From 42957207700cfae6770ec260698bc5743413ac10 Mon Sep 17 00:00:00 2001
From: Dmitry Galenko <dmitry@galenko.su>
Date: Sun, 20 Nov 2022 13:50:38 +0100
Subject: [PATCH] Add flawfinder for cover C++ codebase

---
 .github/workflows/sast_flawfinder_full.yml | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .github/workflows/sast_flawfinder_full.yml

diff --git a/.github/workflows/sast_flawfinder_full.yml b/.github/workflows/sast_flawfinder_full.yml
new file mode 100644
index 000000000..a6337ffa6
--- /dev/null
+++ b/.github/workflows/sast_flawfinder_full.yml
@@ -0,0 +1,40 @@
+---
+name: Flawfinder Full Scan
+
+on:
+  workflow_dispatch:
+    branches:
+      - master
+  schedule:
+    - cron:  '0 1 * * 6'
+
+jobs:
+  flawfinder:
+      runs-on: ubuntu-latest
+      name: Flawfinder
+
+      steps:
+        # step 1
+        - name: clone application source code
+          uses: actions/checkout@v3
+
+        # step 2
+        - name: flawfinder_scan
+          uses: david-a-wheeler/flawfinder@2.0.19
+          with:
+            arguments: '--sarif ./'
+            output: 'flawfinder_report.sarif'
+
+        # step 3
+        - name: save report as pipeline artifact
+          uses: actions/upload-artifact@v3
+          with:
+            name: flawfinder_report.sarif
+            path: flawfinder_report.sarif
+
+        # step 4
+        - name: publish code scanning alerts
+          uses: github/codeql-action/upload-sarif@v2
+          with:
+            sarif_file: flawfinder_report.sarif
+            category: flawfinder