API caller for AquaSec full repository scan

.github/workflows/aquasec_repository_scan.yml

@@ -0,0 +1,79 @@
+name: AquaSec Full Repository Scan
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [ opened, synchronize ]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+  security-events: write
+
+jobs:
+  aquasec:
+    name: AquaSec Full Repository Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Retrieve AquaSec Scan Results
+        env:
+          AQUA_KEY: ${{ secrets.AQUA_KEY }}
+          AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
+        run: |
+          set -euo pipefail
+
+          echo "=== Authenticating with AquaSec ==="
+
+          METHOD="POST"
+          AUTH_ENDPOINT="https://eu-1.api.cloudsploit.com/v2/tokens"
+          TIMESTAMP=$(date -u +%s)
+          POST_BODY='{
+            "group_id": 1155,
+            "allowed_endpoints": ["GET", "POST"],
+            "validity": 240,
+            "csp_roles": ["developer", "devops"]
+          }'
+          STRING_TO_SIGN="${TIMESTAMP}${METHOD}/v2/tokens${POST_BODY}"
+          SIGNATURE=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -hmac "$AQUA_SECRET" -hex | sed 's/.*= //g')
+
+
+          AUTH_RESPONSE=$(curl -s -X "$METHOD" "$AUTH_ENDPOINT" \
+            -H "Content-Type: application/json" \
+            -H "X-API-Key: $AQUA_KEY" \
+            -H "X-Signature: $SIGNATURE" \
+            -H "X-Timestamp: $TIMESTAMP" \
+            -d "$POST_BODY")
+
+          RESPONSE_STATUS=$(echo "$AUTH_RESPONSE" | jq -r '.status')
+
+          if [ "$RESPONSE_STATUS" = "200" ]; then
+            echo "Login successful."
+            BEARER_TOKEN=$(echo "$AUTH_RESPONSE" | jq -r '.data')
+            echo "::add-mask::$BEARER_TOKEN"
+          else
+            echo "Login failed"
+            exit 1
+          fi
+
+          echo "=== Receiving AquaSec Scan Results ==="
+
+          SCAN_RESULTS_ENDPOINT="https://eu-central-1.edge.cloud.aquasec.com/codesec/api/v1/scans/results"
+          SCAN_RESULTS=$(curl -s -X GET \
+            "$SCAN_RESULTS_ENDPOINT?repositoryIds=${{ github.repository_id }} \
+            -H "Authorization: Bearer $BEARER_TOKEN" \
+            -H "Accept: application/json")
+
+          if [ -z "$SCAN_RESULTS" ]; then
+            echo "Failed to retrieve scan results"
+            exit 1
+          fi
+
+          echo "=== Scan Results ==="
+          echo "$SCAN_RESULTS" | jq '.'