Create openapi-static-scan.yml

[skip ci] Signed-off-by: Christopher Atkins <christopher316@gmail.com>
trolie · Dec 18, 2023 · 606fe81 · 606fe81
1 parent e7580b2
commit 606fe81
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/.github/workflows/openapi-static-scan.yml b/.github/workflows/openapi-static-scan.yml
@@ -0,0 +1,27 @@
+name: "42Crunch API Security Audit"
+
+on:
+  workflow_dispatch:
+jobs:
+  run_42c_audit:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for results upload to Github Code Scanning
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      - name: Audit API definition for security issues
+        uses: 42Crunch/api-security-audit-action-freemium@v1
+        with:
+          # Upload results to Github Code Scanning
+          upload-to-code-scanning: true
+          log-level: info
+          sarif-report: 42Crunch_AuditReport_${{ github.run_id }}.SARIF
+      - name: save-audit-report
+        if: always()        
+        uses: actions/upload-artifact@v3
+        with:
+          name: 42Crunch_AuditReport_${{ github.run_id }}
+          path: 42Crunch_AuditReport_${{ github.run_id }}.SARIF
+          if-no-files-found: error