From ab59ca4a49a95b76a5ec3ede9e0340f462adc0f4 Mon Sep 17 00:00:00 2001
From: "kedar.jamkhindikar@spectrocloud.com"
 <79581321+kedar-calsoftinc@users.noreply.github.com>
Date: Wed, 18 Oct 2023 15:45:57 +0530
Subject: [PATCH] some more check added

---
 .github/workflows/bulwark-gosec-pr-scan.yaml  | 35 +++++++++++++++++++
 .../workflows/golicense-pr-validation.yaml    |  2 +-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/bulwark-gosec-pr-scan.yaml

diff --git a/.github/workflows/bulwark-gosec-pr-scan.yaml b/.github/workflows/bulwark-gosec-pr-scan.yaml
new file mode 100644
index 00000000000..bbc50ca193a
--- /dev/null
+++ b/.github/workflows/bulwark-gosec-pr-scan.yaml
@@ -0,0 +1,35 @@
+name: BulwarkGoSec
+on: [pull_request]
+
+concurrency:
+  group: gosec-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  gosec-pr-scan:
+    runs-on: ubuntu-latest
+    container:
+      image: gcr.io/spectro-dev-public/bulwark/gosec:latest
+    steps:
+
+      - name: run-gosec-scan
+        shell: sh
+        env:
+          BRANCH: ${{ github.head_ref || github.ref_name }}
+          GO111MODULE: on
+        run: |
+          /workspace/bulwark -name CodeSASTGoSec -verbose -target $REPO -tags "branch:$BRANCH,rules:all"
+
+      - name: check-result
+        shell: sh
+        run: |
+          resultPath=$REPO-result.json
+          issues=$(cat $resultPath | jq -r '.Stats.found')
+          echo "Found ${issues} issues"
+          if [ "$issues" -gt 0 ]; then
+            echo "GoSec SAST scan failed with below findings..."
+            cat $resultPath
+            exit 1
+          else 
+            echo "GoSec SAST scan passed"
+          fi
diff --git a/.github/workflows/golicense-pr-validation.yaml b/.github/workflows/golicense-pr-validation.yaml
index 5223441309a..129eea9f918 100644
--- a/.github/workflows/golicense-pr-validation.yaml
+++ b/.github/workflows/golicense-pr-validation.yaml
@@ -27,5 +27,5 @@ jobs:
       - name: golicense-scan
         run: |
           go-licenses check --ignore github.com/spectrocloud ./
-          go-licenses check --ignore github.com/spectrocloud ./hack/tools
+#          go-licenses check --ignore github.com/spectrocloud ./hack/tools
 #          go-licenses check --ignore github.com/spectrocloud ./spate/xk6-spate
\ No newline at end of file