST
+
+on:
+  pull_request: # include to analyze when you create a pull request
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  NGSAST:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Download ShiftLeft cli
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    - run: echo REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}') >> $GITHUB_ENV
+      shell: bash
+    - name: Python
+      if: env.SHIFTLEFT_ACCESS_TOKEN != null
+      run: |
+        python3 -m venv .venv
+        . .venv/bin/activate
+        pip install --upgrade setuptools wheel
+        [ -f requirements.txt ]         && pip install -r requirements.txt
+        [ -f requirements/default.txt ] && pip install -r requirements/default.txt
+        ${GITHUB_WORKSPACE}/sl analyze --tag app.group=$REPOSITORY_NAME --app ${REPOSITORY_NAME}-python --cpg --tag branch=${GITHUB_REF} --python $(pwd)
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}