nowpayments-api-php
54 строки · 2.4 Кб
1# This workflow uses actions that are not certified by GitHub.
2# They are provided by a third-party and are governed by
3# separate terms of service, privacy policy, and support
4# documentation.
5
6# This is a basic workflow to help you get started with Using Checkmarx CxFlow Action
7
8name: CxFlow9
10on:11push:12branches: [ main ]13pull_request:14# The branches below must be a subset of the branches above15branches: [ main ]16schedule:17- cron: '30 21 * * 4'18
19# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
20permissions:21contents: read22
23jobs:24# This workflow contains a single job called "build"25build:26# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action27permissions:28contents: read # for actions/checkout to fetch code29issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues30pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR31security-events: write # for github/codeql-action/upload-sarif to upload SARIF results32runs-on: ubuntu-latest33
34# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)35steps:36# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it37- uses: actions/checkout@v238# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs39- name: Checkmarx CxFlow Action40uses: checkmarx-ts/checkmarx-cxflow-github-action@9975af7d6b957abec9ee9646effa3fb3b82c531441with:42project: ${{ secrets.CHECKMARX_PROJECT }}43team: ${{ secrets.CHECKMARX_TEAMS }}44checkmarx_url: ${{ secrets.CHECKMARX_URL }}45checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}46checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}47checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}48scanners: sast49params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory50# Upload the Report for CodeQL/Security Alerts51- name: Upload SARIF file52uses: github/codeql-action/upload-sarif@v153with:54sarif_file: cx.sarif55