CxCE · cx-aslesha-nargolkar · Jun 17, 2025 · Jun 17, 2025 · Jun 18, 2025 · Jun 18, 2025
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,37 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Checkmarx Sarif Integration
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+    branches:
+      - master
+      - cx-aslesha-nargolkar-patch-1
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # This step checks out a copy of your repository.
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Checkmarx scan
+        uses: checkmarx/ast-github-action@main
+        with:
+          cx_client_id: ${{ secrets.OAUTH_CLIENT }}
+          cx_client_secret: ${{ secrets.OAUTH_SECRET }}
+          cx_tenant: 'aslesha-sedemo'
+          base_uri: https://eu-2.ast.checkmarx.net
+          additional_params: --report-format sarif --output-path .
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: cx_result.sarif