Update main.yml #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Documentation: | |
# https://checkmarx.atlassian.net/wiki/spaces/Checkmarx One/pages/6147408761/CI+CD+with+CxSCA+Resolver | |
# | |
name: SCA Resolver Example | |
on: | |
push: | |
branches: | |
[master] | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Download SCA Resolver | |
run: | | |
wget https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-linux64.tar.gz | |
tar -xzvf ScaResolver-linux64.tar.gz | |
rm -rf ScaResolver-linux64.tar.gz | |
- name: Install Maven, NPM, ... # Add any necessary package management | |
run: | | |
sudo apt install maven npm | |
- name: Run Checkmarx One CLI Scan | |
run: | | |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
/home/linuxbrew/.linuxbrew/bin/brew install checkmarx/ast-cli/ast-cli | |
/home/linuxbrew/.linuxbrew/Cellar/ast-cli/*/bin/cx \ | |
scan create \ | |
-s . \ | |
--agent GitHub \ | |
--project-name ${{ github.repository }} \ | |
--branch ${GITHUB_REF##*/} \ | |
--base-uri ${{ secrets.CX_BASE_URI }} \ | |
--tenant ${{ secrets.CX_TENANT }} \ | |
--client-id ${{ secrets.CX_CLIENT_ID }} \ | |
--client-secret ${{ secrets.CX_CLIENT_SECRET }} \ | |
--sca-resolver ./ScaResolver |