laramies/theHarvester
1
1
Fork 0
mirror of https://github.com/laramies/theHarvester.git synced 2025-02-24 22:42:56 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #581 from laramies/shiftleft-action-config-1604350329

Browse source 
Add GitHub Action: ShiftLeft NextGen Static Analysis
This commit is contained in:
J.Townsend 2020-11-14 02:21:26 +00:00 committed by GitHub
commit 2278e4f5af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 48 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
.github/workflows/shiftleft.yml vendored Normal file
View file

@ -0,0 +1,48 @@
---
# This workflow integrates ShiftLeft NG SAST with GitHub
# Visit https://docs.shiftleft.io for help
name: ShiftLeft
on:
pull_request:
workflow_dispatch:
jobs:
NextGen-Static-Analysis:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Download ShiftLeft CLI
run: |
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: NextGen Static Analysis
run: ${GITHUB_WORKSPACE}/sl analyze --wait --app theHarvester --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd)
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
## Uncomment the following section to enable build rule checking and enforcing.
#Build-Rules:
#runs-on: ubuntu-latest
#needs: NextGen-Static-Analysis
#steps:
#- uses: actions/checkout@v2
#- name: Download ShiftLeft CLI
# run: |
# curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
#- name: Validate Build Rules
# run: ${GITHUB_WORKSPACE}/sl check-analysis --app theHarvester \
# --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \
# --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
# --report \
# --github-pr-number=${{github.event.number}} \
# --github-pr-user=${{ github.repository_owner }} \
# --github-pr-repo=${{ github.event.repository.name }} \
# --github-token=${{ secrets.GITHUB_TOKEN }}
# env:
#SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}