Update README.md to include our own GitHub Action (#28)

fproulx-boostsecurity · becojo · web-flow · commit 51c783933bc3 · 2024-04-15T11:29:57.000-07:00
* Update README.md to include our own GitHub Action

Signed-off-by: François Proulx &lt;76956526+fproulx-boostsecurity@users.noreply.github.com&gt;

* Update README.md

Co-authored-by: Becojo &lt;Becojo@users.noreply.github.com&gt;
Signed-off-by: François Proulx &lt;76956526+fproulx-boostsecurity@users.noreply.github.com&gt;

---------

Signed-off-by: François Proulx &lt;76956526+fproulx-boostsecurity@users.noreply.github.com&gt;
Co-authored-by: Becojo &lt;Becojo@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -40,6 +40,27 @@ brew install boostsecurityio/tap/poutine
 docker run -e GH_TOKEN ghcr.io/boostsecurityio/poutine:latest
 ```
 
+#### GitHub Actions
+```yaml
+...
+jobs:
+  poutine:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      contents: read
+    steps:
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+#################################################################################################
+    - name: poutine - GitHub Actions SAST
+      uses: boostsecurityio/poutine-action@main # We recommend to use a tagged version and pin it
+#################################################################################################
+    - name: Upload poutine SARIF file
+      uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+      with:
+        sarif_file: results.sarif
+```
+
 ### Usage
 ``` bash
 poutine [options] [command] [arguments]
