-
Notifications
You must be signed in to change notification settings - Fork 23
51 lines (50 loc) · 1.73 KB
/
42c-audit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
name: "42Crunch API Security Audit"
on:
workflow_dispatch:
push:
branches:
- main
paths:
- api-specifications/*
pull_request:
types: [opened, reopened]
jobs:
run_42c_audit:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for results upload to Github Code Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Audit API definition for security issues
uses: 42Crunch/api-security-audit-action-freemium@v1
with:
# Upload results to Github Code Scanning
# Set to false if you don't have Github Advanced Security enabled.
upload-to-code-scanning: true
log-level: info
sarif-report: 42Crunch_AuditReport_${{ github.run_id }}.SARIF
export-as-pdf: 42Crunch_AuditReport_${{ github.run_id }}.pdf
audit-reports-dir: ${{ github.workspace }}/reports
- name: save-sarif-report
if: always()
uses: actions/upload-artifact@v3
with:
name: 42Crunch_AuditReport_${{ github.run_id }}
path: 42Crunch_AuditReport_${{ github.run_id }}.SARIF
if-no-files-found: error
- name: save-pdf-report
if: always()
uses: actions/upload-artifact@v3
with:
name: 42Crunch_AuditReport_${{ github.run_id }}
path: 42Crunch_AuditReport_${{ github.run_id }}.pdf
if-no-files-found: error
- name: save-raw-reports
if: always()
uses: actions/upload-artifact@v3
with:
name: 42Crunch_AuditReport_${{ github.run_id }}
path: ${{ github.workspace }}/reports
if-no-files-found: error