Skip to content

essentials-examples\feat(back): #1 example pr #3

essentials-examples\feat(back): #1 example pr

essentials-examples\feat(back): #1 example pr #3

Workflow file for this run

name: Security Scans
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
sast:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # required for differential scanning
- uses: fluidattacks/sast-action@main
id: scan
with:
scan_config_path: .github/.fluidattacks.yaml
scanner_mode: diff
- name: Upload SAST results
if: always()
uses: actions/upload-artifact@v4
with:
name: sast-results
path: fluidattacks-results.sarif
if-no-files-found: warn
sca-scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- uses: fluidattacks/sca-action@main
id: scan
with:
scan_config_path: .github/.fluidattacks.yaml
scanner_mode: full
- name: Fail if vulnerabilities found
if: steps.scan.outputs.vulnerabilities_found == 'true'
run: exit 1
dast-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: fluidattacks/dast-action@main
id: scan
with:
scan_config_path: .github/.fluidattacks.yaml
- name: Fail if vulnerabilities found
if: steps.scan.outputs.vulnerabilities_found == 'true'
run: exit 1
secret-scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- uses: fluidattacks/secret-scan-action@main
id: scan
with:
scan_config_path: .github/.fluidattacks.yaml