Skip to content

return reults

return reults #28

name: semgrep-sast-scan-and-import-to-defectdojo
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions:
contents: read
id-token: write
jobs:
semgrep-sast-scan-to-defectdojo:
name: semgrep sast scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- name: checkout
uses: actions/checkout@v3
- name: semgrep scan
run: |
mkdir -p semgrep/results
semgrep --config auto --json --output=semgrep/results/semgrep.json
- name: import scan results into defectdojo
run: |
curl -X POST "${{ secrets.defectdojo_url }}/api/v2/import-scan/" \
-H "accept: application/json" \
-H "Content-Type: multipart/form-data" \
-H "Authorization: Token ${{ secrets.defectdojo_token }}" \
-F "scan_date=$(date +'%Y-%m-%d')" \
-F "scan_type=Semgrep JSON Report" \
-F "file=@semgrep/results/semgrep.json;type=application/json" \
-F "tags=github_actions,ci" \
-F "auto_create_context=true" \
-F "engagement_name=pygoat_ci_scan" \
-F "product_name=pygoat_demo" \
-F "product_type_name=typical_app" \
-F "source_code_management_uri=${{ github.server_url }}/${{ github.repository }}" \
-F "branch_tag=${{ github.ref }}" \
-F "commit_hash=${{ github.sha }}" \
-F "close_old_findings=true"
- name: Fix DefectDojo Findings with Pixeebot
uses: pixee/upload-tool-results-action@7f74e9c0fef01adaaaafb20a4489c2ed6c6e3029
with:
tool: defectdojo
defectdojo-token: ${{ secrets.DEFECTDOJO_TOKEN }}
defectdojo-api-url: ${{ secrets.DEFECTDOJO_URL }}
defectdojo-product-name: pygoat_demo