Update main.yml #124

	# This is a basic workflow to help you get started with Actions.

	name: Check Point CloudGuard Assessment

	# Controls when the action will run. Triggers the workflow on push or pull request
	# events but only for the master branch
	on:
	push:
	branches: [ master, main ]
	pull_request:
	branches: [ master, main ]

	# A workflow run is made up of one or more jobs that can run sequentially or in parallel
	jobs:
	# This workflow contains a single job called "build"


	ShiftLeft_image_scanner:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Build from Dockerfile and add some malware xD
	run: \|
	docker build . -t badimage
	docker save badimage -o badimage.tar
	- name: Run Shiftleft assessment on built image
	run: \|
	docker pull checkpoint/shiftleft
	docker run -v=$(pwd):/tmp/ -e "CHKP_CLOUDGUARD_ID=${{ secrets.CHKP_CLOUDGUARD_ID }}" -e \
	"CHKP_CLOUDGUARD_SECRET=${{ secrets.CHKP_CLOUDGUARD_SECRET }}" checkpoint/shiftleft shiftleft image-scan \
	-i /tmp/badimage.tar -e d0eada4e-2bb4-494e-9f52-14cc9cb2ed58 -r 485582

	Spectral_scanner:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Run Spectral scan for IaC, SCA and secrets
	run: \|
	curl -L "https://spectral-us.dome9.com/latest/x/sh?key=${{ secrets.CHKP_SPECTRAL_DSN_TEAM }}" \| sh
	$HOME/.spectral/spectral scan --ok --engines iac,oss,secrets --include-tags base,iac --sarif
	env:
	SPECTRAL_DSN: "${{ secrets.CHKP_SPECTRAL_DSN }}"


	- name: Upload Sarif results to Github
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: output.sarif
	category: Spectral_scanner

Provide feedback