File tree Expand file tree Collapse file tree 1 file changed +28
-5
lines changed
Expand file tree Collapse file tree 1 file changed +28
-5
lines changed Original file line number Diff line number Diff line change 11name : CodeQL
22
3- on :
4- workflow_dispatch :
5- schedule :
6- # Run at the end of every Monday
7- - cron : ' 0 0 * * 1'
3+ on :
4+ push
85
96jobs :
107 analyze :
6865 uses : github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
6966 with :
7067 category : ' /language:${{matrix.config.language}}'
68+ output : sarif-output-${{ matrix.config.language }}.sarif
69+ - name : Filter SARIF Results
70+ run : |
71+ REPO_URL="https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/"
72+ jq --arg baseUrl "$REPO_URL" '.runs[].results[] |
73+ {
74+ ruleId: .ruleId,
75+ message: .message.text,
76+ url: "\($baseUrl)\(.locations[0].physicalLocation.artifactLocation.uri)#L\(.locations[0].physicalLocation.region.startLine)-L\(.locations[0].physicalLocation.region.endLine)"
77+ }' sarif-output-${{ matrix.config.language }}.sarif/${{ matrix.config.language }}.sarif > filtered-${{ matrix.config.language }}.json
78+ name : Display Filtered Results
79+ run : cat filtered-${{ matrix.config.language }}.json
80+ - name : Send Slack Notification
81+ env :
82+ SEC_BOT_SLACK_WEBHOOK : ${{ secrets.SEC_BOT_SLACK_WEBHOOK }}
83+ run : |
84+ # Format alerts into Slack-friendly text
85+ ALERTS=$(jq -r '. | "*Rule:* \(.ruleId)\n*Message:* \(.message)\n*URL:* \(.url)\n"' filtered-${{ matrix.config.language }}.json)
86+
87+ # Send the alerts as a Slack message
88+ curl -X POST -H "Authorization: Bearer $SEC_BOT_SLACK_WEBHOOK" \
89+ -H "Content-type: application/json" \
90+ --data '{
91+ "channel": "#a-new-private-channel-in-this-slack-org-for-kyle-and-feroz-to-test-some-security",
92+ "text": "Code Scanning Alerts for ${{ matrix.config.language }}:\n'"${ALERTS}"'"
93+ }' https://slack.com/api/chat.postMessage
You can’t perform that action at this time.
0 commit comments