Merge branch 'main' into feature/AST-8454-add-scan-cancel

Author: AndreGCX

.github/workflows/ast-scan.yml

@@ -0,0 +1,18 @@
+name: Checkmarx AST Scan
+
+on: [ pull_request, workflow_dispatch ]
+
+jobs:
+  cx-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Checkmarx AST CLI Action
+        uses: checkmarx/ast-github-action@main
+        with:
+          base_uri: ${{ secrets.BASE_URI }}
+          cx_tenant: ${{ secrets.TENANT }}
+          cx_client_id: ${{ secrets.CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CLIENT_SECRET }}
+          additional_params: --tags galactica-team --threshold "sast-high=1"

.github/workflows/ci.yml

@@ -15,24 +15,10 @@ jobs:
       - run: npm run build --if-present
       - name: Run tests
         env:
-          CX_CLIENT_ID: ${{ secrets.CLIENT_ID}}
-          CX_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET}}
-          CX_BASE_URI: ${{ secrets.BASE_URI }}
-          CX_TENANT: ${{ secrets.TENANT }}
+          CX_CLIENT_ID: ${{ secrets.CX_CLIENT_ID}}
+          CX_CLIENT_SECRET: ${{ secrets.CX_CLIENT_SECRET}}
+          CX_BASE_URI: ${{ secrets.CX_BASE_URI }}
+          CX_TENANT: ${{ secrets.CX_TENANT }}
           CX_SCANID: ${{ secrets.SCANID }}
           CX_APIKEY: ${{ secrets.CX_APIKEY }}
-        run: npm test
-  cx-scan:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Checkmarx AST CLI Action
-        uses: checkmarxDev/ast-github-action@main
-        with:
-          project_name: ${{ github.repository }}
-          base_uri: ${{ secrets.BASE_URI }}
-          cx_tenant: ${{ secrets.TENANT }}
-          cx_client_id: ${{ secrets.CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CLIENT_SECRET }}
-          additional_params: --tags "Galactica"
+        run: npm test