Initial Contrast Security GitHub app workflow file onboarding commit

contrast-security-sca[bot] · web-flow · commit bb6bbdeab022 · 2025-06-12T13:52:06.000Z
diff --git a/.github/workflows/contrast_security_app.yaml b/.github/workflows/contrast_security_app.yaml
@@ -0,0 +1,57 @@
+# DISCLAIMER: This workflow file has been auto-generated and committed to the repo by the GitHub App from Contrast Security.
+# Manual edits to this file could cause the integration to produce unexpected behavior or break.
+# Version: 1.0.1
+# Last updated: 2025-06-12T13:52:06.657445917Z
+name: Contrast Security App Workflow
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+jobs:
+  fingerprint_repo:
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+      - name: Run Contrast SCA Fingerprint
+        id: fingerprint
+        uses: Contrast-Security-OSS/contrast-sca-action@v3
+        with:
+          apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }}
+          authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }}
+          orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }}
+          apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }}
+          repoUrl: ${{ github.server_url }}/${{ github.repository }}
+          repoName: ${{ github.repository }}
+          externalId: ${{ vars.CONTRAST_GITHUB_APP_ID }}
+          command: fingerprint
+    outputs:
+      fingerprint: ${{ steps.fingerprint.outputs.fingerprint }}
+  analyze_dependencies:
+    if: ${{ needs.fingerprint_repo.outputs.fingerprint != '' }}
+    needs: fingerprint_repo
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        manifest:
+          - ${{ fromJson(needs.fingerprint_repo.outputs.fingerprint) }}
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+      - name: Run Contrast SCA Audit
+        uses: Contrast-Security-OSS/contrast-sca-action@v3
+        with:
+          apiKey: ${{ secrets.CONTRAST_GITHUB_APP_API_KEY }}
+          authHeader: ${{ secrets.CONTRAST_GITHUB_APP_AUTH_HEADER }}
+          orgId: ${{ vars.CONTRAST_GITHUB_APP_ORG_ID }}
+          apiUrl: ${{ vars.CONTRAST_GITHUB_APP_TS_URL }}
+          filePath: ${{ matrix.manifest.filePath }}
+          repositoryId: ${{ matrix.manifest.repositoryId }}
+          projectGroupId: ${{ matrix.manifest.projectGroupId }}
