From b77bd7b48c8f812965fef408daa80e8cbd4a091b Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 28 Apr 2026 09:39:51 -0400 Subject: [PATCH 1/2] adding ShiftLeft action workflow config --- .github/workflows/shiftleft.yml | 54 +++++++++++++++++---------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml index f53840c1..0c18936f 100644 --- a/.github/workflows/shiftleft.yml +++ b/.github/workflows/shiftleft.yml @@ -1,7 +1,7 @@ --- -# This workflow integrates qwiet.ai preZero with GitHub +# This workflow integrates Harness SAST and SCA with GitHub # Visit https://docs.shiftleft.io for help -name: qwiet.ai +name: Harness SAST and SCA on: pull_request: @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI + - name: Download Harness SAST and SCA CLI run: | curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl @@ -22,35 +22,37 @@ jobs: ${GITHUB_WORKSPACE}/sl --version ${GITHUB_WORKSPACE}/sl analyze --strict --wait \ - --app shiftleft-python-demo \ + --app QwietAI-python-demo \ --tag branch=${{ github.head_ref }} \ - --pythonsrc --container 18fgsa/s3-resource $(pwd) + --pythonsrc $(pwd) env: SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} SHIFTLEFT_API_HOST: www.shiftleft.io SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 - Build-Rules: - runs-on: ubuntu-latest - permissions: write-all - needs: NextGen-Static-Analysis - steps: - - uses: actions/checkout@v3 - - name: Download ShiftLeft CLI - run: | - curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl - - name: Validate Build Rules - run: | - ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-python-demo \ - --github-pr-number=${{github.event.number}} \ - --github-pr-user=${{ github.repository_owner }} \ - --github-pr-repo=${{ github.event.repository.name }} \ - --github-token=${{ secrets.GITHUB_TOKEN }} - env: - SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} - SHIFTLEFT_API_HOST: www.shiftleft.io - SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 - SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 +# Build-Rules: +# runs-on: ubuntu-latest +# permissions: write-all +# needs: NextGen-Static-Analysis +# steps: +# - uses: actions/checkout@v3 +# - name: Download Harness SAST and SCA CLI +# run: | +# curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl +# - name: Validate Build Rules +# run: | +# ${GITHUB_WORKSPACE}/sl check-analysis --app QwietAI-python-demo \ +# --github-pr-number=${{github.event.number}} \ +# --github-pr-user=${{ github.repository_owner }} \ +# --github-pr-repo=${{ github.event.repository.name }} \ +# --github-token=${{ secrets.GITHUB_TOKEN }} +# env: +# # SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }} +# +# SHIFTLEFT_API_HOST: www.shiftleft.io +# SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443 +# SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 +# From 8c5346eabce725374b9e20ecbadbe9eccd0bbb70 Mon Sep 17 00:00:00 2001 From: ShiftLeft Date: Tue, 28 Apr 2026 09:39:52 -0400 Subject: [PATCH 2/2] adding Qwiet preZero Static Analysis action workflow config --- shiftleft.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 shiftleft.yml diff --git a/shiftleft.yml b/shiftleft.yml new file mode 100644 index 00000000..820144af --- /dev/null +++ b/shiftleft.yml @@ -0,0 +1,15 @@ +version: 2 +build_rules: + - id: Allow no critical findings + severities: + - critical + - id: Allow one OSS or container finding + finding_types: + - oss_vuln + - container + threshold: 1 + - id: Allow no reachable OSS vulnerability + finding_types: + - oss_vuln + options: + reachable: true