From 576162d9bf1b5ac57f269c757712d9f08f15dda8 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 11 Jun 2020 11:46:17 +0200 Subject: [PATCH] Remove CodeQL/ShiftLeft until they are enabled for the org --- .github/workflows/codeql-analysis.yml | 51 ------------------------ .github/workflows/shiftleft-analysis.yml | 35 ---------------- 2 files changed, 86 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .github/workflows/shiftleft-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 1540e3ca..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: "Code scanning - action" - -on: - push: - pull_request: - schedule: - - cron: '0 15 * * 0' - -jobs: - CodeQL-Build: - - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - # Override language selection by uncommenting this and choosing your languages - # with: - # languages: go, javascript, csharp, python, cpp, java - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml deleted file mode 100644 index 1be55534..00000000 --- a/.github/workflows/shiftleft-analysis.yml +++ /dev/null @@ -1,35 +0,0 @@ -# This workflow integrates ShiftLeft Scan with GitHub's code scanning feature -# ShiftLeft Scan is a free open-source security tool for modern DevOps teams -# Visit https://slscan.io/en/latest/integrations/github-actions/ for help -name: ShiftLeft Scan - -# This section configures the trigger for the workflow. Feel free to customize depending on your convention -on: push - -jobs: - Scan-Build: - # Scan runs on ubuntu, mac and windows - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - # Instructions - # 1. Setup JDK, Node.js, Python etc depending on your project type - # 2. Compile or build the project before invoking scan - # Example: mvn compile, or npm install or pip install goes here - # 3. Invoke ShiftLeft Scan with the github token. Leave the workspace empty to use relative url - - - name: Perform ShiftLeft Scan - uses: ShiftLeftSecurity/scan-action@master - env: - WORKSPACE: "" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - output: reports - # Scan auto-detects the languages in your project. To override uncomment the below variable and set the type - # type: credscan,java - # type: python - - - name: Upload report - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: reports