CI Integration
One can use Code PathFinder as a part of your CI/CD pipeline to scan your code for vulnerabilities. The code-pathfinder docker image is available on Docker Hub.
name: Code-Pathfinder SAST Scanon: pull_request:jobs: sast-scan: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4
- name: Code-Pathfinder SAST Scan uses: shivasurya/code-pathfinder@main with: command: 'ci' project: '.' output-file: 'output.sarif' output: 'sarif' ruleset: 'cpf/java'
- name: Read SARIF file run: | echo "SARIF file content:" cat $GITHUB_WORKSPACE/output.sarif
stages: - code-pathfinder-sast
code-pathfinder-sast: image: name: shivasurya/code-pathfinder:stable-latest entrypoint: [""] stage: code-pathfinder-sast script: - echo "Running Code-Pathfinder SAST Scan..." - pathfinder ci --project . --output-file output.sarif --output sarif --ruleset cpf/java - echo "SARIF file content:" - cat output.sarif artifacts: paths: - output.sarif when: always
image: shivasurya/code-pathfinder:stable-latest
pipelines: default: - step: name: Run Code-Pathfinder SAST Scan script: - echo "Running Code-Pathfinder SAST Scan..." - pathfinder ci --project '.' --output-file 'output.sarif' --output 'sarif' --ruleset 'cpf/java' - echo "SARIF file content:" - cat output.sarif artifacts: - output.sarif
version: 2.1
jobs: code-pathfinder-sast: docker: - image: shivasurya/code-pathfinder:stable-latest steps: - checkout - run: name: Run Code-Pathfinder SAST Scan command: | echo "Running Code-Pathfinder SAST Scan..." pathfinder ci --project . --output-file output.sarif --output sarif --ruleset cpf/java || true - run: name: Read SARIF File command: | echo "SARIF file content:" cat output.sarif || echo "No SARIF file found" - store_artifacts: path: output.sarif destination: output.sarif
workflows: version: 2 code-pathfinder-sast: jobs: - code-pathfinder-sast
trigger: - '*'
jobs:- job: CodePathfinderSAST pool: name: 'yourpoolname' steps: - script: | echo "Running Code-Pathfinder SAST Scan..." docker run --rm -v $(System.DefaultWorkingDirectory):/workspace -w /workspace shivasurya/code-pathfinder:stable-latest ci --project . --output-file output.sarif --output sarif --ruleset cpf/java displayName: 'Run SAST Scan with Docker'
- script: | echo "SARIF file content:" cat output.sarif || echo "No SARIF file found" displayName: 'Read SARIF File'
- task: PublishBuildArtifacts@1 inputs: PathtoPublish: 'output.sarif' ArtifactName: 'SARIF Report'