From 5125fc3cc17e4bd8d2dde4f2638d511989dcc0d7 Mon Sep 17 00:00:00 2001 From: Ludwig Richter Date: Tue, 27 Dec 2022 18:14:02 +0100 Subject: [PATCH] chore(ci): Remove Shift Left code scan from code analysis workflow Note: The maintainer of Shift Left put the project in maintenance mode. See https://github.com/ShiftLeftSecurity/sast-scan/issues/352 --- .github/workflows/code-analysis.yml | 40 ----------------------------- 1 file changed, 40 deletions(-) diff --git a/.github/workflows/code-analysis.yml b/.github/workflows/code-analysis.yml index ba7763216..0123da4b9 100644 --- a/.github/workflows/code-analysis.yml +++ b/.github/workflows/code-analysis.yml @@ -55,43 +55,3 @@ jobs: run: pnpm build - name: Perform CodeQL Analysis 🔬 uses: github/codeql-action/analyze@v1 - - shift-left-analysis: - # This workflow integrates Scan with GitHub's code scanning feature - # Scan is a free open-source security tool for modern DevOps teams from ShiftLeft - # Visit https://slscan.io/en/latest/integrations/code-scan for help - name: Shift Left - runs-on: ubuntu-latest - steps: - - name: Checkout 📥 - uses: actions/checkout@v3.2.0 - - name: Setup PNPM 💿 - uses: pnpm/action-setup@v2.2.4 - with: - version: ${{ env.pnpm }} - - name: Setup Node 💿 - uses: actions/setup-node@v3.0.0 - with: - node-version: ${{ env.node }} - cache: 'pnpm' - - - name: Install dependencies 📚 - run: pnpm install - - name: Build packages 📦 - run: pnpm build - - - name: Perform Scan 👁️ - uses: ShiftLeftSecurity/scan-action@master - env: - WORKSPACE: '' - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - output: reports - # Scan auto-detects the languages in your project. To override uncomment the below variable and set the type - # type: credscan,java - # type: python - - - name: Upload report 📤 - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: reports