Create checkmarx-sca-scan-on-pr.yml

CxMichaelF · web-flow · commit 1430be97acfa · 2021-08-11T09:42:48.000-07:00
diff --git a/.github/workflows/checkmarx-sca-scan-on-pr.yml b/.github/workflows/checkmarx-sca-scan-on-pr.yml
@@ -0,0 +1,40 @@
+# This workflow is to automate Checkmarx SCA scans.  It runs on a push to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_SCA_USERNAME
+#   - CHECKMARX_SCA_PASSWORD
+##
+# The following variables must be inserted below:
+#   - <ProjectName>
+#   - <SCATenant>
+#
+# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: Checkmarx SCA Scan (Pull Request)
+on:
+  pull_request:
+    types: [opened, reopened, synchronize] # Types specify which pull request events will trigger the workflow. For more events refer Github Actions documentation.
+    branches:
+    - master
+    - main
+    
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/checkmarx-cxflow-github-action@v1.1 # GitHub Action version
+      with:
+        project: MFCx_CxFlow_JavaVulnLab-01 # <-- Insert Checkmarx CxSCA Project Name
+        sca_api_url: https://api.scacheckmarx.com
+        sca_app_url: https://sca.scacheckmarx.com
+        sca_access_control_url: https://platform.checkmarx.net
+        sca_tenant: SCA-Champions  # <-- Insert Checkmarx CxSCA Tenant
+        sca_username: ${{ secrets.CHECKMARX_SCA_USERNAME }} # To be stored in GitHub Secrets.
+        sca_password: ${{ secrets.CHECKMARX_SCA_PASSWORD }} # To be stored in GitHub Secrets.
+        break_build: false
+        scanners: sca
+        bug_tracker: GITHUBPULL
+        params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.head_ref }} --merge-id=${{ github.event.number }}
