Merge pull request #52 from accuknox/pr-test

sast report to SaaS
accuknox · Nov 28, 2024 · 8c0f0bb · 8c0f0bb
2 parents 3b074c1 + e6b2f4f
commit 8c0f0bb
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/.github/workflows/sonarscan.yaml b/.github/workflows/sonarscan.yaml
@@ -0,0 +1,31 @@
+name: Push SonarQube scans to SaaS
+
+on:
+  push:
+    tags:
+    - "v[0-9]+.[0-9]+.[0-9]+"
+    - "v[0-9]+.[0-9]+.[0-9]+-*"
+    - "v*"
+
+env:
+  AK_URL: "https://cspm.accuknox.com"
+  AK_SAST_LABEL: "SAST"
+
+jobs:
+  scan-and-push:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: accuknox/common-gh-actions/actions/sonarqube@main
+      with:
+        token: ${{ secrets.SQ_TOKEN }}
+        qualityGateCheck: 'false'
+        args: >
+          -Dsonar.projectKey=accuknox-jobs
+          -Dsonar.sources=.
+        projectKey: accuknox-jobs
+        pushToSaas: true
+        ak_url: ${{ env.AK_URL }}
+        ak_tok: ${{ secrets.AK_PROD_ACCUKNOXTECH_TOKEN }}
+        tenant_id: ${{ secrets.AK_PROD_ACCUKNOXTECH_TENANT_ID }}
+        label: ${{ env.AK_SAST_LABEL }}