File tree Expand file tree Collapse file tree 1 file changed +51
-0
lines changed
Expand file tree Collapse file tree 1 file changed +51
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ # This workflow integrates ShiftLeft NG SAST with GitHub
3+ # Visit https://docs.shiftleft.io for help
4+ name : ShiftLeft
5+
6+ on :
7+ push :
8+ branches :
9+ - main
10+ pull_request :
11+ workflow_dispatch :
12+
13+ jobs :
14+ NextGen-Static-Analyis :
15+ runs-on : ubuntu-latest
16+ steps :
17+ - uses : actions/checkout@v2
18+ # We are building this application with Java 11
19+ - name : Setup Java JDK
20+ 21+ with :
22+ java-version : 11.0.x
23+ - name : Build and package with Maven
24+ run : mvn clean package -DskipTests
25+ - name : Download ShiftLeft CLI
26+ run : |
27+ curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
28+ # ShiftLeft requires Java 1.8. Post the package step override the version
29+ - name : Setup Java JDK
30+ 31+ with :
32+ java-version : 1.8
33+ - name : Extract branch name
34+ shell : bash
35+ run : echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
36+ id : extract_branch
37+ - name : NextGen Static Analysis
38+ run : ${GITHUB_WORKSPACE}/sl analyze --wait --app java-sec-code --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --remediation-config remediation.yaml --java --cpg ./target/java-sec-code-1.0.0.jar
39+ env :
40+ SHIFTLEFT_ACCESS_TOKEN : ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
41+
42+ - name : Validate Build Rules
43+ run : |
44+ ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app log4shell-vulnerable-app \
45+ --report \
46+ --github-pr-number=${{github.event.number}} \
47+ --github-pr-user=${{ github.repository_owner }} \
48+ --github-pr-repo=${{ github.event.repository.name }} \
49+ --github-token=${{ secrets.GITHUB_TOKEN }}
50+ env :
51+ SHIFTLEFT_ACCESS_TOKEN : ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
You can’t perform that action at this time.
0 commit comments