From 44e2b3be11efccf23ea8af38b085d9333716afdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D2=89=CE=B1k=CE=B1=20x=E2=A0=A0=E2=A0=B5?=
 <32862241+4k4xs4pH1r3@users.noreply.github.com>
Date: Wed, 31 Jan 2024 20:22:23 +0300
Subject: [PATCH] Create endorlabs.yml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: ҉αkα x⠠⠵ <32862241+4k4xs4pH1r3@users.noreply.github.com>
---
 .github/workflows/endorlabs.yml | 51 +++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 .github/workflows/endorlabs.yml

diff --git a/.github/workflows/endorlabs.yml b/.github/workflows/endorlabs.yml
new file mode 100644
index 000000000..e16916cf0
--- /dev/null
+++ b/.github/workflows/endorlabs.yml
@@ -0,0 +1,51 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Endor Labs
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '36 18 * * 2'
+jobs:
+  scan:
+    permissions:
+      security-events: write # Used to upload sarif artifact to GitHub
+      contents: read # Used to checkout a private repository by actions/checkout.
+      actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required.
+      id-token: write # Used for keyless authentication to Endor Labs
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    #### Package Build Instructions
+    ### Use this section to define the build steps used by your software package.
+    ### Endor Labs builds your software for you where possible but the required build tools must be made availible.
+    # - name: Setup Java
+    #   uses: actions/setup-java@v3
+    #   with:
+    #     distribution: 'microsoft'
+    #     java-version: '17'
+    # - name: Build Package
+    #   run: mvn clean install
+    - name: Endor Labs scan pull request
+      if: github.event_name == 'pull_request'
+      uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c
+      with:
+        namespace: "example" # Modify the namespace to your Endor Labs tenant namespace.
+        sarif_file: findings.sarif
+    - name: Endor Labs scan monitor
+      if: github.event_name == 'push'
+      uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c
+      with:
+        namespace: "example" # Modify the namespace to your Endor Labs tenant namespace.
+        ci_run: "false"
+        sarif_file: findings.sarif
+    - name: Upload SARIF to github
+      uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
+      with:
+        sarif_file: findings.sarif