[PM-7288] Include changes to actions in scan workflow

[bwdil]

• Upload CheckMarx results in cx_results.sarif to GitHub
• Arguments to support code quality scan with SonarCloud

🎟️ Tracking

PM-7288 - Deploy scanning workflow organization-wide

📔 Objective

As part of our efforts to support secure code quality initiatives and find vulnerabilities through the use CheckMarx and SonarCloud, we need to implement these changes to our scan workflow. The workflows may change over time as the AppSec team further refines the process and workflow.

📸 Screenshots

None

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[withinfocus]

Mobile team to confirm paths configured here are accurate.

[KatherineInCode]

It doesn't look like this captures all of the tests in the suite, because we don't separate out tests into a separate directory. I'm not sure how much that will interfere with sonar.

[github-actions]

Checkmarx One – Scan Summary & Details – 996c205b-1663-4132-9c4d-c32312a7ea98

No New Or Fixed Issues Found

[github-actions]

	2 Warnings
⚠️	Ignoring duplicate libraries: '-lbitwarden_uniffi'
⚠️	AuthenticatorShared/UI/Vault/ItemList/ItemList/ItemListView.swift#L295: Type Body Length Violation: Type body should span 250 lines or less excluding comments and whitespace: currently spans 262 lines (type_body_length)

	3 Messages
📖	AuthenticatorSharedTests: Executed 263 tests, with 3 failures (0 expected) in 11.945 (12.248) seconds
📖	AuthenticatorTests: Executed 0 tests, with 0 failures (0 expected) in 0 (0.001) seconds
📖	NetworkingTests: Executed 26 tests, with 0 failures (0 expected) in 0.063 (0.078) seconds

Authenticator code coverage

Total coverage: 55.54%

Powered by Slather

Generated by 🚫 Danger