...
| Code Block |
|---|
name: Data Theorem SAST on: push: branches: [ "main" ] workflow_dispatch: jobs: scan: runs-on: ubuntu-latest container# Controls when the workflow will run, adapt to your own needs on: # Triggers the workflow on push or pull request events but only for the "main" branch push: branches: [ "main" ] image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest # Allows you to run env:this workflow manually from the Actions tab DT_SAST_API_KEYworkflow_dispatch: ${{ secrets.DT_RESULTS_API_KEY }} jobs: scan: steps: runs-on: ubuntu-latest - usescontainer: actions/checkout@v4 image: - name: Start Data Theorem SAST Scan us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest env: run: data_theorem_sast_analyzer scan --name=$GITHUB_REPOSITORY --repo-platform=GITHUB --repo-id=$GITHUB_REPOSITORY_ID --repo-html-url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" --repo-default-branch-name=${{ github.event.repository.default_branch }} --output-dir=$PWD # Optional step to make scan results available as a Github artifactDT_SAST_API_KEY: ${{ secrets.DT_SAST_API_KEY }} DT_SAST_REPOSITORY_NAME: ${{ github.event.repository.full_name }} DT_SAST_REPOSITORY_PLATFORM: GITHUB DT_SAST_REPOSITORY_ID: ${{ github.event.repository.id }} DT_SAST_REPOSITORY_HTML_URL: ${{ github.event.repository.html_url }} DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME: ${{ github.event.repository.default_branch }} DT_SAST_OUTPUT_DIR: ./ steps: - uses: actions/checkout@v4 - name: Start Data Theorem SAST Scan run: data_theorem_sast_analyzer scan ./ - uses: actions/upload-artifact@v4 with: name: dt-sast-scan-result path: ./scan-results-sarif.json |
...
| Code Block |
|---|
name: Data Theorem SAST # Controls when the workflow will run, adapt to your own needs on: # Triggers the workflow on push or pull request events but only for the "main" branch pull_request jobs: scan: runs-on: ubuntu-latest container: image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest env: DT_SAST_API_KEY: ${{ secrets.DT_SAST_API_KEY }} DT_SAST_REPOSITORY_NAME: ${{ github.event.repository.full_name }} DT_SAST_REPOSITORY_PLATFORM: GITHUB DT_SAST_REPOSITORY_ID: ${{ github.event.repository.id }} DT_SAST_REPOSITORY_HTML_URL: ${{ github.event.repository.html_url }} DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME: ${{ github.event.repository.default_branch }} DT_SAST_SCAN_HEAD_REF: "refs/remotes/origin/${{ github.head_ref }}" DT_SAST_SCAN_TARGET_REF: "refs/remotes/origin/${{ github.base_ref }}" DT_SAST_FAIL_MODE: true steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # IMPORTANT: Needed because by default, actions/checkout@v4 doesn't load the full git history/refs - name: Start Data Theorem SAST Scan run: data_theorem_sast_analyzer scan ./b |
Bitbucket pipeline example
...