Custom adjacent servers: allow POSTs #33

Workflow file for this run

.github/workflows/security-scan.yml at dd48fb6

	name: Security-Scan
	on:
	workflow_dispatch:
	push:
	branches:
	- development
	- sonarcloud_action
	jobs:
	sonarqube:
	name: SonarQube
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	- name: Extract version from package.json
	id: package_version
	run: \|
	VERSION=$(node -p "require('./package.json').version")
	echo "VERSION=$VERSION" >> $GITHUB_ENV
	echo "Extracted version: $VERSION"
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	queries: security-and-quality, security-extended
	- name: CodeQL Scan
	uses: github/codeql-action/analyze@v3
	- name: Post-Process CodeQL
	run: \|
	python3 -m pip install nasa-scrub

	results_dir=`realpath ${{ github.workspace }}/../results`
	sarif_files=`find $results_dir -name '*.sarif'`

	for sarif_file in $sarif_files
	do
	output_file="$results_dir/$(basename $sarif_file .sarif)_stripped.sarif"

	python3 -m scrub.tools.parsers.translate_results $sarif_file $output_file ${{ github.workspace }} sarifv2.1.0
	done

	echo "RESULTS_DIR=$results_dir" >> $GITHUB_ENV
	echo "Results generated: "
	echo $results_dir

	# Create comma-separated list of SARIF files for SonarQube
	sarif_list=$(find $results_dir -name '*_stripped.sarif' \| tr '\n' ',' \| sed 's/,$//')
	echo "SARIF_FILES=$sarif_list" >> $GITHUB_ENV
	- name: SonarQube Scan
	uses: SonarSource/sonarqube-scan-action@v6
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	with:
	projectBaseDir: .
	args: >
	-Dsonar.sarifReportPaths=${{ env.SARIF_FILES }}
	-Dsonar.projectVersion=${{ env.VERSION }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Custom adjacent servers: allow POSTs #33

Workflow file

Custom adjacent servers: allow POSTs #33

Uh oh!

Workflow file for this run