Example: GitHub Issues - checkmarx-ts/checkmarx-cxflow-plusplus-github-action GitHub Wiki
The default push feedback channel is GitHub Code Scanning security that is fed via a Sarif file output. This example show how to use GitHub Issues instead of GitHub Code Scanning security.
This example is configured for the following:
- Performs SAST and SCA scans on push to branch
masteror pull-request targetingmaster. - Runs SCA Resolver on the GitHub hosted runner ubuntu-latest.
- Writes scan summaries to pull requests.
- Creates issues in the GitHub Issues tab on push to the
masterbranch.
name: SDLC Workflow with CxFlow++
on:
push:
branches: master
pull_request:
branches: master
jobs:
checkmarx-scan:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Fetch Code
uses: actions/checkout@v4
- name: Execute Scan
uses: checkmarx-ts/checkmarx-cxflow-plusplus-github-action@v2
with:
sast-url: ${{ vars.CX_SAST_URL }}
sast-username: ${{ secrets.CX_SAST_USERNAME }}
sast-password: ${{ secrets.CX_SAST_PASSWORD }}
sca-tenant: ${{ secrets.CX_SCA_TENANT }}
sca-username: ${{ secrets.CX_SCA_USERNAME }}
sca-password: ${{ secrets.CX_SCA_PASSWORD }}
push-feedback-channel: GitHub