From 87fab5c782c02e9e0ac6a409c47dca8345a3046d Mon Sep 17 00:00:00 2001 From: James Struga Date: Fri, 11 Mar 2022 12:30:52 -0500 Subject: [PATCH 01/14] Create cppcheck.yml --- .github/workflows/cppcheck.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/cppcheck.yml diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml new file mode 100644 index 000000000..849931b72 --- /dev/null +++ b/.github/workflows/cppcheck.yml @@ -0,0 +1,22 @@ +name: cppcheck-action-test +on: [push] + +jobs: + build: + name: cppcheck-test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: cppcheck + uses: deep5050/cppcheck-action@main + with: + github_token: ${{ secrets.GITHUB_TOKEN}} + force: enable + + + - name: publish report + uses: mikeal/publish-to-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRANCH_NAME: 'v2.x/staging' From 50313b0136940a9bc3caa0e3fc64868210a8833b Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 12:01:45 -0400 Subject: [PATCH 02/14] added logging Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index 849931b72..56918101b 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -14,9 +14,14 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN}} force: enable - - - name: publish report - uses: mikeal/publish-to-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - BRANCH_NAME: 'v2.x/staging' + - name: ls + run: | + ls /home/runner/work/zowe-common-c/zowe-common-c/ + echo "new" + ls /home/runner/work/zowe-common-c/ + + - name: upload to artifact + uses: actions/upload-artifact@v3 + with: + name: my-artifact + path: /home/runner/work/zowe-common-c/zowe-common-c/cppcheck_report.txt From 6b3ea4ad42eec46a7c09ee3994df996fe63ec34e Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 12:08:38 -0400 Subject: [PATCH 03/14] fix upload Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index 56918101b..7199fb8b7 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -14,14 +14,10 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN}} force: enable - - name: ls + - name: upload to artifactory run: | - ls /home/runner/work/zowe-common-c/zowe-common-c/ - echo "new" - ls /home/runner/work/zowe-common-c/ + ls /home/runner/work/zowe-common-c/zowe-common-c/ + TIMESTAMP=`date +%Y%m%d.%H%M%S` + mv cppcheck_report.txt cppcheck_report_${TIMESTAMP}.txt + jfrog rt u cppcheck_report_${TIMESTAMP}.txt libs-snapshot-local/org/zowe/zlux/zowe-common-c/scan/cppcheck_report_${TIMESTAMP}.txt - - name: upload to artifact - uses: actions/upload-artifact@v3 - with: - name: my-artifact - path: /home/runner/work/zowe-common-c/zowe-common-c/cppcheck_report.txt From f24b1cd72b1ecd211226cc5a344e98479d05ced0 Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 12:10:50 -0400 Subject: [PATCH 04/14] add jfrog Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index 7199fb8b7..84419aef0 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -7,6 +7,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + + - name: '[Prep 2] Setup jFrog CLI' + uses: jfrog/setup-jfrog-cli@v2 + env: + JF_ARTIFACTORY_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }} - name: cppcheck uses: deep5050/cppcheck-action@main From c3265ae5ab31c801fc8557a45db862822d319736 Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 13:39:42 -0400 Subject: [PATCH 05/14] revert changes Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index 84419aef0..589b06389 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -1,5 +1,12 @@ name: cppcheck-action-test -on: [push] +on: + push: + branches: + - v1.x/staging + - master + - rc + pull_request: + types: [opened, reopened, synchronize] jobs: build: @@ -13,16 +20,9 @@ jobs: env: JF_ARTIFACTORY_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }} - - name: cppcheck - uses: deep5050/cppcheck-action@main + - name: upload artifact + uses: actions/upload-artifact@v3 with: - github_token: ${{ secrets.GITHUB_TOKEN}} - force: enable - - - name: upload to artifactory - run: | - ls /home/runner/work/zowe-common-c/zowe-common-c/ - TIMESTAMP=`date +%Y%m%d.%H%M%S` - mv cppcheck_report.txt cppcheck_report_${TIMESTAMP}.txt - jfrog rt u cppcheck_report_${TIMESTAMP}.txt libs-snapshot-local/org/zowe/zlux/zowe-common-c/scan/cppcheck_report_${TIMESTAMP}.txt + name: cppcheck_report.txt + path: /home/runner/work/zowe-common-c/zowe-common-c/cppcheck_report.txt From c8ce8f177e5f877cd42a989527a4dae51f48a653 Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 13:41:17 -0400 Subject: [PATCH 06/14] swithced branches Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index 589b06389..1399e93df 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -2,9 +2,7 @@ name: cppcheck-action-test on: push: branches: - - v1.x/staging - - master - - rc + - v2.x/staging pull_request: types: [opened, reopened, synchronize] From df222627f4dbce4b41f603a772d9ef02b734a3cf Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 13:45:13 -0400 Subject: [PATCH 07/14] add missing cppcheck Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index 1399e93df..d1e30c0ee 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -13,10 +13,11 @@ jobs: steps: - uses: actions/checkout@v2 - - name: '[Prep 2] Setup jFrog CLI' - uses: jfrog/setup-jfrog-cli@v2 - env: - JF_ARTIFACTORY_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }} + - name: cppcheck + uses: deep5050/cppcheck-action@main + with: + github_token: ${{ secrets.GITHUB_TOKEN}} + force: enable - name: upload artifact uses: actions/upload-artifact@v3 From 5d453fec05e73a8b785b0ce8b89226011a62081e Mon Sep 17 00:00:00 2001 From: James Struga Date: Mon, 14 Mar 2022 14:00:46 -0400 Subject: [PATCH 08/14] on push Signed-off-by: James Struga --- .github/workflows/cppcheck.