CI Integration

One can use Code PathFinder as a part of your CI/CD pipeline to scan your code for vulnerabilities. The code-pathfinder docker image is available on Docker Hub.

GitHub Actions

name: Code-Pathfinder SAST Scan
on:
  pull_request:
jobs:
  sast-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Code-Pathfinder SAST Scan
        uses: shivasurya/code-pathfinder@main
        with:
          command: 'ci'
          project: '.'
          output-file: 'output.sarif'
          output: 'sarif'
          ruleset: 'cpf/java'

      - name: Read SARIF file
        run: |
          echo "SARIF file content:"
          cat $GITHUB_WORKSPACE/output.sarif

GitLab CI

stages:
  - code-pathfinder-sast

code-pathfinder-sast:
  image:
    name: shivasurya/code-pathfinder:stable-latest
    entrypoint: [""]
  stage: code-pathfinder-sast
  script:
    - echo "Running Code-Pathfinder SAST Scan..."
    - pathfinder ci --project . --output-file output.sarif --output sarif --ruleset cpf/java
    - echo "SARIF file content:"
    - cat output.sarif
  artifacts:
    paths:
      - output.sarif
    when: always

BitBucket Pipelines

image: shivasurya/code-pathfinder:stable-latest

pipelines:
  default:
    - step:
        name: Run Code-Pathfinder SAST Scan
        script:
          - echo "Running Code-Pathfinder SAST Scan..."
          - pathfinder ci --project '.' --output-file 'output.sarif' --output 'sarif' --ruleset 'cpf/java'
          - echo "SARIF file content:"
          - cat output.sarif
        artifacts:
          - output.sarif

CircleCI Pipelines

version: 2.1

jobs:
  code-pathfinder-sast:
    docker:
      - image: shivasurya/code-pathfinder:stable-latest
    steps:
      - checkout
      - run:
          name: Run Code-Pathfinder SAST Scan
          command: |
            echo "Running Code-Pathfinder SAST Scan..."
            pathfinder ci --project . --output-file output.sarif --output sarif --ruleset cpf/java || true
      - run:
          name: Read SARIF File
          command: |
            echo "SARIF file content:"
            cat output.sarif || echo "No SARIF file found"
      - store_artifacts:
          path: output.sarif
          destination: output.sarif

workflows:
  version: 2
  code-pathfinder-sast:
    jobs:
      - code-pathfinder-sast

Azure DevOps

trigger:
  - '*'

jobs:
- job: CodePathfinderSAST
  pool:
    name: 'yourpoolname'
  steps:
    - script: |
        echo "Running Code-Pathfinder SAST Scan..."
        docker run --rm -v $(System.DefaultWorkingDirectory):/workspace -w /workspace shivasurya/code-pathfinder:stable-latest ci --project . --output-file output.sarif --output sarif --ruleset cpf/java
      displayName: 'Run SAST Scan with Docker'

    - script: |
        echo "SARIF file content:"
        cat output.sarif || echo "No SARIF file found"
      displayName: 'Read SARIF File'

    - task: PublishBuildArtifacts@1
      inputs:
        PathtoPublish: 'output.sarif'
        ArtifactName: 'SARIF Report'