main.yml

name: Checkmarx One Scan
on:
  push:
    branches:
      - main
      - master
      - dev
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Checkmarx One CLI Action
        uses: checkmarx/ast-github-action@main #Github Action version
        with:
          project_name: ${{ github.repository }}
          cx_tenant: ${{ secrets.CX_TENANT }}
          base_uri: ${{ secrets.CX_BASE_URI }}
          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
          cx_client_secret: ${{ secrets.CX_SECRET }}
          #additional_params: --threshold "sast-medium=20; sast-high=10; sca-high=10" #set thresholds
          additional_params: --scan-types iac-security,sast,sca --report-format sarif --output-path .
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v2
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: cx_result.sarif