Create codescan.yml

CodeThreat · Feb 9, 2024 · b910bb5 · b910bb5 · ysf-ct · Jul 29, 2024
1 parent f0fd0fd
commit b910bb5
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/.github/workflows/codescan.yml b/.github/workflows/codescan.yml
@@ -0,0 +1,42 @@
+run-name: CodeThreat Scan Task
+
+on:
+  # Trigger scan when pushing in master or pull requests, and when creating
+  # a pull request.
+  push:
+        branches:
+        - main
+        - master
+  pull_request:
+        branches:
+        - main
+        - master
+jobs:
+  codethreat_scanner:
+    runs-on: ubuntu-latest
+    name: Codethreat Scan
+    steps:
+      - name: Check Out Source Code
+        uses: actions/checkout@v3
+      - name: Install Node.js
+        uses: actions/setup-node@v1
+      - name: CodeThreat Github Action Scanner
+        uses: CodeThreat/codethreat-scan-action@master
+
+        env:
+           ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+           CT_SERVER: ${{ secrets.CT_SERVER }}
+           ORGNAME: ${{ secrets.ORGNAME }}
+        with: 
+            FAILED_ARGS: |
+                 - max_number_of_critical: 15
+                 - max_number_of_high: 15
+                 - weakness_is: ".*injection"
+                 - condition: 'OR'
+                 - automerge: false
+                 - sync_scan: true
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: codethreat.sarif.json