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index d1e30c0ee..958e21db9 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -1,10 +1,5 @@ name: cppcheck-action-test -on: - push: - branches: - - v2.x/staging - pull_request: - types: [opened, reopened, synchronize] +on: [push] jobs: build: From b96e7b54796ed56af65c210b147cf3fb4b3f7e92 Mon Sep 17 00:00:00 2001 From: James Struga Date: Tue, 15 Mar 2022 21:33:22 -0400 Subject: [PATCH 09/14] add ql Signed-off-by: James Struga --- .github/workflows/codeql.yml | 70 ++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..c5aaafd39 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ v2.x/staging ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ v2.x/staging ] + schedule: + - cron: '30 20 * * 2' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'c' , 'c++' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 \ No newline at end of file From d87f40e612718e89cfa976efb44c52900f7cfc43 Mon Sep 17 00:00:00 2001 From: James Struga Date: Tue, 15 Mar 2022 21:35:13 -0400 Subject: [PATCH 10/14] remove autobuild Signed-off-by: James Struga --- .github/workflows/codeql.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c5aaafd39..6c3c6da88 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,10 +50,6 @@ jobs: # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl From d305b85ed8ec71da67918f6c21fa1919eb96cb5a Mon Sep 17 00:00:00 2001 From: James Struga Date: Fri, 18 Mar 2022 10:58:35 -0400 Subject: [PATCH 11/14] added more scanners Signed-off-by: James Struga --- .github/workflows/flawfinder.yml | 36 ++++++++++++++++++ .github/workflows/msvc.yml | 64 ++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 .github/workflows/flawfinder.yml create mode 100644 .github/workflows/msvc.yml diff --git a/.github/workflows/flawfinder.yml b/.github/workflows/flawfinder.yml new file mode 100644 index 000000000..4b92caed6 --- /dev/null +++ b/.github/workflows/flawfinder.yml @@ -0,0 +1,36 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: flawfinder + +on: + push: + branches: [ v2.x/staging ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ v2.x/staging ] + +jobs: + flawfinder: + name: Flawfinder + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: flawfinder_scan + uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c + with: + arguments: '--sarif ./' + output: 'flawfinder_results.sarif' + + - name: Upload analysis results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml new file mode 100644 index 000000000..fa7a42b6e --- /dev/null +++ b/.github/workflows/msvc.yml @@ -0,0 +1,64 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# Find more information at: +# https://github.com/microsoft/msvc-code-analysis-action + +name: Microsoft C++ Code Analysis + +on: + push: + branches: [ v2.x/staging ] + pull_request: + branches: [ v2.x/staging ] + + +env: + # Path to the CMake build directory. + build: '${{ github.workspace }}/build' + +permissions: + contents: read + +jobs: + analyze: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + name: Analyze + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Configure CMake + run: cmake -B ${{ env.build }} + + # Build is not required unless generated source files are used + # - name: Build CMake + # run: cmake --build ${{ env.build }} + + - name: Initialize MSVC Code Analysis + uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99 + # Provide a unique ID to access the sarif output path + id: run-analysis + with: + cmakeBuildDirectory: ${{ env.build }} + # Ruleset file that will determine what checks will be run + ruleset: NativeRecommendedRules.ruleset + + # Upload SARIF file to GitHub Code Scanning Alerts + #- name: Upload SARIF to GitHub + # uses: github/codeql-action/upload-sarif@v1 + # with: + # sarif_file: ${{ steps.run-analysis.outputs.sarif }} + + # Upload SARIF file as an Artifact to download and view + - name: Upload SARIF as an Artifact + uses: actions/upload-artifact@v3 + with: + name: sarif-file + path: ${{ steps.run-analysis.outputs.sarif }} From 7c8eb3774f43f9c7064bf82d5beb9f13e9e0f207 Mon Sep 17 00:00:00 2001 From: James Struga Date: Fri, 18 Mar 2022 11:25:31 -0400 Subject: [PATCH 12/14] fix Signed-off-by: James Struga --- .github/workflows/flawfinder.yml | 8 +++++++- .github/workflows/msvc.yml | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flawfinder.yml b/.github/workflows/flawfinder.yml index 4b92caed6..7903a2022 100644 --- a/.github/workflows/flawfinder.yml +++ b/.github/workflows/flawfinder.yml @@ -33,4 +33,10 @@ jobs: - name: Upload analysis