diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml new file mode 100644 index 0000000..9f00183 --- /dev/null +++ b/.github/workflows/shiftleft.yml @@ -0,0 +1,26 @@ +# This workflow integrates ShiftLeft NG SAST with GitHub +# Visit https://docs.shiftleft.io for help +name: Analyze with ShiftLeft NG SAST + +on: + pull_request: # include to analyze when you create a pull request + branches: + - master + workflow_dispatch: + +jobs: + NGSAST: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - name: Download ShiftLeft cli + run: | + curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl + - name: Python + run: ${GITHUB_WORKSPACE}/sl analyze --verbose --tag app.group=django-charsleft-widget --app django-charsleft-widget-python --tag branch=${GITHUB_REF} --python $(pwd) + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} + - name: Javascript + run: ${GITHUB_WORKSPACE}/sl analyze --verbose --tag app.group=django-charsleft-widget --app django-charsleft-widget-javascript --tag branch=${GITHUB_REF} --js --cpg $(pwd) + env: + SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}