Added Github action for SAST scanning

mylesvarns · Feb 21, 2024 · 84cda8b · 84cda8b
1 parent ed486e4
commit 84cda8b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,23 @@
+name: CI
+
+on: [push]
+
+jobs:
+    sast_scan:
+      name: Run brakeman scan
+      # Run this job on ubuntu-latest
+      runs-on: ubuntu-latest
+
+      steps:
+        - name: Checkout Repo
+          uses: actions/checkout@v2
+
+        - name: Setup Ruby
+          uses: ruby/setup-ruby@v1
+          with:
+            bundler-cache: true
+
+        - name: Run brakeman
+          run: bundle exec brakeman
+
+
diff --git a/Gemfile b/Gemfile
@@ -50,6 +50,9 @@ gem "bootsnap", require: false
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "debug", platforms: %i[ mri windows ]
+
+  # Security scanner for Ruby on Rails
+  gem "brakeman", require: false
 end
 
 group :development do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -82,6 +82,8 @@ GEM
     bindex (0.8.1)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
+    brakeman (6.1.2)
+      racc
     builder (3.2.4)
     capybara (3.40.0)
       addressable
@@ -241,6 +243,7 @@ PLATFORMS
 
 DEPENDENCIES
   bootsnap
+  brakeman
   capybara
   debug
   importmap-rails