...
| Code Block |
|---|
name: Data Theorem SAST
on:
push:
branches: [ "main" ]
workflow_dispatch:
jobs:
scan:
runs-on: ubuntu-latest
container:
image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
env:
DT_SAST_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}
steps:
- uses: actions/checkout@v4
- name: Start Data Theorem SAST Scan
run: python /app/main.pydata_theorem_sast_analyzer scan --name=$GITHUB_REPOSITORY --repo-platform=GITHUB --repo-id=$GITHUB_REPOSITORY_ID --repo-html-url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" --repo-default-branch-name=${{ github.event.repository.default_branch }} --output-dir=$PWD
# Optional step to make scan results available as a Github artifact
- uses: actions/upload-artifact@v4
with:
name: dt-sast-scan-result
path: ./scan-results-sarif.json |
...
| Code Block |
|---|
name: Data Theorem SAST
on:
pull_request
jobs:
scan:
runs-on: ubuntu-latest
container:
image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
env:
DT_SAST_API_KEY: ${{ secrets.DT_SAST_API_KEY }}
DT_SAST_REPOSITORY_NAME: ${{ github.event.repository.full_name }}
DT_SAST_REPOSITORY_PLATFORM: GITHUB
DT_SAST_REPOSITORY_ID: ${{ github.event.repository.id }}
DT_SAST_REPOSITORY_HTML_URL: ${{ github.event.repository.html_url }}
DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME: ${{ github.event.repository.default_branch }}
DT_SAST_SCAN_HEAD_REF: "refs/remotes/origin/${{ github.head_ref }}"
DT_SAST_SCAN_TARGET_REF: "refs/remotes/origin/${{ github.base_ref }}"
DT_SAST_FAIL_MODE: true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # IMPORTANT: Needed because by default, actions/checkout@v4 doesn't load the full git history/refs
- name: Start Data Theorem SAST Scan
run: python /app/main.pydata_theorem_sast_analyzer scan ./b |
Bitbucket pipeline example
...