Merge pull request #125 from kube-tarian/reviewpad/configure #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # | |
| # SOOS is the easy-to-integrate software security solution for your whole team, learn more at https://soos.io/ | |
| # | |
| # To use this action you need to fill the following requirements: | |
| # | |
| # 1. Create an account on https://app.soos.io to obtain a Client ID and API Key (Free 30 days trials for both our SCA/DAST product). | |
| # | |
| # 2. Set up your API KEY/Client ID as Github Secrets named SOOS_CLIENT_ID & SOOS_API_KEY. (Also set SOOS_GITHUB_PAT with your Github Personal Access Token if you're going to use sarif upload) | |
| # | |
| name: "SOOS DAST Scan" | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| jobs: | |
| soos: | |
| permissions: | |
| security-events: write # for uploading code scanning alert info | |
| actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | |
| name: SOOS DAST Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Run SOOS DAST Scan | |
| uses: soos-io/soos-dast-github-action@b524e2cfbc4f4a5733153a7e624f569913f6c6e9 | |
| with: | |
| client_id: ${{ secrets.SOOS_CLIENT_ID }} | |
| api_key: ${{ secrets.SOOS_API_KEY }} | |
| project_name: "<YOUR-PROJECT-NAME>" | |
| scan_mode: "baseline" | |
| target_url: "https://www.example.com/" | |
| output_format: "sarif" | |
| - name: Upload SOOS DAST SARIF Report | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: results.sarif | |