1+ ---
2+ # This workflow integrates ShiftLeft NG SAST with GitHub
3+ # Visit https://docs.shiftleft.io for help
4+ name : ShiftLeft
5+
6+ on :
7+ pull_request :
8+ workflow_dispatch :
9+
10+ jobs :
11+ NextGen-Static-Analysis :
12+ runs-on : ubuntu-20.04
13+ steps :
14+ - uses : actions/checkout@v2
15+ - name : Download ShiftLeft CLI
16+ run : |
17+ curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
18+ name : Extract branch name
19+ shell : bash
20+ run : echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
21+ id : extract_branch
22+ - name : NextGen Static Analysis
23+ run : ${GITHUB_WORKSPACE}/sl analyze --wait --app GitPython --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd)
24+ env :
25+ SHIFTLEFT_ACCESS_TOKEN : ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
26+
27+
28+ # # Uncomment the following section to enable build rule checking and enforcing.
29+ # Build-Rules:
30+ # runs-on: ubuntu-latest
31+ # needs: NextGen-Static-Analysis
32+ # steps:
33+ # - uses: actions/checkout@v2
34+ # - name: Download ShiftLeft CLI
35+ # run: |
36+ # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
37+ # - name: Validate Build Rules
38+ # run: |
39+ # ${GITHUB_WORKSPACE}/sl check-analysis --app GitPython \
40+ # --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \
41+ # --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
42+ # --report \
43+ # --github-pr-number=${{github.event.number}} \
44+ # --github-pr-user=${{ github.repository_owner }} \
45+ # --github-pr-repo=${{ github.event.repository.name }} \
46+ # --github-token=${{ secrets.GITHUB_TOKEN }}
47+ # env:
48+ # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
49+
0 commit comments