Skip to content

chore: use CDK v1 API for lacework component dev #112

chore: use CDK v1 API for lacework component dev

chore: use CDK v1 API for lacework component dev #112

name: Lacework Code Analysis
on:
pull_request:
branches: [main]
permissions:
contents: read
pull-requests: write
env:
LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT }}
LW_API_KEY: ${{ secrets.LW_API_KEY }}
LW_API_SECRET: ${{ secrets.LW_API_SECRET }}
jobs:
run-analysis:
runs-on: ubuntu-latest
name: Run analysis
strategy:
matrix:
target: [new, old]
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 2
# TODO: remove once Semgrep is packaged in SAST
- run: python3 -m pip install semgrep==1.50.0
- name: Checkout old
if: ${{ matrix.target == 'old' }}
run: git checkout HEAD^1
- name: Analyze
uses: lacework/code-security-action@v1
with:
target: ${{ matrix.target }}
display-results:
runs-on: ubuntu-latest
name: Display results
needs:
- run-analysis
steps:
- name: Results
id: code-analysis
uses: lacework/code-security-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}