From bbef708f0aa2879c582bd705f74b67f7b7c3787a Mon Sep 17 00:00:00 2001
From: safeced <felix@safeced.com>
Date: Sat, 21 Aug 2021 12:06:51 +0300
Subject: [PATCH] Added Safeced code scan

---
 .github/workflows/safeced-codescan.yml | 39 ++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/workflows/safeced-codescan.yml

diff --git a/.github/workflows/safeced-codescan.yml b/.github/workflows/safeced-codescan.yml
new file mode 100644
index 0000000000..e66a310bad
--- /dev/null
+++ b/.github/workflows/safeced-codescan.yml
@@ -0,0 +1,39 @@
+name: Safeced Python Code Scan
+on: [push]
+jobs:
+  Code-Scan-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
+      - name: Installing dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install bandit
+      - name: Check out repository code
+        uses: actions/checkout@v2
+      - name: Running security scan in the repository - ${{ github.ref }}
+        id: runScan
+        run: |
+          cd ${{ github.workspace }}
+          mkdir -p output
+          bandit -f json -o output/results.json --exit-zero -r .
+      - name: Security check report artifacts
+        uses: actions/upload-artifact@v1
+        with:
+          name: Security report
+          path: output/results.json
+      - name: Preparing report meta data
+        id: metaData
+        shell: bash
+        run: |
+          echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: Report scan results
+        uses: fjogeleit/http-request-action@master
+        with:
+          url: "https://c478-41-90-36-169.ngrok.io/api/v1/codescans/projects/5aaf33d1-c294-4afc-bf47-1d9d8b802d78/upload_scan_results/"
+          method: "POST"
+          files: '{ "file": "${{ github.workspace }}/output/results.json" }'
+          data: '{"branch": "${{ steps.metaData.outputs.branch }}", "commit": "${{ steps.metaData.outputs.sha_short }}"}'
+          customHeaders: '{"Authorization": "Token 93d1f25a06b545fede4d78e890f9496f39e2e3f7"}'
+      - run: echo "🍏 This job's status is ${{ job.status }}."
\ No newline at end of file