chore: bump SAST to 0.0.46

lacework · Jul 6, 2023 · 09fc8a6 · 09fc8a6
1 parent 481c8dc
commit 09fc8a6
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -32,7 +32,7 @@ jobs:
  with:
  target: push
  tools: sca,sast
- classes: target
+ classpath: target/test-project-0.1.0.jar
  sources: ${{ github.workspace }}
  debug: true
  - name: Check run succeeded
@@ -61,7 +61,7 @@ jobs:
  exit 1
  fi
  export SAST_RESULTS=`jq '.runs | map (.results | length) | add' sast.sarif`
- expectedSastResults=2
+ expectedSastResults=1
  echo "Got $SAST_RESULTS from SAST"
  if [ "$SAST_RESULTS" != "$expectedSastResults" ]; then
  echo "::error::Expected to have $expectedSastResults SAST results!"

diff --git a/action.yaml b/action.yaml
@@ -2,8 +2,12 @@ name: 'lacework-code-security'
 description: "Scan code with Lacework's Code Security offering"
 author: 'Lacework'
 inputs:
+ classpath:
+ description: 'Specify the Java classpath'
+ required: false
+ default: '.'
  classes:
- description: 'Classes directory or JAR file to analyze'
+ description: 'Classes directory or JAR file to analyze (DEPRECATED)'
  required: false
  default: '.'
  sources:
@@ -54,7 +58,7 @@ runs:
  shell: bash
  run: |
  SCA_VERSION=0.0.50
- SAST_VERSION=0.0.45
+ SAST_VERSION=0.0.46
  curl https://raw.githubusercontent.com/lacework/go-sdk/main/cli/install.sh | bash
  echo "cache-key=$(date +'%Y-%m-%d')-$SCA_VERSION-$SAST_VERSION" >> $GITHUB_OUTPUT
  echo "sca-version=$SCA_VERSION" >> $GITHUB_OUTPUT
@@ -91,6 +95,7 @@ runs:
  - id: run-analysis
  uses: './../lacework-code-security'
  with:
+ classpath: '${{ inputs.classpath }}'
  classes: '${{ inputs.classes }}'
  sources: '${{ inputs.sources }}'
  target: '${{ inputs.target }}'

diff --git a/src/index.ts b/src/index.ts
@@ -18,6 +18,7 @@ async function runAnalysis() {
  const tools = (getInput('tools') || 'sca').toLowerCase().split(',')
  const indirectDeps = getInput('eval-indirect-dependencies')
  const toUpload: string[] = []
+ const classpath = getInput('classpath') || getOrDefault('classes', '.')
  if (tools.includes('sca')) {
  var args = [
  'sca',
@@ -47,8 +48,8 @@ async function runAnalysis() {
  'sast',
  'scan',
  '--save-results',
- '--classes',
- getOrDefault('classes', '.'),
+ '--classpath',
+ classpath,
  '--sources',
  getOrDefault('sources', '.'),
  '-o',