microsoft
diff --git a/‎.github/workflows/official-build.yml‎
Lines changed: 49 additions & 0 deletions b/‎.github/workflows/official-build.yml‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎action.yml‎
Lines changed: 3 additions & 1 deletion b/‎action.yml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎lib/msdo-helpers.js‎
Lines changed: 2 additions & 0 deletions b/‎lib/msdo-helpers.js‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎lib/msdo.js‎
Lines changed: 51 additions & 44 deletions b/‎lib/msdo.js‎
Lines changed: 51 additions & 44 deletions
diff --git a/‎node_modules/.bin/uuid‎
Lines changed: 5 additions & 1 deletion b/‎node_modules/.bin/uuid‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎node_modules/.package-lock.json‎
Lines changed: 5 additions & 4 deletions b/‎node_modules/.package-lock.json‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎node_modules/@microsoft/security-devops-actions-toolkit/msdo-client.js‎
Lines changed: 15 additions & 12 deletions b/‎node_modules/@microsoft/security-devops-actions-toolkit/msdo-client.js‎
Lines changed: 15 additions & 12 deletions
diff --git a/‎node_modules/@microsoft/security-devops-actions-toolkit/package.json‎
Lines changed: 1 addition & 1 deletion b/‎node_modules/@microsoft/security-devops-actions-toolkit/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package-lock.json‎
Lines changed: 10 additions & 9 deletions b/‎package-lock.json‎
Lines changed: 10 additions & 9 deletions
@@ -0,0 +1,49 @@
+name: security-devops-action Official Build
+
+on:
+  pull_request:
+    branches:
+      - release/vNext
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Extract branch name
+      shell: bash
+      run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+      id: extract_branch
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v2
+      with:
+        node-version: '14'
+
+    - name: Configure npm to use GitHub Packages
+      run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
+
+    - name: Install dependencies
+      run: npm install
+
+    - name: Compile TypeScript
+      run: npm run build
+
+    - name: Commit compiled JavaScript
+      run: |
+        git config --global user.name 'github-actions[bot]'
+        git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+        git add lib/.
+        git commit -m 'Official Build: Compile TypeScript to JavaScript'
+        git push --force origin HEAD:${{ steps.extract_branch.outputs.branch }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -66,6 +66,7 @@ To only run specific analyzers, use the `tools` command. This command is a comma
 | [AntiMalware](https://www.microsoft.com/en-us/windows/comprehensive-security) | code, artifacts | - |
 | [Bandit](https://github.com/PyCQA/bandit) | python | [Apache License 2.0](https://github.com/PyCQA/bandit/blob/master/LICENSE) |
 | [BinSkim](https://github.com/Microsoft/binskim) | binary - Windows, ELF | [MIT License](https://github.com/microsoft/binskim/blob/main/LICENSE) |
+| [Checkov](https://github.com/bridgecrewio/checkov) | Infrastructure-as-code (IaC), Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Helm charts, Kustomize, Dockerfile, Serverless, Bicep, OpenAPI, ARM Templates, or OpenTofu  | [Apache License 2.0](https://github.com/bridgecrewio/checkov/blob/main/LICENSE) |
 | [ESlint](https://github.com/eslint/eslint) | JavaScript | [MIT License](https://github.com/eslint/eslint/blob/main/LICENSE) |
 | [Template Analyzer](https://github.com/Azure/template-analyzer) | Infrastructure-as-code (IaC), ARM templates, Bicep files | [MIT License](https://github.com/Azure/template-analyzer/blob/main/LICENSE.txt) |
 | [Terrascan](https://github.com/accurics/terrascan) | Infrastructure-as-code (IaC), Terraform (HCL2), Kubernetes (JSON/YAML), Helm v3, Kustomize, Dockerfiles, Cloudformation | [Apache License 2.0](https://github.com/accurics/terrascan/blob/master/LICENSE) |
 
@@ -20,11 +20,13 @@ inputs:
     description: A comma separated list of analyzer to run. Example bandit, binskim, container-mapping, eslint, templateanalyzer, terrascan, trivy.
   includeTools:
     description: Deprecated
+  existingFilename:
+    description: A SARIF filename that already exists. If it does, then the normal run will not take place and the file will instead be uploaded to MSDO backend.
 outputs:
   sarifFile:
     description: A file path to a SARIF results file.
