Skip to content
/ appscan-codesweep-action Public
forked from HCL-TECH-SOFTWARE/appscan-codesweep-action

Integrate static security testing with HCL AppScan CodeSweep with Github.

License

Apache-2.0 license
0 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mrriteshranjan/appscan-codesweep-action

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
img
img
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
NOTICE.txt
NOTICE.txt
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

Coming Soon...

HCL AppScan CodeSweep Github Action

Your GitHub code is better and more secure with HCL AppScan CodeSweep for GitHub. For free.

The HCL AppScan CodeSweep for GitHub extension enables you to check your code on every pull request. Run as a GitHub action, the extension identifies vulnerabilities in changed code with every update. But more than just identifying issues, the HCL AppScan CodeSweep for GitHub extension tells you what you need to know to mitigate issues — before they make it to the main branch.

Usage

Register

Register on HCL AppScan on Cloud (ASoC) to generate your API key/secret.

Setup

  1. After logging into ASoC, go to the API page to generate your API key/secret pair. These must be used in the asoc_key and asoc_secret parameters for the action. It's recommended to store them as secrets in your repository. adingkeys_animation
  2. Add the following file to your repository under .github/workflows/main.yml or add to an existing workflow file:
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v1
      - name: Run AppScan CodeSweep
        uses: HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
        with:
          asoc_key: ${{secrets.ASOC_KEY}}
          asoc_secret: ${{secrets.ASOC_SECRET}}
    env: 
      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Note If you use checkout@v2 you must set fetch-depth to 0. For example:

uses: actions/checkout@v2
with:
  fetch-depth: 0

Optional Parameters

  • status - The status of the checks if any security issues are found. Must be one of 'action_required', 'failure', or 'neutral'. The default is neutral. For example:
with:
  status: failure

Examples

Annotations are added to the diff view, showing any vulnerable lines of code and a checkrun is added to provide additional details, including good and bad code samples and mitigation information. annotation_screenshot

Supported Languages

The HCL AppScan CodeSweep action supports scanning the following languages/dialects:

Languages
Android-Java Objective-C/Objective-C++
Angular PHP
Apex PL/SQL
C C++
Cobol Perl
ColdFusion Python
Dart React
Golang React Native
Groovy Ruby
Ionic Scala
Java Swift
JavaScript T-SQL
JQuery TypeScript
Kotlin VueJS
MooTools .Net (C#, VB.NET, ASP.Net)
NodeJS Xamarin

Join the community

Use the CodeSweep slack channel to report any feedback or ask general questions about the HCL AppScan CodeSweep action.

About

Integrate static security testing with HCL AppScan CodeSweep with Github.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published