feat: add Bearer code scanning option

tylern12 · Jul 17, 2023 · 9744b8f · 9744b8f
1 parent f3c5d79
commit 9744b8f
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 0 deletions.
diff --git a/code-scanning/bearer.yml b/code-scanning/bearer.yml
@@ -0,0 +1,39 @@
+# This workflow file requires a free account on Bearer.com to manage findings, notifications and more.
+#
+# See https://docs.bearer.com/guides/bearer-cloud/
+
+name: Bearer
+
+on:
+ push:
+ branches: [$default-branch, $protected-branches]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [$default-branch]
+ schedule:
+ - cron: $cron-weekly
+
+permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+jobs:
+ bearer:
+ runs-on: ubuntu-latest
+ steps:
+ # Checkout project source
+ - uses: actions/checkout@v3
+ # Scan code using Bearer CLI
+ - name: Run Report
+ id: report
+ uses: bearer/bearer-action@v2
+ with:
+ api-key: ${{ secrets.BEARER_TOKEN }}
+ format: sarif
+ output: results.sarif
+ # Upload SARIF file generated in previous step
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: results.sarif
diff --git a/code-scanning/properties/bearer.properties.json b/code-scanning/properties/bearer.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Bearer",
+ "creator": "Bearer",
+ "description": "Continuously run Bearer code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.",
+ "iconName": "bearer",
+ "categories": ["Code Scanning", "JavaScript", "TypeScript", "Java", "Ruby"]
+}
diff --git a/icons/bearer.svg b/icons/bearer.svg