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'lib/main.js'
   pre: 'lib/pre.js'
   post: 'lib/post.js'
@@ -14,6 +14,7 @@ var Inputs;
     Inputs["Languages"] = "languages";
     Inputs["Tools"] = "tools";
     Inputs["IncludeTools"] = "includeTools";
+    Inputs["ExistingFilename"] = "existingFilename";
 })(Inputs || (exports.Inputs = Inputs = {}));
 var RunnerType;
 (function (RunnerType) {
@@ -25,6 +26,7 @@ var Tools;
 (function (Tools) {
     Tools["Bandit"] = "bandit";
     Tools["Binskim"] = "binskim";
+    Tools["Checkov"] = "checkov";
     Tools["ContainerMapping"] = "container-mapping";
     Tools["ESLint"] = "eslint";
     Tools["TemplateAnalyzer"] = "templateanalyzer";
 
@@ -52,59 +52,66 @@ class MicrosoftSecurityDevOps {
     runMain() {
         return __awaiter(this, void 0, void 0, function* () {
             core.debug('MicrosoftSecurityDevOps.runMain - Running MSDO...');
-            let args = ['run'];
-            let config = core.getInput('config');
-            if (!common.isNullOrWhiteSpace(config)) {
-                args.push('-c');
-                args.push(config);
+            let args = undefined;
+            let existingFilename = core.getInput('existingFilename');
+            if (!common.isNullOrWhiteSpace(existingFilename)) {
+                args = ['upload', '--file', existingFilename];
             }
-            let policy = core.getInput('policy');
-            if (common.isNullOrWhiteSpace(policy)) {
-                policy = "GitHub";
-            }
-            args.push('-p');
-            args.push(policy);
-            let categoriesString = core.getInput('categories');
-            if (!common.isNullOrWhiteSpace(categoriesString)) {
-                args.push('--categories');
-                let categories = categoriesString.split(',');
-                for (let i = 0; i < categories.length; i++) {
-                    let category = categories[i];
-                    if (!common.isNullOrWhiteSpace(category)) {
-                        args.push(category.trim());
+            else {
+                args = ['run'];
+                let config = core.getInput('config');
+                if (!common.isNullOrWhiteSpace(config)) {
+                    args.push('-c');
+                    args.push(config);
+                }
+                let policy = core.getInput('policy');
+                if (common.isNullOrWhiteSpace(policy)) {
+                    policy = "GitHub";
+                }
+                args.push('-p');
+                args.push(policy);
+                let categoriesString = core.getInput('categories');
+                if (!common.isNullOrWhiteSpace(categoriesString)) {
+                    args.push('--categories');
+                    let categories = categoriesString.split(',');
+                    for (let i = 0; i < categories.length; i++) {
+                        let category = categories[i];
+                        if (!common.isNullOrWhiteSpace(category)) {
+                            args.push(category.trim());
+                        }
                     }
                 }
-            }
-            let languagesString = core.getInput('languages');
-            if (!common.isNullOrWhiteSpace(languagesString)) {
-                args.push('--languages');
-                let languages = languagesString.split(',');
-                for (let i = 0; i < languages.length; i++) {
-                    let language = languages[i];
-                    if (!common.isNullOrWhiteSpace(language)) {
-                        args.push(language.trim());
+                let languagesString = core.getInput('languages');
+                if (!common.isNullOrWhiteSpace(languagesString)) {
+                    args.push('--languages');
+                    let languages = languagesString.split(',');
+                    for (let i = 0; i < languages.length; i++) {
+                        let language = languages[i];
+                        if (!common.isNullOrWhiteSpace(language)) {
+                            args.push(language.trim());
+                        }
                     }
                 }
-            }
-            let toolsString = core.getInput('tools');
-            let includedTools = [];
-            if (!common.isNullOrWhiteSpace(toolsString)) {
-                let tools = toolsString.split(',');
-                for (let i = 0; i < tools.length; i++) {
-                    let tool = tools[i];
-                    let toolTrimmed = tool.trim();
-                    if (!common.isNullOrWhiteSpace(tool)
-                        && tool != msdo_helpers_1.Tools.ContainerMapping
-                        && includedTools.indexOf(toolTrimmed) == -1) {
-                        if (includedTools.length == 0) {
-                            args.push('--tool');
+                let toolsString = core.getInput('tools');
+                let includedTools = [];
+                if (!common.isNullOrWhiteSpace(toolsString)) {
+                    let tools = toolsString.split(',');
+                    for (let i = 0; i < tools.length; i++) {
+                        let tool = tools[i];
+                        let toolTrimmed = tool.trim();
+                        if (!common.isNullOrWhiteSpace(tool)
+                            && tool != msdo_helpers_1.Tools.ContainerMapping
+                            && includedTools.indexOf(toolTrimmed) == -1) {
+                            if (includedTools.length == 0) {
+                                args.push('--tool');
+                            }
+                            args.push(toolTrimmed);
+                            includedTools.push(toolTrimmed);
                         }
-                        args.push(toolTrimmed);
-                        includedTools.push(toolTrimmed);
                     }
                 }
+                args.push('--github');
             }
-            args.push('--github');
             yield client.run(args, 'microsoft/security-devops-action');
         });
     }