This repository has been archived by the owner on Apr 29, 2024. It is now read-only.

add scripts/whitesource files #2

Workflow file for this run

.github/workflows/security.yml at 4cd3357

	# This workflow is to automate Checkmarx SAST scans. It runs on a push to the main branch.
	#
	# The following GitHub Secrets must be first defined:
	# - CHECKMARX_URL
	# - CHECKMARX_USER
	# - CHECKMARX_PASSWORD
	# - CHECKMARX_CLIENT_SECRET
	#
	# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action

	name: Security Scans

	on:
	push:
	branches:
	- 'release\/*'
	- 'hotfix\/*'
	- test-whitesource
	- test-cx-scan
	- test-gha-security

	jobs:
	Checkmarx:
	name: Checkmarx CxFlow Action
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Checkmarx CxFlow Action
	uses: checkmarx-ts/[email protected] #Github Action version
	with:
	# report-file: checkmarx.json
	# auth-scopes: access_control_api sast_rest_api
	# version: '9.4'
	break_build: false
	checkmarx_url: ${{ vars.CHECKMARX_URL }} # To be stored in GitHub Secrets.
	checkmarx_username: ${{ vars.CHECKMARX_USERNAME }} # To be stored in GitHub Secrets.
	checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} # To be stored in GitHub Secrets.
	checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} # To be stored in GitHub Secrets.
	params: --namespace=${{ github.repository_owner }} --checkmarx.settings-override=true --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref_name }} --cx-flow.filterSeverity --cx-flow.filterCategory --checkmarx.disable-clubbing=true
	preset: Blackbaud SAST
	project: ${{ github.event.repository.name }} # <-- Insert Checkmarx SAST Project Name
	team: /CxServer/SP/Company/Everfi
	scanners: sast

	Mend:
	name: Mend Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Get branch name
	shell: bash
	run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
	id: get_branch_name
	- name: Mend
	env:
	WHITESOURCE_API_KEY: ${{ secrets.WHITESOURCE_API_KEY }}
	WHITESOURCE_API_BASE_URL: ${{ vars.WHITESOURCE_API_BASE_URL }}
	WHITESOURCE_SERVER_URL: ${{ vars.WHITESOURCE_SERVER_URL }}
	BRANCH: ${{ steps.get_branch_name.outputs.branch }}
	shell: bash
	run: \|
	echo $'\n'projectName=${{ github.event.repository.name }} >>scripts/whitesource/agent.config
	echo $'\n'productName=Forge >>scripts/whitesource/agent.config
	bash ./scripts/whitesource/scan.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add scripts/whitesource files #2

Workflow file

add scripts/whitesource files #2

Jobs

Run details

Workflow file for this run