-
Notifications
You must be signed in to change notification settings - Fork 4
35 lines (30 loc) · 1.22 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the main branch
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Add Secure Code Warrior contextual training to SARIF
# You may pin to the exact commit or the version.
# uses: SecureCodeWarrior/github-action-add-sarif-contextual-training@b11b7dee40de861daa61af5095eb6077d57716c0
uses: SecureCodeWarrior/[email protected]
with:
# Relative location of SARIF file to process
inputSarifFile: scan-results.sarif
# Relative destination location for processed SARIF file
outputSarifFile: processed.sarif
# Provide `secrets.GITHUB_TOKEN` to use the GitHub access token automatically supplied by GitHub Workflows
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: processed.sarif