search

mxschmitt / action-tmate

Debug your GitHub Actions via SSH by using tmate to get access to the runner system itself.
https://mxschmitt.github.io/action-tmate/
MIT License
2.95k stars 289 forks source link

cmpl #191

Closed JMARRUJO91 closed 6 months ago

JMARRUJO91 commented 6 months ago

ty

dscho commented 6 months ago

Please use your own fork for practicing how to use GitHub.

JMARRUJO91 commented 6 months ago

name: Fortify on Demand Scan

TODO: Customize trigger events based on your DevSecOps processes and typical FoD SAST scan time

on: workflow_dispatch: push: branches: [ "master" ] schedule:

jobs: FoD-SAST-Scan:

Use the appropriate runner for building your source code.

# TODO: Use a Windows runner for .NET projects that use msbuild. Additional changes to RUN commands will be required to switch to Windows syntax.
runs-on: ubuntu-latest
permissions:
  actions: read
  contents: read
  security-events: write

steps:
  # Check out source code
  - name: Check Out Source Code
    uses: actions/checkout@v3

  # Java is required to run the various Fortify utilities.
  # When scanning a Java application, please use the appropriate Java version for building your application.
  - name: Setup Java
    uses: actions/setup-java@v3
    with:
      java-version: 8
      distribution: 'temurin'