results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file + sarif_file: ${{github.workspace}}/flawfinder_results.sarif + + - name: Upload SARIF as an Artifact + uses: actions/upload-artifact@v3 + with: + name: flawfinder_results.sarif + path: ${{ github.workspace }} \ No newline at end of file diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index fa7a42b6e..22e057735 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -34,8 +34,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - - name: Configure CMake - run: cmake -B ${{ env.build }} + # - name: Configure CMake + # run: cmake -B ${{ env.build }} # Build is not required unless generated source files are used # - name: Build CMake From 0684008c92dc669572a72399dd32e629391eaa86 Mon Sep 17 00:00:00 2001 From: James Struga Date: Fri, 18 Mar 2022 12:10:40 -0400 Subject: [PATCH 13/14] add snyk Signed-off-by: James Struga --- .github/workflows/flawfinder.yml | 8 ++--- .github/workflows/snyk.yml | 54 ++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/snyk.yml diff --git a/.github/workflows/flawfinder.yml b/.github/workflows/flawfinder.yml index 7903a2022..779bdd85a 100644 --- a/.github/workflows/flawfinder.yml +++ b/.github/workflows/flawfinder.yml @@ -30,10 +30,10 @@ jobs: arguments: '--sarif ./' output: 'flawfinder_results.sarif' - - name: Upload analysis results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: ${{github.workspace}}/flawfinder_results.sarif + #- name: Upload analysis results to GitHub Security tab + # uses: github/codeql-action/upload-sarif@v1 + # with: + # sarif_file: ${{github.workspace}}/flawfinder_results.sarif - name: Upload SARIF as an Artifact uses: actions/upload-artifact@v3 diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 000000000..3b1d80371 --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,54 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which checks out your Infrastructure as Code Configuration files, +# such as Kubernetes, Helm & Terraform and scans them for any security issues. +# The results are then uploaded to GitHub Security Code Scanning +# +# For more examples, including how to limit scans to only high-severity issues +# and fail PR checks, see https://github.com/snyk/actions/ + +name: Snyk Infrastructure as Code + +on: + push: + branches: [ v2.x/staging ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ v2.x/staging ] + + +jobs: + snyk: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run Snyk to check configuration files for security issues + # Snyk can be used to break the build when it detects security issues. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/iac@14818c4695ecc4045f33c9cee9e795a788711ca4 + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + # Add the path to the configuration file that you would like to test. + # For example `deployment.yaml` for a Kubernetes deployment manifest + # or `main.tf` for a Terraform configuration file + file: your-file-to-test.yaml + + + - name: Upload SARIF as an Artifact + uses: actions/upload-artifact@v3 + with: + name: snyk.sarif + path: ${{ github.workspace }} + + #- name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v1 + # with: + # sarif_file: snyk.sarif From 16b2b1e63690f4d0671de6b03f860d434b4571a0 Mon Sep 17 00:00:00 2001 From: James Struga Date: Sun, 20 Mar 2022 22:47:19 -0400 Subject: [PATCH 14/14] add only c Signed-off-by: James Struga --- .github/workflows/codeql.yml | 2 +- .github/workflows/snyk.yml | 54 ------------------------------------ 2 files changed, 1 insertion(+), 55 deletions(-) delete mode 100644 .github/workflows/snyk.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6c3c6da88..0b1dc77d2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'c' , 'c++' ] + language: [ 'c' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 3b1d80371..000000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,54 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# A sample workflow which checks out your Infrastructure as Code Configuration files, -# such as Kubernetes, Helm & Terraform and scans them for any security issues. -# The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity issues -# and fail PR checks, see https://github.com/snyk/actions/ - -name: Snyk Infrastructure as Code - -on: - push: - branches: [ v2.x/staging ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ v2.x/staging ] - - -jobs: - snyk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Run Snyk to check configuration files for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/iac@14818c4695ecc4045f33c9cee9e795a788711ca4 - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # Add the path to the configuration file that you would like to test. - # For example `deployment.yaml` for a Kubernetes deployment manifest - # or `main.tf` for a Terraform configuration file - file: your-file-to-test.yaml - - - - name: Upload SARIF as an Artifact - uses: actions/upload-artifact@v3 - with: - name: snyk.sarif - path: ${{ github.workspace }} - - #- name: Upload result to GitHub Code Scanning - # uses: github/codeql-action/upload-sarif@v1 - # with: - # sarif_file: snyk.sarif