ci: switch to checkmarx one scans #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is to automate Checkmarx SAST scans. It runs on a push to the main branch. | |
| # | |
| # The following GitHub Secrets must be first defined: | |
| # - CHECKMARX_URL | |
| # - CHECKMARX_USER | |
| # - CHECKMARX_PASSWORD | |
| # - CHECKMARX_CLIENT_SECRET | |
| # | |
| # For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action | |
| name: Security Scans | |
| on: | |
| push: | |
| branches: | |
| - v2-master | |
| - v2-develop | |
| - test-whitesource | |
| - test-cx-scan | |
| - test-gha-security | |
| jobs: | |
| Checkmarx_One: | |
| name: Checkmarx One | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Checkmarx AST Github Action | |
| uses: Checkmarx/[email protected] | |
| with: | |
| base_uri: ${{ vars.CHECKMARX_ONE_BASE_URI}} | |
| cx_tenant: ${{ vars.CHECKMARX_ONE_TENANT }} | |
| cx_client_id: ${{ vars.CHECKMARX_ONE_CLIENT_ID}} | |
| cx_client_secret: ${{ secrets.CHECKMARX_ONE_CLIENT_SECRET }} | |
| project_name: ${{ github.event.repository.name }} | |
| additional_params: --sast-preset-name "BlackbaudSAST" --project-groups "Everfi" |