@@ -53,54 +53,53 @@ jobs:
5353
5454name : Run Security Analysis
5555 id : scan
56- env :
57- CODEGUARD_CONFIG : |
58- api:
59- url: ${{ env.CODEGUARD_API_URL }}
60- key: ${{ env.CODEGUARD_API_KEY }}
61- timeout: ${{ env.SCAN_TIMEOUT }}
62- scan:
63- analysis_depth: comprehensive
64- enable_ml: true
65- enable_dataflow: true
66- enable_plugins: true
67- severity_threshold: Low
68- include_patterns:
69- - "**/*.py"
70- - "**/*.js"
71- - "**/*.jsx"
72- - "**/*.ts"
73- - "**/*.tsx"
74- - "**/*.java"
75- - "**/*.c"
76- - "**/*.cpp"
77- - "**/*.php"
78- - "**/*.go"
79- - "**/*.rs"
80- - "**/*.swift"
81- - "**/*.kt"
82- exclude_patterns:
83- - "**/node_modules/**"
84- - "**/vendor/**"
85- - "**/test/**"
86- - "**/tests/**"
87- - "**/__pycache__/**"
88- - "**/target/**"
89- - "**/build/**"
90- - "**/dist/**"
91- output:
92- formats: [sarif, json, pdf]
93- sarif_file: codeguard-results.sarif
94- json_file: codeguard-results.json
95- pdf_file: codeguard-report.pdf
96- compliance:
97- frameworks: [OWASP-Top-10, SANS-25, PCI-DSS]
98- fail_on_critical: true
99- fail_on_high: false
100- max_critical: 0
101- max_high: 5
10256 run : |
103- echo "$CODEGUARD_CONFIG" > .codeguard.yml
57+ cat > .codeguard.yml << 'EOF'
58+ api:
59+ url: ${{ env.CODEGUARD_API_URL }}
60+ key: ${{ env.CODEGUARD_API_KEY }}
61+ timeout: ${{ env.SCAN_TIMEOUT }}
62+ scan:
63+ analysis_depth: comprehensive
64+ enable_ml: true
65+ enable_dataflow: true
66+ enable_plugins: true
67+ severity_threshold: Low
68+ include_patterns:
69+ - "**/*.py"
70+ - "**/*.js"
71+ - "**/*.jsx"
72+ - "**/*.ts"
73+ - "**/*.tsx"
74+ - "**/*.java"
75+ - "**/*.c"
76+ - "**/*.cpp"
77+ - "**/*.php"
78+ - "**/*.go"
79+ - "**/*.rs"
80+ - "**/*.swift"
81+ - "**/*.kt"
82+ exclude_patterns:
83+ - "**/node_modules/**"
84+ - "**/vendor/**"
85+ - "**/test/**"
86+ - "**/tests/**"
87+ - "**/__pycache__/**"
88+ - "**/target/**"
89+ - "**/build/**"
90+ - "**/dist/**"
91+ output:
92+ formats: [sarif, json, pdf]
93+ sarif_file: codeguard-results.sarif
94+ json_file: codeguard-results.json
95+ pdf_file: codeguard-report.pdf
96+ compliance:
97+ frameworks: [OWASP-Top-10, SANS-25, PCI-DSS]
98+ fail_on_critical: true
99+ fail_on_high: false
100+ max_critical: 0
101+ max_high: 5
102+ EOF
104103
105104 # Run comprehensive security analysis
106105 codeguard scan . \
@@ -125,7 +124,6 @@ jobs:
125124 - name : Generate Security Report Summary
126125 if : always() && steps.scan.outputs.scan_completed == 'true'
127126 run : |
128- # Parse JSON results and create summary
129127 python3 << 'EOF'
130128 import json
131129 import os
@@ -142,7 +140,7 @@ jobs:
142140 md_content = f"""
143141 ## 🛡️ CodeGuard Security Analysis Results
144142
145- **Overall Risk Level:** {risk_assessment.get('overall_risk_level', 'Unknown')}
143+ **Overall Risk Level:** {risk_assessment.get('overall_risk_level', 'Unknown')}
146144 **Risk Score:** {risk_assessment.get('risk_score', 0):.1f}/10
147145
148146 ### 📊 Vulnerability Summary
@@ -176,7 +174,6 @@ jobs:
176174 md_content += f"""
177175
178176 ### 📋 Compliance Status
179-
180177 """
181178
182179 compliance = results.get('compliance_status', {})
@@ -197,8 +194,8 @@ jobs:
197194
198195 ---
199196
200- 📄 [View Full Report](./security-reports/codeguard-report.pdf)
201- 📊 [Download JSON Results](./security-reports/codeguard-results.json)
197+ 📄 [View Full Report](./security-reports/codeguard-report.pdf)
198+ 📊 [Download JSON Results](./security-reports/codeguard-results.json)
202199 🔧 [View SARIF Results](./security-reports/codeguard-results.sarif)
203200 """
204201
@@ -428,7 +425,7 @@ codeguard-security-scan:
428425 "name": vuln.get('issue', 'Security Issue'),
429426 "description": vuln.get('description', ''),
430427 "severity": severity_mapping.get(vuln.get('severity'), 'Unknown'),
431- "confidence": vuln.get('confidence', 0) * 100 ,
428+ "confidence": "High" ,
432429 "solution": vuln.get('recommendation', ''),
433430 "scanner": {
434431 "id": "codeguard-enterprise",
0 commit comments