This repository provides a self-contained demo of integration of Check Point shiftleft with GitHub actions. Fork it and trigger the GitHub actions workflow by adding a comment to webapp.js.
CloudGuard ShiftLeft will allow you to scan source code, Docker container images and serverless deployment packages, Terraform templates, and more. The ShiftLeft binary or Docker container will integrate posture management and SAST to your CI/CD deployment pipelines for any CI server.
The ShiftLeft container is available on Docker Hub.
Requirements: a CloudGuard Cloud Security Posture Management (formerly known as Dome9) account from here with active TF rulesets.
The code-scan blade provides source code security and visibility into the risk analysis of projects in Git repositories.
The iac-assessment blade will scan Infrastructure-as-Code templates, enabling DevOps and security teams to identify insecure configurations
The image-scan blade will scan Docker container images for security risks and vulnerabilities
Please generate a CG CSPM token and add it to repository settings using CHKP_CLOUDGUARD_ID and CHKP_CLOUDGUARD_SECRET.
Commit will trigger the GitHub actions workflow which chains code-scan (the entire repository is fed to containerized shiftleft), image-scan (which packs webapp into a Docker container image scanned by shiftleft) and iac-assessment (which scans terraform template) [TO DO: deploy the containerized webapp].
The jobs are sequential: code-scan will fail. Comment the needs: lines in .github/workflows/main.yml to run the jobs simultaneously.