-
Notifications
You must be signed in to change notification settings - Fork 16
/
github-action.yml
44 lines (37 loc) · 1.38 KB
/
github-action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Documentation:
# https://checkmarx.com/resource/documents/en/34965-68725-using-sca-resolver-in-checkmarx-one-ci-cd-integrations.html
#
name: SCA Resolver Example
on:
push:
branches:
[main]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Download SCA Resolver
run: |
wget https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-linux64.tar.gz
tar -xzvf ScaResolver-linux64.tar.gz
rm -rf ScaResolver-linux64.tar.gz
- name: Install Maven, NPM, ... # Add any necessary package management
run: |
sudo apt install maven npm
- name: Run Checkmarx AST CLI Scan
run: |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
/home/linuxbrew/.linuxbrew/bin/brew install checkmarx/ast-cli/ast-cli
/home/linuxbrew/.linuxbrew/Cellar/ast-cli/*/bin/cx \
scan create \
-s . \
--agent GitHub \
--project-name ${{ github.repository }} \
--branch ${GITHUB_REF##*/} \
--base-uri ${{ secrets.CX_BASE_URI }} \
--tenant ${{ secrets.CX_TENANT }} \
--client-id ${{ secrets.CX_CLIENT_ID }} \
--client-secret ${{ secrets.CX_CLIENT_SECRET }} \
--sca-resolver ./ScaResolver