| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- ---
- # This workflow integrates ShiftLeft NG SAST with GitHub
- # Visit https://docs.shiftleft.io for help
- name: ShiftLeft
- on:
- pull_request:
- workflow_dispatch:
- jobs:
- NextGen-Static-Analysis:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-go@v2
- with:
- go-version: '^1.14'
- - name: Build
- run: |
- go build ./...
- - name: Download ShiftLeft CLI
- run: |
- curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- - name: Extract branch name
- shell: bash
- run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
- id: extract_branch
- - name: NextGen Static Analysis
- run: |
- ${GITHUB_WORKSPACE}/sl --version
- ${GITHUB_WORKSPACE}/sl analyze --wait --app gonuma --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --go --cpg $(pwd)
- env:
- SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
-
-
- ## Uncomment the following section to enable build rule checking and enforcing.
- #Build-Rules:
- #runs-on: ubuntu-latest
- #needs: NextGen-Static-Analysis
- #steps:
- #- uses: actions/checkout@v2
- #- name: Download ShiftLeft CLI
- # run: |
- # curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- #- name: Validate Build Rules
- # run: ${GITHUB_WORKSPACE}/sl check-analysis --app gonuma \
- # --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \
- # --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
- # --report \
- # --github-pr-number=${{github.event.number}} \
- # --github-pr-user=${{ github.repository_owner }} \
- # --github-pr-repo=${{ github.event.repository.name }} \
- # --github-token=${{ secrets.GITHUB_TOKEN }}
- # env:
- #SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
-
|
