sast.yaml

name: SAST (Static Application Security Testing)

on:
  push:
    branches: [master]
  pull_request:
    branches: [master]

jobs:
  polaris:
    name: polaris / code-scan
    continue-on-error: true
    runs-on: ubuntu-latest
    if: endsWith(github.actor, '[bot]') == false
    steps:
      - name: Clone repo
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Synopsys Polaris
        uses: contentful/polaris-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          polaris_url: ${{ secrets.POLARIS_SERVER_URL }}
          polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
          polaris_command: analyze -w --coverity-ignore-capture-failure
          security_gate_filters: '{ "severity": ["High", "Medium"] }'
          fail_on_error: false
          report_url: "https://github.com/contentful/security-tools-config/issues/new?title=False%20positive%20in%20Polaris"