Versions Compared

Version Old Version 22 New Version 23
Changes made by

Victor Wang

Victor Wang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
name: Data Theorem SAST

# Controls when the workflow will run, adapt to your own needs
on:
  # Triggers the workflow on push or pull request events but only for the "main" branch
  # Adapt triggers to your own needs
  push:
    branches: [ "main" ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  scan:
    continue-on-error: true
    timeout-minutes: 30
    runs-on: ubuntu-latest
    container:
      image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
      env:
        DT_SAST_API_KEY: ${{ secrets.DT_SAST_API_KEY }}
        DT_SAST_REPOSITORY_NAME: ${{ github.event.repository.full_name }}
        DT_SAST_REPOSITORY_PLATFORM: GITHUB
        DT_SAST_REPOSITORY_ID: ${{ github.event.repository.id }}
        DT_SAST_REPOSITORY_HTML_URL: ${{ github.event.repository.html_url }}
        DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME: ${{ github.event.repository.default_branch }}
        DT_SAST_OUTPUT_DIR: ./
    steps:
      - uses: actions/checkout@v4
      - name: Start Data Theorem SAST Scan
        run: data_theorem_sast_analyzer scan ./
      - uses: actions/upload-artifact@v4
        with:
          name: dt-sast-scan-result
          path: ./scan-results-sarif.json

...

Code Block
name: Data Theorem SAST

# Controls when the workflow will run, adapt to your own needs
on:
  # Triggers the workflow on push or pull request events but only for the "main" branch
  # Adapt triggers to your own needs
  pull_request

jobs:
  scan:
    continue-on-error: true
    timeout-minutes: 30
    runs-on: ubuntu-latest
    container:
      image: us-central1-docker.pkg.dev/prod-scandal-us/datatheorem-sast/datatheorem-sast:latest
      env: 
        DT_SAST_API_KEY: ${{ secrets.DT_SAST_API_KEY }}
        DT_SAST_REPOSITORY_NAME: ${{ github.event.repository.full_name }}
        DT_SAST_REPOSITORY_PLATFORM: GITHUB
        DT_SAST_REPOSITORY_ID: ${{ github.event.repository.id }}
        DT_SAST_REPOSITORY_HTML_URL: ${{ github.event.repository.html_url }}
        DT_SAST_REPOSITORY_DEFAULT_BRANCH_NAME: ${{ github.event.repository.default_branch }}
        DT_SAST_SCAN_HEAD_REF: "refs/remotes/origin/${{ github.head_ref }}"
        DT_SAST_SCAN_TARGET_REF: "refs/remotes/origin/${{ github.base_ref }}"
        DT_SAST_FAIL_MODE: true
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # IMPORTANT: Needed because by default, actions/checkout@v4 doesn't load the full git history/refs
      - name: Start Data Theorem SAST Scan
        run: data_theorem_sast_analyzer scan ./

...