05 CI/CD
GitHub Action 연동
CI 파이프라인에 보안 스캔을 추가하세요. SARIF 결과가 GitHub Security 탭에 표시됩니다.
.github/workflows/security.yml
name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
security-events: write
contents: read
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install VEXLIT
run: npm install -g @vexlit/cli
- name: Full scan (push to main)
if: github.event_name == 'push'
run: vexlit scan . --sarif > results.sarif --fail-on critical
- name: Diff scan (pull request)
if: github.event_name == 'pull_request'
run: vexlit scan --diff --sarif > results.sarif --fail-on warning
- name: Upload SARIF
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif입력
--fail-oncritical | warning | info--diffGit 변경 파일만--sarifSARIF output--formattable | json | sarif출력
total총 취약점 수critical치명적 개수sarif-fileSARIF 출력 경로