8484 # - name: Stop Docker container
8585 # run: docker-compose down
8686
87- # -- SEMGREP -- --------------------------------------------------------------
87+ # -- SAST SCAN --------------------------------------------------------------
8888 code-security :
8989 runs-on : ubuntu-latest
9090 needs : tests
@@ -95,13 +95,18 @@ jobs:
9595 - name : Checkout
9696 uses : actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3
9797
98- - name : Semgrep SAST Scan
99- uses : returntocorp/semgrep-action@v1
98+ - name : Perform Scan
99+ uses : ShiftLeftSecurity/scan-action@master
100+
101+ env :
102+ WORKSPACE : https://github.com/${{ github.repository }}/blob/${{ github.sha }}
103+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
104+ SCAN_ANNOTATE_PR : true
105+
106+ - uses : actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
100107 with :
101- config : >-
102- p/security-audit
103- p/secrets
104- auditOn : push
108+ name : reports
109+ path : reports
105110
106111 # -- RELEASE ----------------------------------------------------------------
107112 release :
@@ -134,8 +139,7 @@ jobs:
134139 id : meta
135140 uses : docker/metadata-action@e5622373a38e60fb6d795a4421e56882f2d7a681 # tag=v3.6.2
136141 with :
137- images : |
138- timoa/app-stores-prometheus-exporter
142+ images : ${{ github.repository }}
139143 tags : |
140144 type=schedule
141145 type=ref,event=branch
@@ -144,6 +148,7 @@ jobs:
144148 type=semver,pattern={{major}}.{{minor}}
145149 type=semver,pattern={{major}}
146150 type=sha
151+ type=raw,value=latest
147152
148153name : Set up QEMU
149154 uses : docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # tag=v1.2.0
@@ -156,8 +161,8 @@ jobs:
156161 with :
157162 username : ${{ secrets.DOCKER_USERNAME }}
158163 password : ${{ secrets.DOCKER_PASSWORD }}
159- -
160- name : Build and push
164+
165+ - name : Build and push
161166 uses : docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # tag=v2.10.0
162167 with :
163168 context : .
0 commit comments