[skip ci] Add Advanced Security code scanning workflow

[skip ci] Add Advanced Security code scanning workflow. This file will introduce a new pipeline for the repository on GitHub, which doesn’t affect in any way already existing CI-CD pipelines. If you have any questions please ask on #security channel.
Scout24 · Feb 2, 2023 · d9f0eff · d9f0eff
2 parents 6655339 + 1d93d69
commit d9f0eff
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,31 @@
+name: "CodeQL"
+
+on:
+  # workflow_dispatch enables manual triggering of the workflow
+  workflow_dispatch:
+  schedule:
+  - cron: '57 16 * * 6'
+env:
+  FAST_EMAIL: ${{ secrets.FAST_EMAIL }}
+  FAST_USER: ${{ secrets.FAST_USER }}
+  FAST_TOKEN: ${{ secrets.FAST_TOKEN }}
+  FAST_HTTPAUTH: ${{ secrets.FAST_HTTPAUTH }}
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    - name: S24 static application security testing (SAST) action
+      uses: scout24/s24-sast-action@v1
+      with:
+        languages: java
+        fast_user: ${{ env.FAST_USER }}
+        fast_token: ${{ env.FAST_TOKEN }}
+        java_version: '11'
+