Bump checkmarx/ast-github-action from 9fda4ab4c1b67c35de380552a972a82997d97731 to e3f1356c077fcb2ad2062ccc8c9f1631bae59128 #141
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cx-one-scan | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '00 5 * * *' # Every day at 05:00 | |
| jobs: | |
| cx-one-scan: | |
| name: cx-one-scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Checkmarx One CLI Action | |
| uses: checkmarx/ast-github-action@e3f1356c077fcb2ad2062ccc8c9f1631bae59128 # https://github.com/Checkmarx/ast-github-action/releases/tag/2.0.42 | |
| with: | |
| base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} | |
| cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} | |
| cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} | |
| cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} | |
| additional_params: --scan-types sast,iac-security,sca --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1" |