Add .gitattributes (#901) #101

Workflow file for this run

.github/workflows/security-scan.yml at 43b48d3

	name: Security-Scan
	on:
	workflow_dispatch:
	push:
	branches:
	- development
	- sonarcloud_action
	jobs:
	sonarqube:
	name: SonarQube
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	- name: Extract version from package.json
	id: package_version
	run: \|
	VERSION=$(node -p "require('./package.json').version")
	echo "VERSION=$VERSION" >> $GITHUB_ENV
	echo "Extracted version: $VERSION"
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	config-file: ./.github/codeql/codeql-config.yml
	- name: CodeQL Scan
	uses: github/codeql-action/analyze@v3
	- name: Prepare SARIF Files
	run: \|
	results_dir=`realpath ${{ github.workspace }}/../results`
	workspace_path="${{ github.workspace }}"

	echo "SARIF files directory: $results_dir"
	echo "Workspace path: $workspace_path"
	echo "Available SARIF files:"
	ls -lh $results_dir/*.sarif

	# Fix file paths in SARIF files to be relative to workspace
	# This is necessary for SonarQube to correctly map issues to files
	for sarif_file in $results_dir/*.sarif; do
	if [ -f "$sarif_file" ]; then
	output_file="${sarif_file%.sarif}_processed.sarif"
	echo "Processing: $(basename $sarif_file)"

	python3 .github/scripts/fix_sarif_paths.py "$sarif_file" "$output_file" "$workspace_path"

	if [ $? -ne 0 ]; then
	echo "ERROR: Failed to process $sarif_file, using original"
	cp "$sarif_file" "$output_file"
	fi
	fi
	done

	# Use processed SARIF files for SonarQube
	sarif_list=$(find $results_dir -name '*_processed.sarif' \| tr '\n' ',' \| sed 's/,$//')

	echo "RESULTS_DIR=$results_dir" >> $GITHUB_ENV
	echo "SARIF_FILES=$sarif_list" >> $GITHUB_ENV

	echo ""
	echo "SARIF files for SonarQube:"
	echo "$sarif_list"
	- name: SonarQube Scan
	uses: SonarSource/sonarqube-scan-action@v6
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	with:
	projectBaseDir: .
	args: >
	-Dsonar.sarifReportPaths=${{ env.SARIF_FILES }}
	-Dsonar.projectVersion=${{ env.VERSION }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add .gitattributes (#901) #101

Workflow file

Add .gitattributes (#901) #101

Uh oh!

Workflow file for this run