From d0a91a716853fb3fea465be951eea0c358d61cbb Mon Sep 17 00:00:00 2001
From: Dekunledev <98256907+Dekunledev@users.noreply.github.com>
Date: Mon, 19 May 2025 19:31:51 +0100
Subject: [PATCH] Added checkmarx security scan to the github build pipeline

---
 .github/workflows/security-scan.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .github/workflows/security-scan.yml

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
new file mode 100644
index 0000000..8d85656
--- /dev/null
+++ b/.github/workflows/security-scan.yml
@@ -0,0 +1,28 @@
+name: Security scan on all changes (Commits/PRs)
+
+on:
+  push:
+    branches: ['main', 'master', 'pilot', 'dev']
+  pull_request:
+    types:
+      - opened
+
+jobs:
+  code-check:
+    runs-on: ubuntu-latest
+    env:
+      OS: ubuntu-latest
+    steps:
+    - name: checkout code
+      uses: actions/checkout@v2
+    
+
+    - name: Checkmarx One ClI Action
+      uses: checkmarx/ast-github-action@main
+      with:
+        project_name: Java-v2
+        cx_tenant: Flutterwave
+        base_uri: https://eu.ast.checkmarx.net/
+        cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+        cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+        additional_params: --scan-types sast,iac-security,api-security,sca,container-security