From 79c0ad16707a8cfacfc4071f8134fe3c0de23ae4 Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 5 Jun 2021 00:21:48 +0200 Subject: [PATCH] Add Siftleft scan It seems [to cover](https://slscan.io/en/latest/#supported-languages-frameworks) PHP including license check in addition to dependency scanning. --- .github/workflows/shiftleft-analysis.yml | 35 ++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/shiftleft-analysis.yml diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml new file mode 100644 index 00000000..18d412a6 --- /dev/null +++ b/.github/workflows/shiftleft-analysis.yml @@ -0,0 +1,35 @@ +# This workflow integrates Scan with GitHub's code scanning feature +# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft +# Visit https://slscan.io/en/latest/integrations/code-scan for help +name: SL Scan + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '16 22 * * 4' + +jobs: + Scan-Build: + # Scan runs on ubuntu, mac and windows + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + # potentially add composer install steo here + - name: Perform Scan + uses: ShiftLeftSecurity/scan-action@master + env: + WORKSPACE: "" + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SCAN_AUTO_BUILD: true + with: + output: reports + # Scan auto-detects the languages. + + - name: Upload report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: reports