parent
0c32ead527
commit
0d73e505ae
1 changed files with 30 additions and 0 deletions
30
.github/workflows/shiftleft.yml
vendored
Normal file
30
.github/workflows/shiftleft.yml
vendored
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Shiftleft engine v2
|
||||||
|
name: Analyze with ShiftLeft NG SAST
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request: # include to analyze when you create a pull request
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
NGSAST:
|
||||||
|
runs-on: ubuntu-20.04
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Download ShiftLeft cli
|
||||||
|
run: |
|
||||||
|
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
|
||||||
|
- run: echo REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}') >> $GITHUB_ENV
|
||||||
|
shell: bash
|
||||||
|
- name: Python
|
||||||
|
if: env.SHIFTLEFT_ACCESS_TOKEN != null
|
||||||
|
run: |
|
||||||
|
python3 -m venv .venv
|
||||||
|
. .venv/bin/activate
|
||||||
|
pip install --upgrade setuptools wheel
|
||||||
|
[ -f requirements.txt ] && pip install -r requirements.txt
|
||||||
|
[ -f requirements/default.txt ] && pip install -r requirements/default.txt
|
||||||
|
${GITHUB_WORKSPACE}/sl analyze --tag app.group=$REPOSITORY_NAME --app ${REPOSITORY_NAME}-python --cpg --tag branch=${GITHUB_REF} --python $(pwd)
|
||||||
|
env:
|
||||||
|
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
|
Reference in a new issue