--v2 build rules #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow integrates ShiftLeft NG SAST with GitHub | |
| # Visit https://docs.shiftleft.io for help | |
| name: ShiftLeft | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| push: | |
| # We recommend triggering a scan when merging to your default branch as a best practice, | |
| # especially if you'd like to compare the results of two scans (e.g., a feature branch against the | |
| # default branch) | |
| branches: | |
| - main | |
| - master | |
| jobs: | |
| NextGen-Static-Analysis: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Download ShiftLeft CLI | |
| run: | | |
| curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl | |
| # ShiftLeft requires Java 1.8. Post the package step override the version | |
| - name: Setup Java JDK | |
| uses: actions/[email protected] | |
| with: | |
| java-version: 1.8 | |
| - name: NextGen Static Analysis | |
| run: ${GITHUB_WORKSPACE}/sl analyze --app ShiftLeftJS --tag branch=${{ github.head_ref }} --js --cpg $(pwd) | |
| env: | |
| SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |