Skip to content

Merge pull request #42 from hassaku63/fix-setup #6

Merge pull request #42 from hassaku63/fix-setup

Merge pull request #42 from hassaku63/fix-setup #6

name: CodeGuru Security
on:
push:
branches:
- 'master'
- 'main'
permissions:
id-token: write
# for writing security events.
security-events: write
# only required for workflows in private repositories
# actions: read
# contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Respository
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
aws-region: ${{ secrets.AWS_REGION }}
- name: CodeGuru Security
uses: aws-actions/codeguru-security@v1
with:
source_path: .
aws_region: ${{ secrets.AWS_REGION }}
fail_on_severity: Critical
- name: Print findings
run: |
ls -l
cat codeguru-security-results.sarif.json
# If you want content in security scanning, you’ll need to enable codescanning by going into github.
# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository
- name: Upload result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: codeguru-security-results.sarif.json