Merge pull request #45 from shiftleft-chuck/shiftleft-chuck-patch-22

shiftleft-chuck · web-flow · commit b34e2821ec4b · 2022-04-12T16:12:48.000-04:00
Update shiftleft.yml
diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
@@ -1,13 +1,10 @@
-# Edit
+---
+# This workflow integrates ShiftLeft NG SAST with GitHub
+# Visit https://docs.shiftleft.io for help
 name: Scan Action with ShiftLeft
 
 on:
   workflow_dispatch:
-  pull_request:
-  push:
-    branches:
-      - main
-      - master
 
 jobs:
   NextGen-Static-Analysis:
@@ -27,13 +24,9 @@ jobs:
       run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
       id: extract_branch
     - name: NextGen Static Analysis
-      run: |
-        ${GITHUB_WORKSPACE}/sl analyze --wait --app "shiftleft-js-demo" \
-          --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} \
-          --js --cpg .
+      run: ${GITHUB_WORKSPACE}/sl analyze --wait --oss-recursive --app shiftleft-js-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --js --cpg .
       env:
         SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
-    - name: Validate Build Rules
   Build-Rules: 
     runs-on: ubuntu-latest
     needs: NextGen-Static-Analysis
