Add flawfinder for cover C++ codebase

2025-08-10 15:37:17 +00:00 · 2022-11-20 13:50:38 +01:00 · 2022-11-20 13:50:38 +01:00 · 4295720770
commit 4295720770
parent 08c69c09c8
1 changed files with 40 additions and 0 deletions
--- a/.github/workflows/sast_flawfinder_full.yml
+++ b/.github/workflows/sast_flawfinder_full.yml
@ -0,0 +1,40 @@
+---
+name: Flawfinder Full Scan
+
+on:
+  workflow_dispatch:
+    branches:
+      - master
+  schedule:
+    - cron:  '0 1 * * 6'
+
+jobs:
+  flawfinder:
+      runs-on: ubuntu-latest
+      name: Flawfinder
+
+      steps:
+        # step 1
+        - name: clone application source code
+          uses: actions/checkout@v3
+
+        # step 2
+        - name: flawfinder_scan
+          uses: david-a-wheeler/flawfinder@2.0.19
+          with:
+            arguments: '--sarif ./'
+            output: 'flawfinder_report.sarif'
+
+        # step 3
+        - name: save report as pipeline artifact
+          uses: actions/upload-artifact@v3
+          with:
+            name: flawfinder_report.sarif
+            path: flawfinder_report.sarif
+
+        # step 4
+        - name: publish code scanning alerts
+          uses: github/codeql-action/upload-sarif@v2
+          with:
+            sarif_file: flawfinder_report.sarif
+            category: flawfinder