fix(action): rewrite GitHub Action as composite with pip installation #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example workflow showing how to use Code-Pathfinder GitHub Action | |
| # Copy this to your repository at .github/workflows/security-scan.yml | |
| # | |
| # NOTE: This workflow uses './' to test the action from the current branch. | |
| # In your own repository, replace './' with 'shivasurya/[email protected]' | |
| # or 'shivasurya/code-pathfinder@main' for the latest version. | |
| name: Security Scan | |
| on: | |
| push: | |
| branches: [main, master] | |
| pull_request: | |
| branches: [main, master] | |
| # Required for uploading SARIF results to GitHub Code Scanning | |
| permissions: | |
| security-events: write | |
| contents: read | |
| jobs: | |
| # Example 1: Scan with remote Python rulesets | |
| python-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Python Security Scan | |
| uses: ./ | |
| with: | |
| ruleset: python/deserialization, python/django, python/flask | |
| project: . | |
| fail-on: critical,high | |
| - name: Upload SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: pathfinder-results.sarif | |
| # Example 2: Scan with remote Docker rulesets | |
| docker-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Docker Security Scan | |
| uses: ./ | |
| with: | |
| ruleset: docker/security, docker/best-practice | |
| project: . | |
| output-file: docker-results.sarif | |
| - name: Upload SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: docker-results.sarif | |
| # Example 3: Scan with local rules file | |
| custom-rules-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Custom Rules Scan | |
| uses: ./ | |
| with: | |
| rules: python-sdk/examples/owasp_top10.py | |
| project: . | |
| verbose: true | |
| output-file: custom-results.sarif | |
| - name: Upload SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: custom-results.sarif |